Initial server setup: Ubuntu Trusty 64

Initial server setup: Ubuntu Trusty 64

Ubuntu Trusty is great.

I personally prefer Debian-based systems over RHEL, since they use more recent versions of lots of software I care about, and are super-easy to upgrade.

Compared to Debian, on Ubuntu things seems to just work out of the box a little more often, and Trusty is a LTR (long term release) that came out just a couple of months ago.

So, there you go.

Changing ports

You could change which ports a few things use, but keeping the defaults makes my life easier with other software that is set to use default ports, so I personally don’t change them.

SSH access

Disable root login

I do disable being able to log in as root, but don’t specify which users are allowed to login. I just create a new user, make it a sodoer, and never use root ever again.

adduser <USERNAME>

Add your user to the sudoers file:

visudo

Disallow root login:

nano /etc/ssh/sshd_config
PermitRootLogin no

Reload SSH:

service ssh restart

Logout and login as new user.

Add public key

I always add my public key to ~/.ssh/authorized_keys, so that I don’t need to enter a password to access the machine.

If needed, to generate a new public/private key pair run this on your local machine:

ssh-keygen

The exact location depends on your OS, but you should get a file called id_rsa.pub inside a directory called .ssh in your home folder (ex., ~/.ssh/id_rsa.pub). You can append its contents to authorized_keys (on the remote machine):

mkdir /home/<USERNAME>/.ssh
nano /home/<USERNAME>/.ssh/authorized_keys

If it worked, you can log out and back in and it shouldn’t ask for a password.

Now I would probably make sure all the software is up to date:

sudo apt-get update && sudo apt-get dist-upgrade

Timezone

Since you might have servers in different datacenters and software that relies on timestamps, it’s paramount to make sure they’re all set to use the same timezone. If you have one server, it’s always go to know this setting is correct. I personally use UTC.

sudo dpkg-reconfigure tzdata

To keep it synchronized, ntp should be enough:

sudo apt-get install ntp -y

Install some stuff

On my machine, a few packages that I like or often need weren’t installed by default:

sudo apt-get install locate tree curl git unzip make sendmail -y

Extras

Better nano syntax highlighting

nano is great, but the syntax highlighting files could be better, and it really bothers me that it’s not enabled for certain files (YAML is one I’d edit often).

Although unmaintained, I love this project and it still works: https://github.com/nanorc/nanorc. It installs bunch of nanorc files that will make everything look better and add highlighting for lots of languages where is normally unavailable.

Installing is easy:

cd
git clone https://github.com/nanorc/nanorc.git && cd nanorc
make install
echo 'include ~/.nano/syntax/ALL.nanorc' >> ~/.nanorc
rm -v -r -f ~/nanorc/

Done!

Leave a Reply

Your email address will not be published. Required fields are marked *