Basic server settings

Basic server settings

Set the timezone to Europe/Berlin:

 dpkg-reconfigure tzdata

Disable root and use sudo

Create sudo superuser. The group ‘upravitelj’ will be created too, and we will add this user to ‘sudo’ group

# we sure need a package
apt-get install sudo

# add a user without password
adduser --disabled-password --gecos "Vladan Colovic,eTaktiker,+381-63-208165,+381-63-208165" upravitelj

# set him a password
echo 'upravitelj:<UPRAVITELJ-PASS>' | chpasswd

# let it be a sudoer
adduser upravitelj sudo

Exit and relogin as a new user.

Now disable root account - delete + lock the password for root account:

sudo passwd --delete --lock root

By default sudo remembers your password for 15 minutes.

Change SSH port

SSH port: 22 to 22111

sed -i -e 's/^.*\(Port\)\W\+[22].*$/\1 22111/gi' /etc/ssh/sshd_config
service ssh restart

SSH Public-Key Authentication

Copy my public key to your home directory on remote server:

scp -P 22111 ~/.ssh/ upravitelj@etaktiker.ex40:~

Then log in to the remote server:

ssh upravitelj@etaktiker.ex40 -p 22111
mkdir ~/.ssh

# append a key to a authorised_keys file
cp ~/.ssh/authorized_keys ~/.ssh/authorized_keys.backup
cat ~/ >> ~/.ssh/authorized_keys

# now I can delete a file
rm -f ~/

Configure Windows client for easier connect:

set F="%HOMEDRIVE%%HOMEPATH%\.ssh\config"

echo. >> %F%
echo Host etaktiker.ex40 >> %F%
echo     HostName >> %F%
echo     User upravitelj >> %F%
echo     Port 22111 >> %F%
echo     IdentityFile "~/.ssh/id_rsa" >> %F%
echo     IdentitiesOnly yes >> %F%

This is it. Check that you can login with keys, and disable password login after that.

ssh etaktiker.ex40

Disable SSH Password Authentication for added security

Edit sudo nano /etc/ssh/sshd_config and these must be set as following:

ChallengeResponseAuthentication no
PasswordAuthentication no

Reload SSH server configuration:

sudo service ssh reload

SSH Welcome Message & Banner

MOTD (Message Of The Day) is displayed after the user has logged in:

sudo su -

echo '

    eTaktiker GmbH - This system is for authorized users  only. All activity
    is logged. Any illegal service or attempt to take down this server or
    any of its services will be reported to the law enforcement.

' >/etc/motd

This is shown in the middle of username and password input, when login:

echo '

    Welcome to eTaktiker remote login system

' >/etc/ssh/sshd-banner

sed -ri 's/^\#Banner.*$/Banner \/etc\/ssh\/sshd-banner/gi' /etc/ssh/sshd_config

Shell tweaks

~/.bashrc is for non-login interactive shells. Login shells source ~/.bash_profile (or ~/.bash_login or ~/.profile).

Sourcing ~/.bashrc in any of those files for login shell will allow you to have common settings. It is usually already sourced in ~/.profile, which I can discover by typing:

grep ".bashrc" /etc/profile ~/.bash_profile ~/.bash_login ~/.profile

That sourcing of startup files is perfectly explained here. Note that environment variables in crontab are not sourced from anywhere (see comment).

Set permanent aliases:

echo '

# my aliases list

alias ls="ls -a --color=tty"                # always show all files, and always color them
alias ll='ls -l --color=tty'
alias disku="du -s * | sort -rn | head"     # it pops out the top 10 biggest files or directories in your current working directory

alias ..="cd .."                            # very simple
alias ...="cd ../.."
alias ....="cd ../../.."

alias cdw="cd /var/www"
alias cdl="cd /var/log"

alias ff="find . -name"                     # often needed
alias more="less"
alias h="history"
alias tf="tail -f"

' >> ~/.bashrc
cat <<'EOF' >> ~/.bashrc

# ensure that typing (*) includes hidden (.*) files
shopt -s dotglob


But my ~/.bashrc was not executing so I wanted to include it:

echo "[[ -f ~/.bashrc ]] && . ~/.bashrc" >>~/.bash_profile
date 01. Jan 0001 | modified 29. Dec 2023
filename: Server - Basic Settings