After you setup your server on Linode, the default SSH Access to Linode is using password authentication using root
account.
ssh root@SERVER_IP
NOTE: Digital Ocean has an option to SSH Key-pair
Create User
Create a new user (will use this user in the future instead of root
).
adduser ln-user
Add user to sudo
group for admin privileges.
adduser ln-user sudo
Setup SSH Key-pair for login authentication
Most documentation will recommend using ssh-keygen -b 4096
to create the key-pair at ls ~/.ssh/id_rsa*
.
I have multiple servers, and I prefer to use different key-pair for each server. I usually create my key-pair in a specific local directory and backup these files.
Run the following command on your local machine (not server).
NOTE: Technically if you local machine is Windows, you can run it on the Ubuntu server and download the files to your local machine.
ssh-keygen -b 4096 -f KEY_FILE_NAME
Install public key with ssh-copy-id
Install the public key to server.
NOTE: Run this on your local machine.
ssh-copy-id -i KEY_FILE_NAME ln-user@SERVER_IP
Install public key manually
If you don't have access to ssh-copy-id
, you can manually install the key. Copy the content of the public key
cat KEY_FILE_NAME.pub
NOTE: content should be something like ssh-rsa AAAAB3...
.
SSH to the server and create ~/.ssh
directory.
ssh ln-user@SERVER_IPmkdir ~/.sshchmod 0700 ~/.ssh
Paste the content of public key to ~/.ssh/authorized_keys
.
nano ~/.ssh/authorized_keys
Restrict the permission.
chmod 0600 ~/.ssh/authorized_keys
Edit SSH Configuration
Edit /etc/ssh/sshd_config
(on the server).
sudo nano /etc/ssh/sshd_config
Disable root login over SSH
PermitRootLogin no
Disable SSH password authentication
PasswordAuthentication no
Allow ln-user
only.
AllowUsers ln-user
Reload SSH service.
sudo systemctl reload sshd
NOTE: Careful about misconfiguration and permanently unable to SSH into the server.
Test login using ssh key-pair
ssh -i KEY_FILE_NAME ln-user@SERVER_IP
Setup Firewall
Enable firewall
sudo ufw enable
List of application which have a ufw profile (e.g. OpenSSH, Nginx Full, etc.), usually installed application which require listening on certain port.
sudo ufw app list
Enable SSH access.
sudo ufw allow OpenSSH
Check status
sudo ufw status
Update Ubuntu
sudo apt-get update && sudo apt-get upgrade
NOTE: Might need to run sudo apt-get dist-upgrade
as well, refer to install ubuntu update.
NOTE: You could look into automatic updates as well.
References: