Brief steps
This article helps you change the following items if your cloud provider didn't do that for you.
- Check disk information
- Delete other accounts.
- Create your own account instead of root.
- Disable password login and force to use SSH key to log in.
- Disable root account.
- Enable
sudo
without password. - Enable firewall.
- Ajust timezone.
- Enable BBR
Before starting the process, make sure you have a valid SSH key-pair locally.
You can run the following command on your dev box to generate a new SSH key-pair:
ssh-keygen
Check connection and OS
Fist, connect to the server. (With root password).
you@local
$ ssh root@server
Check the disk configuration:
sudo fdisk -l # Check connected disks.
sudo lsblk # Check disk mountings.
sudo df -Th # Check partition usage.
Check installed RAM:
sudo free -h
You can view other accounts via:
$ ls /home
$ cat /etc/passwd | grep -v nologin
Change hostname
Change computer name first:
sudo hostnamectl set-hostname aiursoftcn
Create a new user for you
Add a new user for you. (With password)
root@server
$ sudo adduser anduin
Adding user `anduin' ...
Adding new group `anduin' (1000) ...
Adding new user `anduin' (1000) with group `anduin' ...
Creating home directory `/home/anduin' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for anduin
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
Give the user root privilege.
root@server
$ usermod -aG sudo anduin
Test the new user's privilege.
root@server
$ su - anduin
anduin@server
$ sudo ls
[password]
Copy SSH public key
Back to your local machine. Copy the SSH public key to your server.
you@local
$ ssh-copy-id anduin@server
anduin@server's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'anduin@server'"
and check to make sure that only the key(s) you wanted were added.
And test if you can connect to it.
you@local
$ ssh anduin@server
Ensure SSH best practice
Now disable root sign in and password authentication.
anduin@server
$ sudo vim /etc/ssh/sshd_config
Change: PermitRootLogin
to no
to disable the root user login. And change PasswordAuthentication
to no
to prevent the password login.
(Dangerous, optional) Skip password for your acction
To skip password for your account, consider execute:
anduin@server
$ sudo visudo
And add the following line at the end of the file:
anduin ALL=(ALL) NOPASSWD:ALL
This might be dangerous that some other program running as you may also execute sudo
to get root permission.
Delete other users and reboot
Don't forget to delete the obsolete user if the provider created it. (Don't delete the root user)
anduin@server
$ sudo deluser default
Reboot the server.
anduin@server
$ sudo reboot
And now the server can only access from you and can not log it in through password or the root account.
Enable Firewall (Optional)
If you are using the cloud server provider's firewall, do open the following ports:
22 (For SSH management)
Your other business ports. Like 80, 443,
The configuration might looks like this:
If you are using firewall software like ufw, do the following practice:
$ sudo ufw allow 22
$ sudo ufw allow 80 # Your other business ports.
$ sudo ufw enable
Enable BBR (Optional)
Don't forget to enable BBR to speed up your server!
(Run the following command as root (You can run sudo bash
first))
#
enable_bbr_force()
{
echo "BBR not enabled. Enabling BBR..."
echo 'net.core.default_qdisc=fq' | tee -a /etc/sysctl.conf
echo 'net.ipv4.tcp_congestion_control=bbr' | tee -a /etc/sysctl.conf
sysctl -p
}
sysctl net.ipv4.tcp_available_congestion_control | grep -q bbr || enable_bbr_force
Change timezone
Finally, you can still do some further configuration. Like switching the timezone to UTC:
To switch to UTC, simply execute
$ sudo dpkg-reconfigure tzdata
Scroll to the bottom of the Continents list and select Etc
or None of the above
; in the second list, select UTC
. If you prefer GMT instead of UTC, it's just above UTC in that list.
Mount /tmp as RAM
You can use sudo df -Th
to verify if /tmp
folder is tmpfs
file system.
To mount /tmp
folder as tmpfs
file system, run the following command, then reboot.
(sudo cat /etc/fstab | grep -q /tmp) || (echo "Mouting tmp..." && echo "tmpfs /tmp tmpfs rw,nosuid,nodev" | sudo tee -a /etc/fstab)
Enable Auto update (Optional, dangerous)
If your server is a stateless server, or have proper backup, or you don't care about availbility, you can enable auto backup.
To enable that, first run the following command:
cd ~
touch update.sh
echo "sudo apt update && sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y && sudo apt autoremove -y && sudo reboot" > ./update.sh
chmod +x ./update.sh
After that, you may see an update.sh
file under your home folder.
You can configure that to run automatically.
Run:
crontab -e
Add this line (Update every day, UTC 0, China 8:00 am):
0 0 * * * /home/anduin/update.sh
Benchmark performance
To benchmark the CPU:
anduin@server
$ sudo apt install sysbench
$ sysbench cpu run --threads=64
Running on desktop? Don't forget these things!
If you need Chinese pinyin input, please reference here.
You can directly install ibus-libpinyin
and enable that in system settings and ibus-setup
.
For fun, meet your religious beliefs!
And, finally, as for fun, you can do this:
$ sudo apt install neofetch -y
$ neofetch
.-/+oossssoo+/-. anduin@NPill
`:+ssssssssssssssssss+:` ------------
-+ssssssssssssssssssyyssss+- OS: Ubuntu 20.04.4 LTS x86_64
.ossssssssssssssssssdMMMNysssso. Host: Virtual Machine Hyper-V UEFI Release v4.1
/ssssssssssshdmmNNmmyNMMMMhssssss/ Kernel: 5.15.0-1014-azure
+ssssssssshmydMMMMMMMNddddyssssssss+ Uptime: 3 days, 28 mins
/sssssssshNMMMyhhyyyyhmNMMMNhssssssss/ Packages: 793 (dpkg), 4 (snap)
.ssssssssdMMMNhsssssssssshNMMMdssssssss. Shell: bash 5.0.17
+sssshhhyNMMNyssssssssssssyNMMMysssssss+ Terminal: /dev/pts/0
ossyNMMMNyMMhsssssssssssssshmmmhssssssso CPU: Intel Xeon E5-2673 v4 (1) @ 2.294GHz
ossyNMMMNyMMhsssssssssssssshmmmhssssssso Memory: 349MiB / 905MiB
+sssshhhyNMMNyssssssssssssyNMMMysssssss+
.ssssssssdMMMNhsssssssssshNMMMdssssssss.
/sssssssshNMMMyhhyyyyhdNMMMNhssssssss/
+sssssssssdmydMMMMMMMMddddyssssssss+
/ssssssssssshdmNNNNmyNMMMMhssssss/
.ossssssssssssssssssdMMMNysssso.
-+sssssssssssssssssyyyssss+-
`:+ssssssssssssssssss+:`
.-/+oossssoo+/-.
anduin@NPill:~$
good