💾 Archived View for the.teabag.ninja › akkoma › linode captured on 2024-05-26 at 14:43:21. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-09-08)

-=-=-=-=-=-=-

Creating the host server on Linode for Akkoma

2022-11-25

I looked around for something local to me, and found Linode does a $5USD/month Shared CPU 1GB RAM VPS.

https://www.linode.com

I made an account unfortunately before realising I should have used the link from Late Night Linux so I didn't get the $100 credit, assuming it's still a thing. No matter though, as I was only going to use $5 of it.

Do give them a listen, if Linux podcasts are your thing.

So, I created my account, added a credit card, then once logged into after verfying email etc. I then went to "Linodes" on left menu and then *Create Linode*

cloud.linode.com

create_linode.jpg

This brings up a new page where you select what you want:

- Choose Distribution: Debian 11

- Linode Plan: The second tab along is Shared CPU, which are super cheap. Nanode 1GB is a great start for trying this out and is what I use with multiple users.

- Linode Label: Give your server a name for the Admin Panel in Linode. I entered the domain I will be using, to make it obvious for myself if I end up with more than one.

- Root Password: make a password for root user. I generate long strings in KeepassXC and save there.

- SSH Keys: I am on a windows machine, however this is pretty simple. See below

- Attach a VLAN: leave, not needed

- Add-ons: Backups would be a smart idea.

Check the summary of your Linode, then click *Create Linode*

Create Linode Summary sceenshot

Point your Domain to your Linode.

I should have done this sooner to allow time for DNS propogation - which is why I am suggesting you do it now.

Go into the DNS settings of your domain providor, and create a new A-Record.

The entry you need to put in will be the IPv4 address of your shiny new Linode VPS. You can see this by going to cloud.linode.com

You can also do the same for IPv6 using the AAAA-Record IP which you can get by clicking into the VPS to show more info.

---

SSH Keygen (Windows)

Open start menu, then type `cmd`

Run `ssh-keygen` and give the output file a memorable name if needed (Or just *Enter* to use the default of id_rsa)

![screenshot showing the process described above](/cmd_sshkeygen.jpg)

This will output the public and private keys to a folder on Windows at `C:\Users\<username>\.ssh`

This will show a bunch of files. `id_rsa.pub` is the one we want to upload to Linode. Or `whatever-you-named-it.pub`

![screenshot of the folder containing id_rsa.pub and a couple of other files](/id_rsa.jpg)

---

To log in to your Linode now:

ssh root@server.ip

The first time you connect it will ask if you're sure, then store the fingerprint of the server so it knows you are always connecting to the same server. It does not ask for a password, as it uses the ssh key we uploaded when creating the server.

Once in, you can update the software package repositories

apt udpate

And then upgrade the system

apt full-upgrade -y

---

Harden your server a little bit

Optional, but recommended.

<br/>This can be done later if need be... but you should really just do it now and get it out of the way.

Install fail2ban...

...so that multiple failed logins lock that IP out.

Make sure system is updated, then install:

apt install fail2ban

Then start the service

systemctl start fail2ban

And enable the service to run at startup, so it comes back up when rebooting

systemctl enable fail2ban

Create a non-root user for login, and change the ssh port

This is so if someone manages to get into your server, they do not have root. Also the port being a non-standard port for ssh means the likelyhood of that actually happening is lower. If you like, it may be a good idea to do a manual snapshot in cloud.linode.com in case you screw up and can't log in.

Do all of the following while logged in as root.

Create a new user, where `<user>` is a username of your choosing:

adduser <user> 

Set a long pasword - ideally using a password manager to create a random string or phrase so it can't be easily worked out or guessed. You can leave the other entries blank and just *Enter* through them (Name, Room, etc).

You then need to add your public ssh key from earlier, to the user you just created.

mkdir /home/<user>/.ssh
chmod 700 /home/<user>/.ssh
cp /root/.ssh/authorized_keys /home/<user>/.ssh/authorized_keys
chmod 600 /home/<user>/.ssh/authorized_keys
chown -R <user>:<user> /home/<user>/.ssh

Now edit the ssh config

nano /etc/ssh/sshd_config

Where it says `#Port 22` insert another line above or below saying `Port 55555` (or whatever port you want to use)

Down a bit further in the config it says `PermitRootLogin` change the `yes` to `no`

Then add `AllowUsers <user>` at the top or bottom of that block - or anywhere. The end... or where ever.

Then do the following to restart the ssh service and apply the settings.

systemctl restart sshd

Leave the current session open, and start another terminal on your machine (eg. another cmd.exe) and attempt to login as described below before you close the other one - this is so you can recify any mistakes if it does not work.

How to log in as the user on a different port, then drop to root:

Open cmd.exe or Powershell (assuming Windows), and enter the following substituting port/username/IP to suit:

ssh -p 55555 <user>@server.ip

Then once in, drop to root using `su -` and enter the root password. (and no, the curser does not move when entering passwords)

Updating Debian

I currently manually do this every week(ish) to make sure I have security updates etc for my system. I really need to automate it with cron probably. I will update here when I get around to it...