![Linux ubuntux](/sites/default/files/styles/blog_teaser/public/2024-04/Linux-ubuntu_0.png?itok=RrmsKvtF)
Conectar con el servidor como usuario root via ssh:
$ ssh root@your_server_ip
Create a new system User
If you only have root user and dont already have a system user created by your IAAS service provider:
$ adduser sammy
Add sudo privileges, add user to sudo group
$ usermod -aG sudo sammy
Set Linux Firewall
List fw rules
$ ufw app list
Allow ssh before enabling firewall, in order to keep session open:
$ ufw allow OpenSSH
or
$ sudo ufw allow 22
Some popular services have a keyword to identify it, besides their port number:
Enable firewall
$ ufw enable
Check for current firewall status:
$ ufw status
Allow http requests
$ ufw allow http
or
$ sudo ufw allow 80
sudo ufw allow "Nginx HTTPS"
sudo ufw delete allow "Nginx Full"
Allow http Secure connections
$ ufw allow https
or
$ sudo ufw allow 443
Copy ssh key to server
$ rsync --archive --chown=sammy:sammy ~/.ssh /home/sammy
Or do it manually:
$ cd /home/x7ian
$ mkdir ~/.ssh && touch ~/.ssh/authorized_key
equivalent to
$ mkdir .ssh
$ vim authorized_keys
Then Copy key manually in authorized_keys and save.
Then Copy key manually and save.
Connect to server via ssh
Now you can test the connection with the new user via ssh:
$ ssh sammy@server_ip
Once you check that the connection is working, you can go on disallowing root login and password authetication.
Disallow root login
Edit the sshd_config file:
$ sudo vim /etc/sshd_config
Find the next line and change it from PermitRootLogin yes
to PermitRootLogin no
:
PermitRootLogin no
Reiniciar el servicio ssh:
$ sudo service ssh restart
Done, the server is secured and ready to work.
Crear un archivo swap
Un archivo swap mejorara considerablemente la estabilidad y el performance del sistema.
$ sudo fallocate -l 1G /swapfile
$ sudo chmod 600 /swapfile
$ sudo mkswap /swapfile
$ sudo swapon /swapfile