How to install your own Ubuntu 20.04 Linux server | Part 4 of 10

linux hetzner cloud virtual server tutorial

In Part 4 of the tutorial we'll establish ssh keys, add a new sudo user as owner of ssh service and deactivate the root user.

It's recommended that you have read the previous steps of this course. You'll find the overview at the end of this blogpost.

Course ingredients:

6. Create and establish ssh keys

First you want to generate an ssh key pair. On your Mac in your local terminal type:

ssh-keygen -o -t rsa -b 4096 -C "email@example.com"


It creates a key encrypted by RSA (cryptosystem) with a length of 4096 Bit, almost impossible to hack with brute-force attacks.

-o -> The -o option instructs ssh-keygen to store the private key in the new OpenSSH format. It has an increased resistance to brute-force password hacking.
-t -> Selects the algorithm.
-b -> Selects the key size.
-C -> Is an optional way to comment or label your SSH keys with an email or some label of your choice.

Confirm suggested path with enter when asked: “Enter file in which to save the key”.
Do not enter a passphrase, just confirm with enter, twice.

4_6_01-JohnDevRebel_Blog-install-linux-ubuntu-20_04-tutorial-ssh-keypair
4_6_02-JohnDevRebel_Blog-install-linux-ubuntu-20_04-tutorial-ssh-keypair

Copy public ssh key to remote server:

cat ~/.ssh/id_rsa.pub | ssh user@123.456.789.012 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >>  ~/.ssh/authorized_keys"



In my case:

cat ~/.ssh/id_rsa_mynewserver.pub | ssh root@162.55.180.33 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >>  ~/.ssh/authorized_keys"



Are you sure you want to continue connecting (yes/no)? Answer with: yes

4_6_03-JohnDevRebel_Blog-install-linux-ubuntu-20_04-tutorial-ssh-keypair

Add keys to local .ssh/config and Mac keychain:

nano .ssh/config



4_6_05-JohnDevRebel_Blog-install-linux-ubuntu-20_04-tutorial-ssh-config

Host *
UseKeychain yes
AddKeysToAgent yes
IdentityFile /Users/nrdm/.ssh/id_rsa_mynewserver

# --- Hetzner Cloud Virtual Server mynewserver ---
Host mynewserver
HostName 162.55.180.33
User root
PreferredAuthentications publickey
IdentityFile /Users/nrdm/.ssh/id_rsa_mynewserver
# ----------------------------

4_6_06-JohnDevRebel_Blog-install-linux-ubuntu-20_04-tutorial-ssh-config

Restart Mac to permanently add key to Agent.

Log into your remote server via ssh:

ssh root@123.456.789.012



You won't need a password anymore.

4_6_07-JohnDevRebel_Blog-install-linux-ubuntu-20_04-tutorial-ssh-login

7. Create new sudo user on remote server

Log into your remote server via ssh (see step 3 of this tutorial).

adduser new_sudo_user


or

useradd -m -d /home/new_sudo_user/ -s /bin/bash -G sudo new_sudo_user


-m creates the home directory if it does not exist.
-d overrides the default home directory location.
-s sets the login shell for the user.
-G expects a comma-separated list of groups that the user should belong to.

Type in a password, then full name, leave everything else empty and confirm with Yes.

Check for all users on the system:

ls /home


Alternatively check to see name, gid and groups created:

id new_sudo_user



Add user to sudo service:

usermod -aG sudo new_sudo_user



Check to see sudo created:

id new_sudo_user



Go to userdirectory:

cd /home/new_sudo_user/



Create folder .ssh:

mkdir .ssh



Change directory:

cd .ssh



create file authorized_keys:

touch authorized_keys



List:

ls



Open file as sudo in nano text editor:

sudo nano authorized_keys



Open second terminal and show public key on local host:

cat .ssh/id_rsa.pub



Mark and copy key with cmd + c On remote host paste key into the file nano authorized_keys. Save and close nano: ctrl + o, press enter, ctrl + x You should see the public key in the terminal:

cat authorized_keys



4_7_01-JohnDevRebel_Blog-install-linux-ubuntu-20_04-tutorial-sudo-user

8. Deactivate root user

Avoid Brute Force Attacks by deactivating the root user.
On remote server:

sudo nano /etc/ssh/sshd_config


Edit PermitRootLogin yes to PermitRootLogin no Edit PasswordAuthentication yes to PasswordAuthentication no
Save and close nano: ctrl + o, press enter, ctrl + x
Reload sshd service:

sudo systemctl reload sshd


4_8_01-JohnDevRebel_Blog-install-linux-ubuntu-20_04-tutorial-no-root-user

9. Make sudo user owner of ssh service

On remote server go to home directory:

cd ~



List content of directory:

ls -la



You should see a line similar to this one: drwxr-xr-x 2 root root 4096 Sep 6 09:26 .ssh
Make sudo user owner of .ssh:

sudo chown -R new_sudo_user:new_sudo_user .ssh



List folder content:

ls -la



You should see a line similar to this one: drwxr-xr-x 2 new_user new_user 4096 Sep 6 09:28 .ssh

Now new_sudo_user has become owner of ssh service.

4_9_01-JohnDevRebel_Blog-install-linux-ubuntu-20_04-tutorial-own-ssh

Check your new user login:
4_9_02-JohnDevRebel_Blog-install-linux-ubuntu-20_04-tutorial-ssh-login

The Course Syllable:

22.05.2021 – Part 1

  1. Introduction & reasoning

29.05.2021 – Part 2

  1. Create Hetzner Cloud Server
  2. Connect to Server

05.06.2021 – Part 3

  1. Update and upgrade Ubuntu installation and install apache2
  2. Install PHP

12.06.2021 – Part 4

  1. Establish ssh keys
  2. Add new sudo user
  3. Deactivate root user
  4. Make new sudo user owner of ssh service

19.06.2021 – Part 5

  1. Buy Domain and point it to Hetzner Server
  2. Create Virtual Host for domain

26.06.2021 – Part 6

  1. Get free Let's Encrypt SSL certificates
  2. Request certificate, active https and force SSL

03.07.2021 – Part 7

  1. Install Git on Remote Server
  2. Create CI/CD user and ssh keys for Gitlab on Remote Server

10.07.2021 – Part 8

  1. Create Gitlab Repository
  2. Establish ssh keys and configure CI/CD

17.07.2021 – Part 9

  1. Install MySQL
  2. Install phpMyAdmin

24.07.2021 – Part 10

  1. Summary of project development workflow
  2. I'll be back – The course update log

See you next week for more

Johnnie

Previous Post Next Post

This site uses cookies to store information on your computer. Some of these cookies are essential, while others help us to improve your experience by providing insights into how the site is being used. ×
Necessary Cookies

Necessary cookies enable core functionality such as page navigation and access to secure areas. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.

Analytical Cookies

Analytical cookies help us to improve our website by collecting and reporting information on its usage.

Marketing cookies

We use marketing cookies to help us improve the relevancy of advertising campaigns you receive.

Save