So I was shopping for a VPS over the past week and decided that Linode would be a good choice. My deciding factor? Check out the benchmarks here by Eivind Uggedal (Thanks btw).
So anyway, here’s a summary:
Getting Started with Linode
Now, basically, you’ll want to follow the Getting Started with Linode guide… for me, just setup your default settings, and connect to the server through SSH.
Once in, you’ll want to secure your system. We’ll do an upgrade.
Now, create your user, change the password, and add it as a sudoer.
# visudo uses nano or vi as the editor depending on your environment, normally it's nano on the first try
# In case you aren't familiar with these, just use your favorite text editor and edit /etc/sudoers
Look for the line:
And add the following line below it:
Oh and btw, change john to whatever username you wish.
This is the most important. Brute force attackers will hit the port 22 first and run common usernames and passwords against. If they detect that port 22 is not open, they’ll just give up on your IP, and move on to the next. So this is very, VERY important. I make mine listen to… just kidding. I’m not telling you of course. Anyway, to change the port, edit /etc/ssh/sshd_config (Use whatever text editor you are comfortable with, mine’s VI):
Edit the following configurations:
Change listening port to whatever port you might want to listen to (E.G. 22123), and disallow root login (change it to no). Save your file, and restart your SSH service by running:
You just made your server 10-fold more secure.
So Ubuntu recommends ufw (Uncomplicated Firewall). This isn’t uncomplicated at all if you are used to iptables as you have to relearn the commands. No fear, it’s pretty simple. First up, let’s get it working:
# Next line is depending on the SSH port that you allowed, very, Very, VERY important! =)
sudo ufw allow 22123
# Next 2 lines is if you want HTTP/HTTPS, which you most probably will
sudo ufw allow 80
sudo ufw allow 443
That’s it. If you want to delete the rule again, just run:
And it’ll remove block the HTTP service.