Linode/Setup

From neuromatch
Revision as of 23:40, 25 November 2022 by Jonny (talk | contribs)

Assuming you have made a Linode with Debian 11.

User accounts

  • Make user accounts. (You can do this as many times as you want to add more users.)
adduser \
   --system \
   --shell /bin/bash \
   --gecos 'User Description If u want' \
   --group \
   --home /home/USERNAME \
   USERNAME
  • Add user to sudo group (if needed)
usermod -aG sudo USERNAME

Security (only need to do this at setup)

Add cryptographic public keys for user authentication

  • RSA keys (has known vulnerabilities)
  • ed25519 keys (better alternative: faster, more secure, resilient against hash-function collision attacks, shorter)

Configure sshd

  • Disable password login
  • Disable root login
  • Restart ssh otherwise the changes to sshd don't take effect!
    service ssh restart

Fail2Ban

Install: 

apt install fail2ban

Configuration

Editing /etc/fail2ban/jail.local, using the defaults from Mastodon/Setup 

[DEFAULT]
destemail = your@email.here
sendername = Fail2Ban

[sshd]
enabled = true
port = 22

[sshd-ddos]
enabled = true
port = 22

Then restart the service 

systemctl restart fail2ban

Setting up an SMTP server

By default, Linode disables SMTP ports 587 etc. This requires a manual human-facing support ticket to remove. (Done by @Jonny on Nov 25 2022)

Retrieved from "https://wiki.neuromatch.social/index.php?title=Linode/Setup&oldid=48"