setup server – secure snippets

  1. Create user dev
  2. Change ssh port
  3. Install ssh key for dev
  4. Remove passwords for root/dev
  5. Install ufw/sshguard/fail2ban
  6. Setup ufw rules

# install as root packages
apt-get install ufw sshguard fail2ban


# creating user dev
adduser dev

# change  ssh port - look for '22'
mc -e /etc/ssh/sshd_config
# restart - now you will be able login with parameter -P XXX
/etc/init.d/ssh restart

#put your id_rsa.pub
cat > .ssh/authorized_keys

#create your user as allowed to switch to root
echo "dev ALL=NOPASSWD:ALL" >> /etc/sudoers


# clear passwords
passwd -l root 
passwd -l dev

# change hostname
# now you will see a more friendly server name after login
mc -e /etc/hostname
/etc/init.d/hostname.sh


# install sshguard
iptables -N sshguard
ip6tables -N sshguard
iptables -A INPUT -j sshguard
ip6tables -A INPUT -j sshguard

# enable ports by ufw
# by default ufw block everything
sudo ufw allow 10022 # changed port
sudo ufw allow 80 # enable www port

# or allow specify IP for ssh
sudo ufw allow from 55.55.55.55 to any port 10022