If you start running a new server you have some simple and basic stuff to do every time. Here is a short checklist for the really beginning.


Server Access / SSH Configuration

  • Login as root-user via SSH
  • Create a new user using adduser username (don’t use useradd in Ubuntu/Debian, otherwise eg. your home directory is missing!)
  • Add the new user to the sudoers: [root@remotehost~]#  echo ‚username ALL=(ALL) ALL‘ >> /etc/sudoers
  • Enable certificate login for the new user: [me@localhost~]$  ssh-copy-id -i ~/.ssh/id_rsa.pub username@remotehost
  • Disable password login for root user: [username@remote~]$  vi /etc/ssh/sshd_config
    • edit the line #PermitRootLogin yes to PermitRootLogin no
    • restart ssh daemon: /etc/init.d/sshd restart or service ssh restart
  • Optional disable password login for your user (be sure you’ve got good backups of your ssh keys!).
  • Install Unattended Upgrades to make Debian/Ubuntu do automatic updates every day
    • Make sure to enable (/comment out) the stable package ressources in /etc/apt/apt.conf.d/50unattended-upgrades
    • I’d suggest only comment out packages from the  proposed-updates: „o=Debian,a=proposed-updates“;


Of course you can and should do a lot more, but this should just be a short checklist about strengthen the access-control of your server.