I tend to use Dediserve for my VPS solutions, and anytime I create a new box with them,
I generally build it the same way. Most of the steps I’ve picked up along the way,
or referenced from various sources likes blogs and forums.
What follows is my usual workflow on a fresh CentOS 5.5 image. Your mileage may vary, but this
should be handy as a guide.
Using the Dediserve client area, I usually choose a blank CentOS 5.5 image for provisioning.
When the box is ready, the client area will provide you with the initial root login and IP address.
First thing to do is login, change the root password and set yourself up with a regular user account.
$: ssh email@example.com
Run the following command to change the root password to something more secure
Once you’ve changed the root password, we’ll go and set the ‘wheel’ group to handle all sudo users
and uncomment out the lines that looks likes this
## Allows people in group wheel to run all commands # %wheel ALL=(ALL) ALL
Now go ahead and set yourself up a regular user account and add them to the ‘wheel’ usergroup.
$: /usr/bin/adduser gary ... ... ... ... $: /usr/bin/usermod -a -G wheel gary
Public key and SSH permissions
Your public key resides in your ~/.ssh directory (assuming your on Linux that is; I’m sure Mac’s are probably similar)
so we need to push that up the server. I like using SCP as it’s nice and simple so just issue the following command
$: scp ~/.ssh/id_rsa.pub firstname.lastname@example.org:
As you can see, it’s simply scp FILE-TO-COPY USER@SERVER:
On the server, then you can simply move that file to the correct location. To do so, you may need to create a .ssh directory
$: mkdir ~gary/.ssh && mv ~gary/id_rsa.pub ~gary/.ssh/authorized_keys
That will create the .ssh directory and move the public key you uploaded to the correct location.
Finally, configure up SSH as you please
$: vim /etc/ssh/shd_config
I usually, change the port and disallow root login but you can additionally set the authorized users and opt for a
Next up, basic firewall.
Basic firewall and protection
I’m no expert on iptables, but came across the following on somewhere like Stackoverflow and stuck with it.
First, flush the existing setup
$: iptables -F
Next, create a file for the rules
$: touch /etc/iptables.up.rules
Copy the following and save it to the above file
*filter -A INPUT -i lo -j ACCEPT -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A OUTPUT -j ACCEPT -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m state --state NEW --dport 30000 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT
Make the changes permanent
$: /sbin/iptables-restore < /etc/iptables.up.rules $: /sbin/service iptables save
Finally, reload ssh, and verify you can login as your new user
$: /etc/init.d/sshd reload
Depending on what the box is for, my steps sometimes vary, but assuming you just want a server
to do some development on or the likes of that, the above steps should have you on your way.