Server Setup

Servers

Servers are machines whose purpose is to provide a service or content over a network. They are typically administered remotely and only connect physically to power and a network. They "serve" content or services using software daemons. Their natural habitat is the datacenter, where they live in racks to survive off electricity and network data. While they are not able to reproduce, they have no natural predators, so their population is stable. Some breeds of server can be found in network/data closets where they live in a business. Fewer are still kept in captivity in private homes. Virtual servers are servers that are run under an emulator or hypervisor to provide a server-like environment using a software envelope which may be augmented with hardware support.

Finding a server to use

For small projects and little experiments, there are some no cost options you can try!

GitHub - cloudcommunity/Cloud-Free-Tier-Comparison: Comparing the free tier offers of the major cloud providers like AWS, Azure, GCP, Oracle etc.GitHub

Renting Virtual Private Servers

A virtual private server, also known as a VPS, acts as an isolated, virtual environment on a physical server, which is owned and operated by a cloud or web hosting provider.

Procuring your own hardware

You can use anything as your server!
- Old Laptops
- Cheap NAS
- Single Board Computers (Raspberry Pi)
- Second-hand mini-pcs

We'll assume you have somehow gotten a server to work with, or if you're following the workshop, you should have something to work with already! The following guide will assuming your server is running Ubuntu, an operating system commonly found in servers.

Setting up your server

Get a username and password to your server, and SSH with a client:
- Terminal on MacOS
- Windows Terminal or PuTTy on Windows
- Any shell on Linux

ssh root:<ip-address>

You will be prompted for a password.

If you are using Ghostty, run this command as well:

infocmp -x xterm-ghostty | ssh <username>@<ip-address> tic -x -

Updating Packages

sudo apt update && sudo apt upgrade

Creating a new user, and disabling root

This is important if you are logged into your server as root. As root is a common username, there will be people enumerating through common usernames on every possible IP address just to try their luck and compromise servers.

useradd -m -d /home/<username> -s /bin/bash <username> # Add user
usermod -a -G sudo,adm <username> # Give permissions
sudo passwd <username> # To create a password for the user

You might need to add the keyword sudo before all these commands. sudo basically allows us to run with superuser privileges.

Setting up SSH Keys

What exactly are keys?

Keys are a secure way to log into remote computers without using passwords. Here's a simple explanation:

SSH keys come in pairs: a public key and a private key
The public key is like a padlock that you put on the remote server
The private key is like the key to that padlock, which you keep on your local computer
When you try to log in, your computer uses the private key to prove it can "unlock" the padlock
If successful, the server lets you in without asking for a password

This method is more secure than passwords because:

The private key never leaves your computer
It's extremely difficult for someone to guess or crack your key
Even if someone intercepts your login attempt, they can't see your private key

By using SSH keys, you can log in quickly and securely without typing a password each time.

Setting up your own SSH Keys

While some service providers have a webshell, it’s much nicer (and less laggy) to work in your own terminal, and it familarises you for other services too!

1) On your local terminal (NOT in SSH)

ssh-keygen -t ed25519
- Press enter for the defaults, and note the file that you saved the key in.
- Take note of the path/to/ssh/key , we'll need it later!
ssh-copy-id <username>@<ip-address>
- If you configured your own path to install the key, run: ssh-copy-id -i path/to/ssh/key <username>@<ip-address>

You should see a confirmation message: Number of key(s) added: 1

Now, you should be able to get a shell in your server, without any passwords!

2) On the Server

You should now be able to go to vim /home/<username>/.ssh/authorized_keys, to see the authorized keys

SSH Hardening (Restricting Root + PasswordAuthentication)

sudo vim /etc/ssh/sshd_config
Set PermitRootLogin to prohibit-password
Set PasswordAuthentication to no, so that we disable password login
Save and exit (:wq in vim)
We remove default DigitalOcean configurations using rm -r /etc/ssh/sshd_config.d/
- 🚨⚠️ Note that you will have no way of recovering into this server without your key.
Then, restart ssh sudo systemctl restart ssh

Quality of Life: Disable Sudo Password

sudo visudo
At the end of the file, add: <username> ALL=(ALL) NOPASSWD:ALL

Note the security implication: anything with user-level access, can make system-wide changes without your password.

Quality of Life: SSH Config (On local)

sudo vim ~/.ssh/config

In the config file, add the following:

Host <hostname>
    HostName <ip-address>
    User <username>
    IdentityFile <path-to-ssh-key>

Not familiar with the terminal/shell? Check out a quick introduction here:

https://wiki.nushackers.org/hackers-toolbox/beginners-guide-to-the-terminal/introduction-to-the-terminal#the-shell-prompt

PreviousHands On Self-Hosting NextFirewalls and Security

Last updated 1 hour ago

hashtagServers

hashtagFinding a server to use

hashtagRenting Virtual Private Servers

hashtagProcuring your own hardware

hashtagSetting up your server

hashtagUpdating Packages

hashtagCreating a new user, and disabling root

hashtagSetting up SSH Keys

hashtagWhat exactly are keys?

hashtagSetting up your own SSH Keys

hashtag1) On your local terminal (NOT in SSH)

hashtag2) On the Server

hashtagSSH Hardening (Restricting Root + PasswordAuthentication)

hashtagQuality of Life: Disable Sudo Password

hashtagQuality of Life: SSH Config (On local)