# Server Setup

## Servers

> Servers are machines whose purpose is to provide a service or content over a network. They are typically administered remotely and only connect physically to power and a network. They "serve" content or services using software daemons. Their natural habitat is the datacenter, where they live in racks to survive off electricity and network data. While they are not able to reproduce, they have no natural predators, so their population is stable. Some breeds of server can be found in network/data closets where they live in a business. Fewer are still kept in captivity in private homes. Virtual servers are servers that are run under an emulator or hypervisor to provide a server-like environment using a software envelope which may be augmented with hardware support.

## Finding a server to use

For small projects and little experiments, there are some no cost options you can try!

{% embed url="<https://github.com/cloudcommunity/Cloud-Free-Tier-Comparison>" %}

### Renting Virtual Private Servers

A virtual private server, also known as a VPS, acts as an isolated, virtual environment on a physical server, which is owned and operated by a cloud or web hosting provider.

### Procuring your own hardware

* You can use anything as your server!
  * Old Laptops
  * Cheap NAS
  * Single Board Computers (Raspberry Pi)
  * Second-hand mini-pcs

We'll assume you have somehow gotten a server to work with, or if you're following the workshop, you should have something to work with already! The following guide will assuming your server is running **Ubuntu**, an operating system commonly found in servers.

***

## Setting up your server \[Run on your local computer]

* Get a username and password to your server, and SSH with a client:
  * Terminal on MacOS
  * Windows Terminal or PuTTy on Windows
  * Any shell on Linux

```
ssh root:<ip-address>
```

You will be prompted for a password.

If you are using Ghostty, run this command (on your local computer) as well:&#x20;

`infocmp -x xterm-ghostty | ssh <username>@<ip-address> tic -x -`

***

## Updating Packages

```shellscript
sudo apt update && sudo apt upgrade
```

***

### Creating a new user, and disabling root

This is important if you are logged into your server as **root.** As root is a common username, there will be people enumerating through common usernames on every possible IP address just to try their luck and compromise servers.&#x20;

```shellscript
useradd -m -d /home/<username> -s /bin/bash <username> # Add user
usermod -a -G sudo,adm <username> # Give permissions
sudo passwd <username> # To create a password for the user
```

{% hint style="info" %}
You might need to add the keyword `sudo` before all these commands. `sudo` basically allows us to run with superuser privileges.
{% endhint %}

***

## Setting up SSH Keys

#### What exactly are keys?

Keys are a secure way to log into remote computers without using passwords. Here's a simple explanation:

* SSH keys come in pairs: a public key and a private key
* The public key is like a padlock that you put on the remote server
* The private key is like the key to that padlock, which you keep on your local computer
* When you try to log in, your computer uses the private key to prove it can "unlock" the padlock
* If successful, the server lets you in without asking for a password

This method is more secure than passwords because:

* The private key never leaves your computer
* It's extremely difficult for someone to guess or crack your key
* Even if someone intercepts your login attempt, they can't see your private key

By using SSH keys, you can log in quickly and securely without typing a password each time.

#### Setting up your own SSH Keys

While some service providers have a webshell, it’s much nicer (and less laggy) to work in your own terminal, and it familarises you for other services too!

#### 1) On your local terminal (NOT in SSH)

* `ssh-keygen -t ed25519`
  * Press enter for the defaults, and note the file that you saved the key in.&#x20;
  * Take note of the `path/to/ssh/key` , we'll need it later!
* `ssh-copy-id <username>@<ip-address>`
  * If you configured your own path to install the key, run: \
    `ssh-copy-id -i path/to/ssh/key <username>@<ip-address>`

You should see a confirmation message: `Number of key(s) added: 1`

Now, you should be able to get a shell in your server, without any passwords!

#### 2) On the Server

You should now be able to go to `vim /home/<username>/.ssh/authorized_keys`, to see the authorized keys&#x20;

### SSH Hardening (Restricting Root + PasswordAuthentication)

* `sudo vim /etc/ssh/sshd_config`
* Set `PermitRootLogin` to  `prohibit-password`
* Set `PasswordAuthentication` to `no`, so that we disable password login
* Save and exit (`:wq` in vim)
* Some servers will create pre-populated SSH configurations. We should check if it exists, and remove it with:&#x20;
  * &#x20;`rm -r /etc/ssh/sshd_config.d/`
* 🚨⚠️ **Note that after this, you will have no way of recovering into this server without your key.**
* Then, restart ssh `sudo systemctl restart ssh`&#x20;

### Quality of Life: Disable Sudo Password

* `sudo visudo`&#x20;
* At the end of the file, add: `<username> ALL=(ALL) NOPASSWD:ALL`&#x20;

{% hint style="info" icon="triangle-exclamation" %}
Note the security implication: anything with user-level access, can make system-wide changes without your password.
{% endhint %}

### Quality of Life: SSH Config \[Edit on your local computer]

* `sudo vim ~/.ssh/config`&#x20;
* In the config file, add the following:

  ```
  Host <hostname>
      HostName <ip-address>
      User <username>
      IdentityFile <path-to-ssh-key>
  ```

{% hint style="info" %}
Not familiar with the terminal/shell? Check out a quick introduction here:

<https://wiki.nushackers.org/hackers-toolbox/beginners-guide-to-the-terminal/introduction-to-the-terminal#the-shell-prompt>
{% endhint %}