[ SDF Public Access UNIX System .. Est. 1987 ]

join welcome faq status members projects store tour gopher abuse dialup dsl minecraft social
tilde nihongo europa webmail gallery usermap teach irc tutorials software telnet ssh

Debian on SDF VPS

Contents

Basics

The root user on a fresh Debian VPS has the default password "rootroot".

After logging in to your VPS for the first time, please change this password to something more secure. Type passwd at the prompt and follow the instructions. Don't forget this password as there is currently no way to recover it.

It is a good habit to create a regular user account for working, using su to obtain root privileges as needed. To create a regular user account:

useradd -m <username>

This user will be able to perform administrative tasks by runing su to obtain superuser privileges using the root password.

Set Your Timezone

dpkg-reconfigure tzdata

Networking

In your control panel at vps.sdf.org, note YOUR_IP (e.g. 192.94.73.255) on the top line, and YOUR_HOSTNAME (e.g. debian99).

Start your server, and log in via the console. (default= root:rootroot)

Open /etc/network/interfaces in an editor and add the following, replacing the text YOUR_IP with your own actual IP number, add:

auto eth0
iface eth0 inet static
address YOUR_IP
netmask 255.255.255.0
network 192.94.73.0
broadcast 192.94.73.255
gateway 192.94.73.1
dns-nameservers 192.94.73.20

Note: For VPS installations of Debian 8.4 (jesse) on VPS3, please omit the above dns-nameservers line from the interfaces file, and instead add this line to /etc/resolv.conf:

nameserver 192.94.73.20

Add this to /etc/hosts:

YOUR_IP 	YOUR_HOSTNAME.sdf.org 	YOUR_HOSTNAME

Change /etc/hostname to:

YOUR_HOSTNAME

Run/Type:

/etc/init.d/networking restart

Setting up SSH

You may wish to add ssh access to your VPS. It is highly recommended that you disable root login via ssh and use a normal user account to login.

Install SSH

Run/Type:

apt-get install openssh-server

Disable root Login

Edit /etc/ssh/sshd_config and change the line:

PermitRootLogin yes

To:

PermitRootLogin no

Now restart sshd by running/typing:

/etc/init.d/ssh restart

You can now test ssh by running ssh user@localhost.

Package Management

Refer to the following article to see how to clean up (remove packages) from your VPS:

Firewall Setup

Disable IPv6:

# echo "blacklist ipv6" >> /etc/modprobe.d/blacklist

Edit rules:

# vi /etc/firewall

*filter

-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

-A OUTPUT -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

-A INPUT -j REJECT
-A FORWARD -j REJECT

COMMIT

Load rules (now):

# iptables -F
# iptables-restore < /etc/firewall

Load rules (boot):

# vi /etc/network/if-pre-up.d/firewall

#!/bin/sh
/sbin/iptables-restore < /etc/firewall

# chmod 755 /etc/network/if-pre-up.d/firewall

Software and Distribution Updating

To update your system, run the following commands:

  • apt-get update
  • apt-get dist-upgrade -y

    Reducing Memory Usage

    If you are using a 128MB slice, it's a good idea to reduce the memory usage of some processes or even disable them.

    cron and at

    You might not need one or both of those, so you can deactivate them with
    # update-rc.d -f atd remove
    # update-rc.d -f cron remove
    
    This frees up ca. 7MB (if both are deactivated).

    getty / virtual terminals

    This being a virtual system, you won't need getty on tty1-6. In order to eliminate them, edit /etc/inittab and modify the corresponding lines like this:
    co:2345:respawn:/sbin/getty hvc0 9600 linux
    
    #1:2345:respawn:/sbin/getty 38400 tty1
    #2:23:respawn:/sbin/getty 38400 tty2
    #3:23:respawn:/sbin/getty 38400 tty3
    #4:23:respawn:/sbin/getty 38400 tty4
    #5:23:respawn:/sbin/getty 38400 tty5
    #6:23:respawn:/sbin/getty 38400 tty6
    
    You need to keep the line with hvc0 so you can attach a serial console from vps.sdf.org to your vps. This frees up ca. 10MB.

    rsyslogd

    rsyslogd eats a lot of memory by default (26MB on my vps) which can be reduced by the usage of ulimit. Edit /etc/init.d/rsyslog and include the following line just before the command where rsyslogd will be started:
    ulimit -s 256
    
    Example:
    case "$1" in
      start)
            ulimit -s 256
            log_daemon_msg "Starting $DESC" "$RSYSLOGD"
            create_xconsole
            do_start
            case "$?" in
                    0) sendsigs_omit
                       log_end_msg 0 ;;
                    1) log_progress_msg "already started"
                       log_end_msg 0 ;;
                    *) log_end_msg 1 ;;
            esac
    
            ;;
    
    This frees up about 23MB.

    portmap

    I don't need portmap, so i removed it completely:
    apt-get remove --purge portmap
    

    openssh vs. dropbear

    If you dont need all the extra features openssh has compared to dropbear, you can reduce memory consumption from 23MB to 5MB while being connected with 1 non-root user to the system by replacing openssh with dropbear.
    apt-get install dropbear
    
    Edit /etc/defaults/dropbear and set NO_START to 0 and add the extra args "-w -s -g" to disallow root and password logins (You'll be only able to login with a non root user and ssh keys):
    # disabled because OpenSSH is installed
    # change to NO_START=0 to enable Dropbear
    NO_START=0
    
    # the TCP port that Dropbear listens on
    DROPBEAR_PORT=22
    
    # any additional arguments for Dropbear
    DROPBEAR_EXTRA_ARGS="-w -s -g"
    
    # specify an optional banner file containing a message to be
    # sent to clients before they connect, such as "/etc/issue.net"
    DROPBEAR_BANNER=""
    
    # RSA hostkey file (default: /etc/dropbear/dropbear_rsa_host_key)
    #DROPBEAR_RSAKEY="/etc/dropbear/dropbear_rsa_host_key"
    
    # DSS hostkey file (default: /etc/dropbear/dropbear_dss_host_key)
    #DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key"
    
    # Receive window size - this is a tradeoff between memory and
    # network performance
    DROPBEAR_RECEIVE_WINDOW=65536
    
    
    Afterwards, you can deactivate openssh with
    update-rc.d ssh remove
    
    or uninstall it:
    apt-get remove openssh-server
    

    $Id: VPS_Debian.html,v 1.18 2016/08/08 23:01:17 caldari Exp $

    ©1987-2065 SDF Public Access UNIX System, Inc. 501(c)(7)
    (this page was generated using ksh, sed and awk)