The root user on a fresh Debian VPS has the default password "rootroot".
After logging in to your VPS for the first time, please change this password
to something more secure. Type passwd
at the prompt and follow
the instructions. Don't forget this password as there is currently no way to
recover it.
It is a good habit to create a regular user account for
working, using su
to obtain root privileges as needed.
To create a regular user account:
useradd -m <username>
This user will be able to perform administrative tasks by runing
su
to obtain superuser privileges using the root
password.
dpkg-reconfigure tzdata
In your control panel at vps.sdf.org, note YOUR_IP (e.g. 205.166.94.255) on the top line, and YOUR_HOSTNAME (e.g. debian99).
Start your server, and log in via the console. (default= root:rootroot)
Open /etc/network/interfaces in an editor and add the following, replacing the text YOUR_IP with your own actual IP number, add:
auto eth0 iface eth0 inet static address YOUR_IP netmask 255.255.255.0 network 205.166.94.0 broadcast 205.166.94.255 gateway 205.166.94.1 dns-nameservers 205.166.94.20
Note: For VPS installations of Debian 8.4 (jesse) on VPS3, please omit the above dns-nameservers line from the interfaces file, and instead add this line to /etc/resolv.conf:
nameserver 205.166.94.20
Add this to /etc/hosts:
YOUR_IP YOUR_HOSTNAME.sdf.org YOUR_HOSTNAME
Change /etc/hostname to:
YOUR_HOSTNAME
Run/Type:
/etc/init.d/networking restart
You may wish to add ssh access to your VPS. It is highly recommended that you disable root login via ssh and use a normal user account to login.
Run/Type:
apt-get install openssh-server
Edit /etc/ssh/sshd_config and change the line:
PermitRootLogin yes
To:
PermitRootLogin no
Now restart sshd by running/typing:
/etc/init.d/ssh restart
You can now test ssh by running
ssh user@localhost
.
Refer to the following article to see how to clean up (remove packages) from your VPS:
Disable IPv6:
# echo "blacklist ipv6" >> /etc/modprobe.d/blacklist
Edit rules:
# vi /etc/firewall *filter -A INPUT -i lo -j ACCEPT -A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT -A OUTPUT -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 -A INPUT -j REJECT -A FORWARD -j REJECT COMMIT
Load rules (now):
# iptables -F # iptables-restore < /etc/firewall
Load rules (boot):
# vi /etc/network/if-pre-up.d/firewall #!/bin/sh /sbin/iptables-restore < /etc/firewall # chmod 755 /etc/network/if-pre-up.d/firewall
To update your system, run the following commands:
If you are using a 128MB slice, it's a good idea to reduce the memory usage of some processes or even disable them.
# update-rc.d -f atd remove # update-rc.d -f cron removeThis frees up ca. 7MB (if both are deactivated).
co:2345:respawn:/sbin/getty hvc0 9600 linux #1:2345:respawn:/sbin/getty 38400 tty1 #2:23:respawn:/sbin/getty 38400 tty2 #3:23:respawn:/sbin/getty 38400 tty3 #4:23:respawn:/sbin/getty 38400 tty4 #5:23:respawn:/sbin/getty 38400 tty5 #6:23:respawn:/sbin/getty 38400 tty6You need to keep the line with hvc0 so you can attach a serial console from vps.sdf.org to your vps. This frees up ca. 10MB.
ulimit -s 256Example:
case "$1" in start) ulimit -s 256 log_daemon_msg "Starting $DESC" "$RSYSLOGD" create_xconsole do_start case "$?" in 0) sendsigs_omit log_end_msg 0 ;; 1) log_progress_msg "already started" log_end_msg 0 ;; *) log_end_msg 1 ;; esac ;;This frees up about 23MB.
apt-get remove --purge portmap
apt-get install dropbearEdit /etc/defaults/dropbear and set NO_START to 0 and add the extra args "-w -s -g" to disallow root and password logins (You'll be only able to login with a non root user and ssh keys):
# disabled because OpenSSH is installed # change to NO_START=0 to enable Dropbear NO_START=0 # the TCP port that Dropbear listens on DROPBEAR_PORT=22 # any additional arguments for Dropbear DROPBEAR_EXTRA_ARGS="-w -s -g" # specify an optional banner file containing a message to be # sent to clients before they connect, such as "/etc/issue.net" DROPBEAR_BANNER="" # RSA hostkey file (default: /etc/dropbear/dropbear_rsa_host_key) #DROPBEAR_RSAKEY="/etc/dropbear/dropbear_rsa_host_key" # DSS hostkey file (default: /etc/dropbear/dropbear_dss_host_key) #DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key" # Receive window size - this is a tradeoff between memory and # network performance DROPBEAR_RECEIVE_WINDOW=65536Afterwards, you can deactivate openssh with
update-rc.d ssh removeor uninstall it:
apt-get remove openssh-server