Ubuntu on SDF VPS
Contents
Basics
Log into your vps as root using root as the password.
We're going to disable the root account for security, but first we need a user account for day-to-day use.
useradd -m <username>
Set the password for this user.
passwd <username>
Add this user to the "sudo" group so that it can run commands as root.
usermod -aG sudo <username>
Log out and log back in as your new account, then disable the root account.
sudo passwd -dl root
Networking
Enable ufw for simple firewall management.
sudo ufw enable
In your control panel at vps.sdf.org, note YOUR_IP (e.g. 205.166.94.255) on the top line, and YOUR_HOSTNAME (e.g. ubuntu99).
Delete the file /etc/netplan/00-installer-config.yaml then create a new file /etc/netplan/01-netcfg.yaml, open it in an editor and add the following, replacing the text YOUR_IP with the IP address from the previous step::
network: version: 2 renderer: networkd ethernets: eth0: dhcp4: no addresses: - YOUR_IP/24 gateway4: 205.166.94.1 nameservers: addresses: [205.166.94.20]
Save the file, then apply the config by running:
sudo netplan apply
Confirm that your IP is now assigned to your network interface:
ip a
Confirm that networking is functional:
ping sdf.org
Add this to /etc/hosts:
YOUR_IP YOUR_HOSTNAME.sdf.org YOUR_HOSTNAME
Change /etc/hostname to:
YOUR_HOSTNAME
Updates
Pull latest package information.
sudo apt-get update
Apply all available updates.
sudo apt-get upgrade
Restart.
sudo shutdown -r now
SSH
Install SSH.
sudo apt-get install openssh-server
Edit /etc/sshd/sshd_config and disable root login:
PermitRootLogin no
Restart sshd.
sudo systemctl restart sshd
Create a firewall rule to allow ssh connections. If you'll always be connecting from the same ip (eg. your home computer) you can create explicit rules to only allow that ip to connect. However, note that most ISPs do not assign static IPs, so if yours changes you'll need to log into the console and update your firewall.
sudo ufw allow from YOUR_HOME_IP/32 to any port 22
If you need to be able to connect from anywhere, allow 22 from anywhere.
sudo ufw allow 22
Cleanup
There are a few things that can be removed at this point to clean up your install to reduce resource use and protect your privacy.
When you type a command that's not found on your $PATH, Ubuntu will try to look it up and recommend packages to install that may be what you're looking for. This often means that instead of a quick error message, there is a delay before returning to a prompt. You can stop this behavior by removing the command-not-found package.
sudo apt-get purge command-not-found
In the output you should see a message about a folder being left behind because it's non-empty. We can safely clean this up as well.
sudo rm -rRf /var/lib/command-not-found
The package python3-commandnotfound was a dependency for this tool that is no longer needed. You can have apt clear this with autoremove.
sudo apt autoremove
You may have noticed that on login, your MOTD contains a lot of information, some of which is dynamically generated from sources on the internet. One of these steps sends information about the machine to Ubuntu as part of the request for latest news. We can disable this in /etc/default/motd-news.
ENABLED=0
You can take this further and move or delete the files found in /etc/update-motd.d/ and optionally replace them with your own script. On login, Ubuntu will execute the scripts in this folder and display anything they send to stdout. You can also create /etc/motd and any text in that file will be displayed after any output from your motd scripts.