[ SDF Public Access UNIX System .. Est. 1987 ]

join welcome faq status members projects store tour gopher abuse dialup minecraft social
tilde nihongo europa webmail gallery usermap irc tutorials software telnet git ssh

Ubuntu on SDF VPS

Contents

Basics

Log into your vps as root using root as the password.

We're going to disable the root account for security, but first we need a user account for day-to-day use.

useradd -m <username>

Set the password for this user.

passwd <username>

Add this user to the "sudo" group so that it can run commands as root.

usermod -aG sudo <username>

Log out and log back in as your new account, then disable the root account.

sudo passwd -dl root

Networking

Enable ufw for simple firewall management.

sudo ufw enable

In your control panel at vps.sdf.org, note YOUR_IP (e.g. 205.166.94.255) on the top line, and YOUR_HOSTNAME (e.g. ubuntu99).

Delete the file /etc/netplan/00-installer-config.yaml then create a new file /etc/netplan/01-netcfg.yaml, open it in an editor and add the following, replacing the text YOUR_IP with the IP address from the previous step::

	network:
	  version: 2
	  renderer: networkd
	  ethernets:
	    eth0:
	      dhcp4: no
	      addresses:
	        - YOUR_IP/24
	      gateway4: 205.166.94.1
	      nameservers:
	        addresses: [205.166.94.20]
	

Save the file, then apply the config by running:

sudo netplan apply

Confirm that your IP is now assigned to your network interface:

ip a

Confirm that networking is functional:

ping sdf.org

Add this to /etc/hosts:

YOUR_IP 	YOUR_HOSTNAME.sdf.org 	YOUR_HOSTNAME
	

Change /etc/hostname to:

YOUR_HOSTNAME

Updates

Pull latest package information.

sudo apt-get update

Apply all available updates.

sudo apt-get upgrade

Restart.

sudo shutdown -r now

SSH

Install SSH.

sudo apt-get install openssh-server

Edit /etc/sshd/sshd_config and disable root login:

PermitRootLogin no

Restart sshd.

sudo systemctl restart sshd

Create a firewall rule to allow ssh connections. If you'll always be connecting from the same ip (eg. your home computer) you can create explicit rules to only allow that ip to connect. However, note that most ISPs do not assign static IPs, so if yours changes you'll need to log into the console and update your firewall.

sudo ufw allow from YOUR_HOME_IP/32 to any port 22

If you need to be able to connect from anywhere, allow 22 from anywhere.

sudo ufw allow 22

Cleanup

There are a few things that can be removed at this point to clean up your install to reduce resource use and protect your privacy.

When you type a command that's not found on your $PATH, Ubuntu will try to look it up and recommend packages to install that may be what you're looking for. This often means that instead of a quick error message, there is a delay before returning to a prompt. You can stop this behavior by removing the command-not-found package.

sudo apt-get purge command-not-found

In the output you should see a message about a folder being left behind because it's non-empty. We can safely clean this up as well.

sudo rm -rRf /var/lib/command-not-found

The package python3-commandnotfound was a dependency for this tool that is no longer needed. You can have apt clear this with autoremove.

sudo apt autoremove

You may have noticed that on login, your MOTD contains a lot of information, some of which is dynamically generated from sources on the internet. One of these steps sends information about the machine to Ubuntu as part of the request for latest news. We can disable this in /etc/default/motd-news.

ENABLED=0

You can take this further and move or delete the files found in /etc/update-motd.d/ and optionally replace them with your own script. On login, Ubuntu will execute the scripts in this folder and display anything they send to stdout. You can also create /etc/motd and any text in that file will be displayed after any output from your motd scripts.



$Id: VPS_Ubuntu.html,v 1.6 2021/01/19 02:53:52 sully Exp $

©1987-2065 SDF Public Access UNIX System, Inc. 501(c)(7)
(this page was generated using ksh, sed and awk)