Ubuntu 服务器初始配置

October 5, 2024 · 2 min read

Not a Maintainer yet.

执行更新
```
sudo apt update && sudo apt upgrade -y
```

安装防止暴力破解软件

sudo apt install fail2ban
# start service
sudo service fail2ban start

创建非 root 账户，如果 VPS 没有自动创建

# step 1, add new user
adduser ubuntu
# step 2, adding the user to sudo group
usermod -aG sudo ubuntu
# step 3, testing sudo access
su - ubuntu
sudo apt update
# type the password

配置 ssh key 远程登陆，仅使能 root 账号远程登陆，禁止其他账号通过密码登陆
- Generate SSH key pair,
```
ssh-keygen -t rsa-sha2-512 -b 4096
```
- Copy the pub key content to the file authorized_keys in the server.
- Change the permission,
```
chmod 700 /home/user/.ssh
chmod 600 /home/user/.ssh/authorized_keys
```
- Edit the sshd config file,
```
sudo vim /etc/ssh/sshd_config
```
  - set PubkeyAuthentication to yes,
  - set PasswordAuthentication to no
  - enable root login only, note the Match User key word must be at the end of the file
  - reload config
```
sudo service sshd reload
```

添加 remote 到 ssh config

Host us
    HostName the-ip-address-of-server
    User username
    Port 22
    IdentityFile ~/.ssh/id_rsa

测试远程连接
```
ssh us
```