I recently got a new server and I realized I don’t have a comprehansive guide for setting a machine up from scratch. This guide is particularly useful for setting up something like a VPS where you only have SSH access, it assumes you have installed a bare bones headless version of Debian and have root SSH access using a password. Later in the guide I’ll set up SSH with keys and disable passwords altogether. As I’ve covered some or all of the topics before I’ll be linking to those articles where it makes sense to.
Change the Root Password
Most VPS providers will send you a root password to use with the newly created machine. I highly recommend that you change this password immediately. Shell into the machine using the password sent to you and then run the command:
sudo passwd root
Follow the prompts and enter a new password when it asks, repeating it to confirm. Technically, if you are already root (you probably are at this point) then all you need to enter as a command is passwd – I gave the slightly longer command because it’s guaranteed to work..
Add a New User
You’ll want to stop using the root account basically straight away and start using your own account. To add a new account you need to use the adduser command (not the useradd command which will work but is more low level). For example:
# sudo adduser foo
Adding user `foo' ...
Adding new group `foo' (1000) ...
Adding new user `foo' (1000) with group `foo (1000)' ...
Creating home directory `/home/foo' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for foo
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y
Adding new user `foo' to supplemental / extra groups `users' ...
Adding user `foo' to group `users' ...
As you can see from the prompt I was already root when I ran this command so strictly speaking the sudo wasn’t required. The command creates a new user directory and populates it with the contents of /etc/skel.
You’ll probably also want to add this user to the sudo’ers group if they are going to be administering the machine. This can be done with the following command:
sudo usermod -aG sudo foo
You should now be able to shell into the machine as your new user.
Configure SSH
While creating and using keys for SSH is quite simple there a a fair number of things to consider so I’ve broken this out into it’s own article which can be found here.
Fixing: WARNING! Your environment specifies an invalid locale
Shelling into the new machine I got an unusual warning message:
WARNING! Your environment specifies an invalid locale.
The unknown environment variables are:
LC_CTYPE=UTF-8 LC_ALL=
This can affect your user experience significantly, including the
ability to manage packages. You may install the locales by running:
sudo apt-get install language-pack-UTF-8
or
sudo locale-gen UTF-8
... snip ...
Running the command locale also show issues:
$ locale locale: Cannot set LC_CTYPE to default locale: No such file or directory locale: Cannot set LC_MESSAGES to default locale: No such file or directory locale: Cannot set LC_ALL to default locale: No such file or directory LANG=en_GB.UTF-8 LANGUAGE= LC_CTYPE="en_GB.UTF-8" LC_NUMERIC="en_GB.UTF-8" LC_TIME="en_GB.UTF-8" LC_COLLATE="en_GB.UTF-8" LC_MONETARY="en_GB.UTF-8" LC_MESSAGES="en_GB.UTF-8" LC_PAPER="en_GB.UTF-8" LC_NAME="en_GB.UTF-8" LC_ADDRESS="en_GB.UTF-8" LC_TELEPHONE="en_GB.UTF-8" LC_MEASUREMENT="en_GB.UTF-8" LC_IDENTIFICATION="en_GB.UTF-8" LC_ALL=
The solution seems to be to just regenerate the locales for the system. I regenerated all locales which took a while and was a mistake, just pick the locales you need. I also selected my local language as the default. This seems to have fixed the issue.
sudo dpkg-reconfigure locales
How much of a mistake was generating all the locales? Note much of one. Looking at /usr/share there’s about 150MB of files that I don’t really need (the whole folders is 214MB). For that much space I can’t be bothered to figure out how to remove the unneeded files.
Set up some Useful Aliases
Open the .bashrc file in your home directory and add the line
alias ll='ls -lA'
This will produce directory listing of all files and folders in long format. Note that there is a commented out ll entry already in the file with out the A option. You’ll need to logout and back in for the change to take effect.
Configure Automatic Updates
I use automatic updating on all my Debian servers. It carries a small risk that the machine will just randomly breakdown but I don’t have much luck catching breaking updates manually so it doesn’t make much difference to me. The page describing automatic updates is here.
Setup the Hosts File
I removed the A record for the server from the DNS records at Cloudflare (due to them not proxying SSH, see here) and I found I started getting an error message when I tried to sudo:
sudo: unable to resolve host my-server.example.com: Name or service not known
A look in /etc/hostname revealed the hostname I expected:
my-server.example.com
A look in /etc/hosts revealed the problem, the server was relying on the A record in the DNS to figure out who it was.
127.0.0.1 localhost 127.0.1.1 debian # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters
I simply appended my host name to the second like to give the line shown below. The system will pick up the change instantly. See here also.
127.0.1.1 debian my-server.example.com
Restart the Server
At this point I like to restart the server to make sure everything comes up smoothly. This is, of course, optional but if something is going to go wrong it’s better to get it over an done with earlier.
sudo reboot
Some Things You Might Like to Do Next…
You’ve now got a working and secure server so you might like to do some of these things: