Setting Up A Linux VPS Securely (Pt.1) - Join Me On My Journey to Become a WitnesssteemCreated with Sketch.

in witness-category •  2 years ago

witness-in-courtdda47.jpg

Along with a a goal to get to Level 70 Reputation, I also wanted to host a node for the blockchain, and see about becoming a Steem Witness. That was after getting the rep level first, that I now have. So, I am continuing with the vision I had months ago, and am going to document or journal my journey to setup a Steem Witness Node.

This can also serve as a guide for anyone who doesn't even know Linux. I will show what to do to set things up, and by that time they should also have a decent understanding to take the reigns in their own troubleshooting.

So, please join me on this journey ;)


Purchase a VPS or Dedicated Server

I ordered a VPS from OVH.com on Black Friday. I may have to upgrade, I don't know if it will be enough, I shall see.

You will get an email with the server IP, usually a host provided subdomain as well, and the root password.

email77cf1.png

As you can see, I have Ubuntu Server 16.04. Maybe you have a similar Debian OS, or something based on Redhat like CentOS. The commands may vary slightly in structure or syntax, so if they don't work you will have to do some research of your own.

I'm doing this from Windows as my local OS. If you have Mac, then things will be slightly different in terms of what apps to download and use.


SSH Remote Connect

The first thing to do is connect to your VPS. You can test out if your VPS works in the first place from the control panel after you login to the VPS host's site. At OVH, you click on KVM to access the console. If that works, then it's time to test out a better way to interface with the computer than the browser.

Putty is the usual program used to connect via SSH. Click that previous link, and download the "Windows MSI installer package" for the easy installer.

Get that installed, and then open up Putty to see this:

ssh8282c.png

Put your IP or VPS domain name in the Host Name field.

Or you can put "root@" in front first (recommended). If you don't you have to specify "root" when you login each time.

root@111.111.111.111

Click Open.

Enter the password provided in the email mentioned above with all your info.


Change root password

So you should change the password to something more complex for the root. The host of your server may not have generated a strong one for you.

type:

passwd

Then enter your password at each prompt requesting it. Done.

passwd25469.png


Create a user for yourself

This is important for security. You don't want to be using the root to do changes to your system unless you really know what you're doing. Regular users can be given the sudo command access to be a "super user" (su) and execute commands at root access without having all of the root access to modify system files. Another important security aspect is for SSH, as you don't want to leave root access through SSH, so another user is required.

type:

adduser yourName

Fill in yourName with the name you want to use to login instead of root. Then repeat the password twice, and you can skip the other parts by just hitting enter.

then do:

adduser yourName sudo

or I later learned usermod -aG sudo yourName is the proper way.

adduser70f7a.png


Logout and back in as the new user

type:

logout

Re-open Putty and log into SSH again, but this time, don't use "root@111..." to login, user your new username instead. You can also "Save" this configuration, and "Load" it each time you open Putty, rather than retype everything.

Click open.

Enter your password for this new user.

Now you are logged in.

There are a few more security things to do.


Disable root login

This is to prevent root logins to SSH, which can leave your computer vulerable to brute force login attempts to the root account.

type:

sudo nano /etc/ssh/sshd_config

Scroll down (with your keyboard down arrow key) until you see "PermitRootLogin yes", or hit "Page Down" once to get there.

Go to the end of the line after the "s", the hit Backspace 3 times, and replace the "yes" with "no". No quotes.

permitroot4c6c5.png

PermitRootLogin no

That's what you need to have. Press ctrl+o on your keyboard to save the file, hit enter to confirm the name. Then ctrl+x to exit.

Now restart SSH with:

sudo service ssh restart

If you are using CentOS instead of Ubuntu, try:

sudo systemctl restart sshd

They both work on Ubuntu, I tried.

Now if you try to log into your server with root via SSH, it won't work. Don't forget you just changed the password above too. You need to remember the root password to have access.


Optional, change the default port from 22 to something else

If you want to really prevent people from trying to get in through the default way and make it harder to find your SSH access port, change it. Use the command from above to edit the sshd file and change the port to something below 65535, like 35545 or something, as long as it's not a reserved port, which is lower than 100 most of the time, so stick above 1000 and you're good.

You can also optionally restrict only certain users to have access to SSH login by adding the line AllowUsers followed by your username. This is if you plant o create more users and really want to restrict things.

After you save the file, exit, as was done above earlier (ctrl+o, ctrl+x), then restart the service sudo service ssh restart, and logout.

If you try to login without changing your default port 22, it won't work. You need to put in the new port, like for example 35545, and then it will work. Change your "Saved" Putty config if you need to.

ssh267ed3.png


Now you can login to your new VPS server through SSH, with a new user, a new port, and your root can no longer login, making it that less vulnerable. There is another thing to do to make SSH even more secure with RSA keys and disable password logins, which will be for next time (Pt.2).

Done!

I just did this, and so can you if you want to. I'm not a Linux noob, nor am I a pro either, but all the steps have been laid out if you want to try this out in the future. As I post more of the steps, it might make more sense where this is all heading to. If you want to go ahead, there are Linux tutorial you can find on google on how to maneuver the OS. Try out an installation with VirtualBox, a Desktop version that is, and you can still do command line to learn some basics while still watch youtube, or go online and do whatever.

Stay tuned for more posts in my journey to setup a node and be a Steem Witness.


Image source


Thank you for your time and attention! I appreciate the knowledge reaching more people. Take care. Peace.

Payout Selected


If you appreciate and value the content, please consider:
Upvoting upvote91a69.png ,    Sharing share2195b.png and   Reblogging reblog33b5f.png below.

Follow me for more content to come!


@krnel
2016-11-27, 7:32am

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

This post has been ranked within the top 50 most undervalued posts in the second half of Nov 27. We estimate that this post is undervalued by $6.58 as compared to a scenario in which every voter had an equal say.

See the full rankings and details in The Daily Tribune: Nov 27 - Part II. You can also read about some of our methodology, data analysis and technical details in our initial post.

If you are the author and would prefer not to receive these comments, simply reply "Stop" to this comment.

great guide

I still do not fully understand the witness thing still. When I started learning about OpenBazaar and using it I ended up learning how to start a VPS using Digital Ocean. Guide is similar and a cool thing for a tech nerd to know, I hope someone uses this guide you made and learns something new, learning the set up steps and having them down to memory is important.

·

Thanks. There are some posts on steemit from various ppl explaining it. Try a google search on steemit.com if you want to learn more.

·

Steem_Land Steemland.com tweeted @ 27 Nov 2016 - 13:10 UTC

Setting Up A Linux VPS Securely (Pt.1) - Join Me On My Journey to Become a Witness

steemit.com/witness-catego… / https://t.co/zNxp6NVAfw

@SteemUps @SteemitPosts @steemit

Disclaimer: I am just a bot trying to be helpful.
·

Thanks ;)

Hey mate,

I just want to point out that changing an SSH port won't do anything for the security of your access. It's trivial to find what ports are open and what they are used for.
I'm just saying that so people won't think that now they are safe from hackers. It's way more dangerous to think you are safe than to be on your toes.

·

I didn't say they would be safe just by changing their ports. All it does it make it less obvious by not using the default port 22. An extra step.

·
·

I know you didn't. But some people might think that so I just wanted to point it out :).

·
·
·

Hehe, ok. But I also said it was optional, since it's not that big of a deal. The other steps are not optional in my opinion.

Very interesting. Good luck with your witness journey :-)

·

Thank you :)

Good luck. What are the specs of your server?

·

Thanks, sorry for missing your comment. I have the minimum to see how it goes, and that's the minimum from 2 months ago before the new hardfork RAM improvements which is the one I will be testing and launching on eventually. From @klye's great post, which unfrounately can't be reblogged or commented on:

CPU Cores / Speed RAM Hard Drive Operating System
2 cores @ +2.2ghz 8GB 40GB SSD Ubuntu 16.04 server

I have 2x2.4Ghz, and the rest is the same. The immediate issue I see is for the SSD of 40, since there is the shared-db in the new fork as well. Ready to upgrade when needed. Peace.

Thanks for writing this guide! I'm sure it will be useful for a lot of people :) And good luck on your journey to become a witness! Best of luck.

·

Thanks :) And you're welcome, I hope it does help some people in the future, as I will be laying out pretty much everything to do hehe for anyone to see what needs to be done to make a secure witness node. Peace.

This post has been linked to from another place on Steem.

Learn more about and upvote to support linkback bot v0.5. Flag this comment if you don't want the bot to continue posting linkbacks for your posts.

Built by @ontofractal

I'm so grateful for this, It's so educational.