Setting up a new Debian-based server (e.g., Debian, Ubuntu, or Linux Mint) is the foundation of a secure and efficient system. This guide walks you through the essential steps I follow to establish a secure and functional environment, ensuring long-term stability and reliability.
Properly configuring a server during its initial setup is crucial to:
Many Debian-based distributions disable direct root SSH access for security. If root login is allowed or you're accessing the server via the console, log in as the root user:
ssh root@<your-server-ip>
For cloud-based servers, you might need to log in with a default user like ubuntu or debian.
Immediately update the root password (if root login is enabled):
passwd
If you’re using a default user, update its password as well:
sudo passwd
Using root for daily operations is discouraged. Create a new user for regular use:
adduser username
This prompts you to set a password and optional user details.
To allow the new user to execute administrative tasks, add them to the sudo group:
usermod -aG sudo username
If sudo is not installed (common on Debian minimal installs):
apt install sudo
Test the configuration by switching to the new user:
su - username
sudo apt update
SSH keys offer better security than passwords. Generate an SSH key pair on your local machine:
ssh-keygen
Copy the public key to the server:
ssh-copy-id username@<your-server-ip>
Alternatively, manually upload the key to the server:
cat ~/.ssh/id_rsa.pub | ssh username@<your-server-ip> "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Edit the SSH configuration file to improve security:
sudo nano /etc/ssh/sshd_config
Update the following settings:
PermitRootLogin no
PasswordAuthentication no
AllowUsers username
Restart the SSH service:
sudo systemctl restart ssh
Use UFW (Uncomplicated Firewall) to secure your server:
Install UFW if it’s not already present:
sudo apt install ufw
Allow SSH connections:
sudo ufw allow OpenSSH
Enable the firewall:
sudo ufw enable
Check the status:
sudo ufw status
Add rules for other services as needed (e.g., HTTP/HTTPS):
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
Update and upgrade the system regularly:
sudo apt update && sudo apt upgrade -y
Check disk usage to avoid running out of space:
df -h
Review system logs for unusual activity:
sudo journalctl -xe
Install tools like htop for performance monitoring:
sudo apt install htop
htop
Log out of the root account:
exit
Log back in using the new user:
ssh username@<your-server-ip>
Verify that:
Enable Automatic Updates:
Install and configure unattended-upgrades for automatic security updates:
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
Install Fail2Ban:
Protect against brute-force attacks:
sudo apt install fail2ban
This guide ensures your Debian-based server is secure, stable, and ready for application deployment. By following these steps, you establish a solid foundation for further customization and management, whether you're running a personal project or a production service.
Next Steps:
Happy administering!
Return to the Table of Contents for more guides and tutorials.