blog.lexruee.ch
Yet another blog on the Web.

It has been a while since I had the time to tinker around and to work on my pet project. So to get back into hacking mode or tinkering mode, I decided to proceed with my RPI-based home sensor network project.

So to get back on track and to boost my motivation, I decided yesterday evening to order a basic Ubuntu 18.04 LTS VM from ServerBase.ch for testing and development purposes.

I decided to go for the SSD VPS - SSD1 G4 offering, which provides one vCPU, 2 GB RAM, and 20GB SSD storage. Depending on the invoicing interval you choose, you pay monthly 10.90 CHF, 9.90 CHF, 8.90 CHF.

To my surprise, I found this morning an email in my inbox saying that my ordeded VM was already ready and running since 3 am. To be honest I didn't expect to have a running VM on sunday morning to mess around with. Well, it was also interesting to see the logs in /var/log/auth.log once I logged into the system via ssh.

As one can see in the logs below, it took only 15 minutes once some bots tried to ssh into the VM using the user admin:

Dec  9 03:14:12 yux sshd[410]: Invalid user admin from 73.170.169.71 port 51607
Dec  9 03:53:05 yux sshd[437]: Invalid user admin from 177.129.130.11 port 33330
Dec  9 09:56:51 yux sshd[3634]: Invalid user admin from 86.75.97.194 port 50219
Dec  9 10:56:40 yux sshd[3893]: Invalid user admin from 5.188.10.76 port 42406
Dec  9 17:58:34 yux sshd[894]: Invalid user admin from 170.79.35.168 port 50604

Anyway, to cut a long story short, I reinstalled the VM with the help of the ServerBase dashboard, and I did mess around with the VM, and documented at the same time my configuration steps for a sane initial ServerBase Ubuntu VM.

Initial Configuration

Per default a fresh Ubuntu vserver on ServerBase has a very relaxed SSH access policy. For example, the root user is allowed to SSH into the VM via the root password. Moreover, the system locales are set to Swiss German. Last but not least, the grub settings are tweaked so grub boots faster.

So my steps to configure the VM to my liking were as follows:

1) Add a custom sudo user.
2) Setup SSH pubkey authentication for the custom user.
3) Disable SSH password authentication and ssh root login.
4) Update the system and upgrade the packages via apt.
5) Setup automatic updates and install fail2ban
6) Install helpful packages such as vim, tmux, zsh etc.
7) Change the system locales to US english.

1) Add a custom sudo user

In a next step, we add a sudo user, so we don't need the root account anymore:

# adduser alex --gecos ''
# adduser alex sudo

2) Setup SSH pubkey authenitcation

Next, we setup passwordless login using SSH public/private keys.

For this reason, we generate a SSH key pair as shown below:

ssh-keygen -b 4096 -t rsa

Once we have generate the keys, we need to copy the public key to our virtual server. This can be easily done with help of ssh-copy-id:

ssh-copy-id -i ~/.ssh/id_rsa.pub alex@some-ip-addr

3) Disable password authentication and root ssh access

Edit the file /etc/ssh/sshd_config/ and change it as follows:

PermitRootLogin no #edited line to no

# custom changes
Protocol 2
StrictModes yes
PasswordAuthentication no
PubkeyAuthentication yes
AuthorizedKeysFile      .ssh/authorized_keys
AllowUsers alex

After that change, reboot the system:

#reboot

4) Update the system

sudo apt update
sudo apt upgrade
sudo apt full-upgrade 
sudo apt autoremove

5) Setup automatic updates and install fail2ban

To keep the system secure and up-to-date, one can install the unattended-upgrades package via apt:

sudo apt install unattended-upgrades

Moreover, we install fail2ban:

sudo apt install fail2ban

6) Install helpful packages

sudo apt install vim tmux htop tree zsh git

Lastly, we install oh-my-zsh:

sh -c "$(wget https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)"

7) Change the system locales

Per default, it seems that ServerBase Ubuntu 18.04 VMs are configured with Swiss German locales. I don't like that :D. Thus, let's change that and use US English UTF-8 locales instead.

sudo dpkg-reconfigure locales

After that reboot or open a new terminal.

Next steps

That's it for now. The VM is running and is more or less secured. The next steps involve installing environments like node.js, ruby, and deploying some custom applications for my home sensor network monitoring projects.

© Alexander Rüedlinger, 2017-2019
Proudly powered by Pelican, which takes great advantage of Python.