The Version 8.0 of Debian (known as Jessie) was relased on 25 April 2015. This version includes many changes and modifications. Jessie comes with a new init system by default named “systemd”. The suite “Systemd” provides many exciting features such as a reduction on the startup time, the cgroups for services or the ability to isolate a part of the services. The sysvinit init system is always available with Jessie.
To install Debian 8, refer the following link.
So after making the installation of this version of Debian, there are some important steps to fellow in order to increase the security and usability of your server. Thus you can fellow us in this article to know and make those different steps.
First of all we will start by showing you how you can log into your server. For that you have to know you server’s public IP address and of course the password of the root user account.
So use the following command to log in your server as the root user and don’t forget to change “IP_ADDRESS” by your password:
local$ ssh [email protected]IP_ADDRESS
You will be asked to enter your root authentication either as password or private key. You can also change the root password.
Now we will create a new user account, and we will use the following command, of course you have to change the name of our selected user “anis” with your chosen one:
# adduser anis
Then you will be asked some questions, don’t forget to enter a strong password. There are also some additional information you can answer them or skip them by hitting “enter”.
After creating a new user account, some administrative tasks have to be done. As it is already known, Debian 8 doesn’t come with installation of sudo, so to install it we will do as fellow. We will start by updating the apt package index using the following command:
# apt-get update
Then we will use the following command to make the installation of sudo:
# apt-get install sudo
Now we will add the sudo privileges to our new user account, so we will start by adding the new user to the user group that will be able to use the sudo commands (which is feature of Debian 8). So we will use the following command to make it:
# usermod -a -G sudo anis
After making those steps, you will able to use and run the sudo commands within your new user account.
Now we will set up public key authentication for our new user in order to increase the security of our server. We will make a SSH key pair, which is a generate one.
So to generate a new key pair, use the following command:
Then you may either enter a passphrase or leave the passphrase blank. If you leave the passphrase blank, you will be able to use the private key for authentication without entering a passphrase. If you enter a passphrase, you will need both the private key and the passphrase to log in. Securing your keys with passphrases is more secure, but both methods have their uses and are more secure than basic password authentication.
Then after creating this SSH key pair, we will copy the public key to our new server using the following command:
local$ cat ~/.key_SSH/id_rsa.pub
Select your public key, and copy it to your clipboard. And to could be able to use the SSH key to authenticate as the new remote use, we will add the public key to a special file in the user’s home directory using the following command:
# su - anis
After typing this command, we are in our new user’s home directory, so we will create a new directory called .key_SSH using the following command:
$ mkdir .key_SSH
$ chmod 700 .key_SSH
We will open a file in .key_SSH called accepted
with a text editor. We will use the following command:
$ nano .key_SSH/accepted_keys
Then we will insert our public key by pasting it into the editor. You can exit the file by hitting
Then we will restrict the permissions of the accepted_keys file using the following command:
$ chmod 600 .key_SSH/accepted_keys
And return to the root user using the following command:
After making those steps, you will be able to log in using the private key as authentication and SSH login as your new user.
Now we will modify the SSH configuration, so we will start by opening the configuration file using the following command:
# nano /etc/ssh/sshd_config
Then search for a line that starts by port that we want to change it which is the port where SSH runs on. If we change the found number to other one in 1025 and 65536, the SSH service will look for connections on other port. Which is helpful to more secure your server. Don’t forget the new number of the port where your server will run on in the future. This number of port has to be given to your SSH client to use it.
Then search for a line that starts by PermitRootLogin, it looks like the following one:
We will just disable the root login through SSH which is more secure, this task is recommended for every server. In this case we will get some thing like the following line:
Then use the previous described method to save and close the file.
# systemctl restart ssh
Now we will test our new configuration, so we will open a new terminal window, we will use the new account already created instead of connecting using the root account. You can tell your client about your selected new port by typing “-p number” where number is your selected port number.
local$ ssh -p number demo@IP_ADDRESS
You will be prompted for the new user’s password that you configured. After that, you will be logged in as your new user.
If you need to run a command with root privileges, type “sudo” before it like this:
$ sudo command
If all is well, you can exit by typing the following command:
At this stage you have a strong installation and configuration of your Debian 8 server which will be used for 5 years before the foundation of the next version. Now you can install any software you want.