First Things To Do After Installing Debian 8

The Version 8.0 of Debian (known as Jessie) was relased on 25 April 2015. This version includes many changes and modifications. Jessie comes with a new init system by default named “systemd”. The suite “Systemd” provides many exciting features such as a reduction on the startup time, the cgroups for services or the ability to isolate a part of the services. The sysvinit init system is always available with Jessie.

To install Debian 8, refer the following link.

So after making the installation of this version of Debian, there are some important steps to fellow in order to increase the security and usability of your server. Thus you can fellow us in this article to know and make those different steps.

First of all we will start by showing you how you can log into your server. For that you have to know you server’s public IP address and of course the password of the root user account.

So use the following command to log in your server as the root user and don’t forget to change “IP_ADDRESS” by your password:

local$ ssh [email protected]IP_ADDRESS

You will be asked to enter your root authentication either as password or private key. You can also change the root password.

Now we will create a new user account, and we will use the following command, of course you have to change the name of our selected user “anis” with your chosen one:

# adduser anis

Then you will be asked some questions, don’t forget to enter a strong password. There are also some additional information you can answer them or skip them by hitting “enter”.

After creating a new user account, some administrative tasks have to be done. As it is already known, Debian 8 doesn’t come with installation of sudo, so to install it we will do as fellow. We will start by updating the apt package index using the following command:

# apt-get update

Then we will use the following command to make the installation of sudo:

# apt-get install sudo

Now we will add the sudo privileges to our new user account, so we will start by adding the new user to the user group that will be able to use the sudo commands (which is feature of Debian 8). So we will use the following command to make it:

# usermod -a -G sudo anis

After making those steps, you will able to use and run the sudo commands within your new user account.

Now we will set up public key authentication for our new user in order to increase the security of our server. We will make a SSH key pair, which is a generate one.

So to generate a new key pair, use the following command:

local$ ssh-keygen

Then you may either enter a passphrase or leave the passphrase blank. If you leave the passphrase blank, you will be able to use the private key for authentication without entering a passphrase. If you enter a passphrase, you will need both the private key and the passphrase to log in. Securing your keys with passphrases is more secure, but both methods have their uses and are more secure than basic password authentication.

Then after creating this SSH key pair, we will copy the public key to our new server using the following command:

local$ cat ~/.key_SSH/id_rsa.pub

Select your public key, and copy it to your clipboard. And to could be able to use the SSH key to authenticate as the new remote use, we will add the public key to a special file in the user’s home directory using the following command:

# su - anis

After typing this command, we are in our new user’s home directory, so we will create a new directory called .key_SSH using the following command:

$ mkdir .key_SSH
$ chmod 700 .key_SSH

We will open a file in .key_SSH called accepted_keys with a text editor. We will use the following command:

$ nano .key_SSH/accepted_keys

Then we will insert our public key by pasting it into the editor. You can exit the file by hitting CTRL-X, and to save the changes by using Y and ENTER to confirm the file name. 

Then we will restrict the permissions of the accepted_keys file using the following command:

$ chmod 600 .key_SSH/accepted_keys

And return to the root user using the following command:

$ exit

After making those steps, you will be able to log in using the private key as authentication and SSH login as your new user.

Now we will modify the SSH configuration, so we will start by opening the configuration file using the following command:

# nano /etc/ssh/sshd_config

Then search for a line that starts by port that we want to change it which is the port where SSH runs on. If we change the found number to other one in 1025 and 65536, the SSH service will look for connections on other port. Which is helpful to more secure your server. Don’t forget the new number of the port where your server will run on in the future. This number of port has to be given to your SSH client to use it.

Then search for a line that starts by PermitRootLogin, it looks like the following one:

PermitRootLogin yes

We will just disable the root login through SSH which is more secure, this task is recommended for every server. In this case we will get some thing like the following line:

PermitRootLogin no

Then use the previous described method to save and close the file.

Now after making all those changes, we will restart the SSH server by using the following command:
# systemctl restart ssh

Now we will test our new configuration, so we will open a new terminal window, we will use the new account already created instead of connecting using the root account. You can tell your client about your selected new port by typing “-p number” where number is your selected port number.

local$ ssh -p number demo@IP_ADDRESS

You will be prompted for the new user’s password that you configured. After that, you will be logged in as your new user.

If you need to run a command with root privileges, type “sudo” before it like this:

$ sudo command

If all is well, you can exit by typing the following command:

$ exit

Conclusion

At this stage you have a strong installation and configuration of your Debian 8 server which will be used for 5 years before the foundation of the next version. Now you can install any software you want.