Setting up a VPS for website hosting - Part 1
Setting Up The Local Account
Create local account
We don't want to use our VPS with the root account for security reasons. It is better to create a local admin account and run everything from there. Run these lines of code to create a new user:
Where cindy is the name of the new user. This creates a new user and gives it sudo/administrative permissions.
adduser cindy adduser cindy sudo
Intro to SSH keys
Now that we have a local account, we can personalize and tailor how we login to our server. Exit the
server and go back to your own computer by typing
Entering a password to access a server works, but is easy to brute-force hijack. A more secure way to login to a server is through a key-pair. A key pair consists of a public key and a private key. We'll use OpenSSH to create a private/public key-pair and connect it to the server.
The basics of private/public key encryption is that there are a pair of 2 "keys", which are like strings of some length. They can be something like 4096 bits. Both keys are used together in order to encrypt and decrypt messages.
Here's one implementation of public/private key encryption. If your friend wants to send you a secret message, you can give them your public key. They encrypt the secret message using some hashing functions and send the encrypted message to you. No one else can read it while it's in transit. Once it gets to you, using your private key, you can decrypt the message and read it. OpenSSH does all of the math and calculations for us to have a pair of keys that encrypt/decrypt perfectly.
Setting Up SSH Keys
So now we know that we need to setup a public key and a private key and send the public key out to someone. If you have never setup ssh before, run:
you can optionally run:
to have a more secure key with more bits. You can put it in the default directory with the default names, which is id_rsa for the private key and id_rsa.pub for the public key. A password is optional, but I prefer to not have a password.
ssh-keygen -b 4096
Your public and private keys will now be created. Next step is to send the public key to your server. There's a command for that:
where cindy is the name of your user, and 123.456.789 is your IP Address.
You can now log into your server using ssh. However, it's easier and better to rely on the
private/public keys and
to completely remove the passwords while logging in from your local computer. It's also better and
to completely remove root SSH logins. You can do this by modifying your
Find these lines:
and change them to:
PermitRootLogin yes ... # PasswordAuthentication no # PermitEmptyPasswords yes
PermitRootLogin no ... PasswordAuthentication no PermitEmptyPasswords yes
(Optional) Removing the user password
Because we are going to use SSH to authenticate and log in, we can clear our password on the server.
This doesn't mean you can run updates and
sudo level commands automatically. You still need
sudo, but it will not prompt you for your password.
To do this, run
and then append the line:
Then hit Control+X to exit and save. This will remove the need to enter your password when you use
cindy ALL=(ALL) NOPASSWD:ALL
sudo. If you created a password already, you can remove it using:
You must set the SSH parameters allowing empty passwords before you do this, and you must copy your public key to the server before this. If you didn't, it's not the end of the world. If you're using Linode, you can log in using WebLish or Glish to create a password so you can do those things and then clear your password.
sudo passwd -d cindy