This is the step 1.2 of: http://julien.coubronne.net/a-self-hosted-free-opensource-cloud
Inspired by My First 10 Minutes On a Server, I decided to do the following steps:
- SSH auth by key only
- Add user to sudo group
- Install Fail2ban
The steps I’m thinking to do but not quite sure:
- Firewall? (not sure yet)
- Logwatch
SSH auth by key only
From windows using Putty
I followed this guide: https://www.digitalocean.com/community/tutorials/how-to-create-ssh-keys-with-putty-to-connect-to-a-vps
Beware to use the correct orthograph for ~/.ssh/authorized_keys (I used a hyphen “-” resulting in an error).
From Linux (Ubuntu) using ssh-copy-id
ssh-copy-id YourUser@192.168.your.server
Storing your keys in Keepass
In Keepass you have an option (in “advanced” tab of each entry) to store a file. I used this option to store my private (and public) keys. You can also use the same entry to store the passwork associated with the key.
Add user to sudo group
sudo adduser <username> sudo
Verify you sudo conf file with
visudo
You should have the following:
# Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL
Install Fail2ban
sudo aptitude install fail2ban
Webmentions
[…] Synology DSM alternative step 01: Server post-install […]