This is the step 1.2 of: http://julien.coubronne.net/a-self-hosted-free-opensource-cloud

Inspired by My First 10 Minutes On a Server, I decided to do the following steps:

• SSH auth by key only
• Add user to sudo group
• Install Fail2ban

The steps I’m thinking to do but not quite sure:

• Firewall? (not sure yet)
• Logwatch

SSH auth by key only

From windows using Putty

I followed this guide: https://www.digitalocean.com/community/tutorials/how-to-create-ssh-keys-with-putty-to-connect-to-a-vps

Beware to use the correct orthograph for ~/.ssh/authorized_keys (I used a hyphen “-” resulting in an error).

From Linux (Ubuntu) using ssh-copy-id

ssh-copy-id YourUser@192.168.your.server

Storing your keys in Keepass

In Keepass you have an option (in “advanced” tab of each entry) to store a file. I used this option to store my private (and public) keys. You can also use the same entry to store the passwork associated with the key.

Add user to sudo group

sudo adduser <username> sudo

Verify you sudo conf file with

visudo

You should have the following:

# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL

Install Fail2ban

sudo aptitude install fail2ban