Buy a Linode plan
For location, Tokyo is not available now, and I choose Newark based on speed test (rather than Fremont).
Deploy an image
- At Linode manager, enter the dashboard of linode plan.
- Select “Deploy an Image”. Choose Ubuntu Long Term Support (LTS) release, e.g. Ubuntu 16.04 LTS.
- Set a password for root user (at least 6 characters long).
- Click “Deploy” button.
- When job finished, click “Boot” to power on.
Connect to the server
ssh [email protected][IP]
The IP address can be find in the “Remote Access” panel. Enter the password to log in.
sudo apt-get update && apt-get upgrade
echo "hostname" > /etc/hostname # Set hostname from file hostname -F /etc/hostname # Verify hostname hostname
Edit hosts file
and add a line:
[IP address] [Fully Qualified Domain Name (FQDN)] hostname
The value you assign as your system’s FQDN should have an “A” record in DNS pointing to your Linode’s IPv4 address.
(Save and close file after editing with nano:
dpkg-reconfigure tzdata # Check time date
Securing Your Server
Ref: Securing Your Server
Add a Limited User Account
Add user to sudo group:
adduser example_user sudo
Switch to example_user:
exit ssh [email protected][IP]
Authentication by SSH key pair
On local machine,
ssh-keygen -b 4096
Press Enter three times to use default filenames and empty passphrase.
id_rsa.pub are generated in
mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/
Upload public key to server:
scp ~/.ssh/id_rsa.pub [email protected][IP]:~/.ssh/authorized_keys
Exit and log into Linode again. No password is needed now.
Adjust SSH settings
# Disable SSH password authentication PasswordAuthentication no # Disable PAM authentication UsePAM no # Disallow root logins over SSH PermitRootLogin no
Apply new ssh configurations:
sudo systemctl restart sshd
Use Fail2Ban for SSH Login Protection
sudo apt-get install fail2ban
Remove Unused Network-Facing Services
To see your Linode’s running network services:
sudo netstat -tulpn
And remove unused services accordingly.
Enable the Firewall
- UFW Essentials: Common Firewall Rules and Commands
sudo apt-get install zsh sudo apt-get install git-core
Getting zsh to work in ubuntu is weird, since sh does not understand the
source command. So, you do this to install zsh
wget https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh -O - | zsh
and then you change your shell to zsh
chsh -s `which zsh`
and then reboot
sudo shutdown -r 0
Because the default theme does not show hostname, we may want to change a theme (zsh themes).
Cyberduck for File transfer
Install full desktop:
sudo apt-get install ubuntu-desktop gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal
Or, install desktop environments without full packages (no tools like office and browser, small size, however there exists coding problem for Chinese font):
sudo apt-get install --no-install-recommends ubuntu-desktop gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal
During the install process, you will be asked whether or not to change a system file to the new version. Type y then enter to use the updated version.
Install VNC server:
sudo apt-get install vnc4server
Exit and reconnect with command:
ssh -L 5901:127.0.0.1:5901 [email protected][IP]
start vnc server (for first time, set a password after prompt):
Then connect with VNC viewer.
Ignore the “unencrypted connection” message. And a gray screen showed.
Close VNC server:
vncserver -kill :1
~/.vnc/xstartup file to add a few lines to the end:
gnome-panel & gnome-settings-daemon & metacity & nautilus &
Start VNC server again and connect from client. Desktop should show.
In case that VNC viewer shows connection error: “Too many Security Failures”, restart the server:
vncserver -kill :1 vncserver :1
Perl locale warning
perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LANG = "en_US.UTF-8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C").
Solution: comment out line from
AcceptEnv LANG LC_*