Linode Notes – Basic Setup

Buy a Linode plan

For location, Tokyo is not available now, and I choose Newark based on speed test (rather than Fremont).

Getting started

Ref: Getting Started with Linode

Deploy an image

  • At Linode manager, enter the dashboard of linode plan.
  • Select “Deploy an Image”. Choose Ubuntu Long Term Support (LTS) release, e.g. Ubuntu 16.04 LTS.
  • Set a password for root user (at least 6 characters long).
  • Click “Deploy” button.
  • When job finished, click “Boot” to power on.

Connect to the server

The IP address can be find in the “Remote Access” panel. Enter the password to log in.

Basic settings

Upgrade packages

sudo apt-get update && apt-get upgrade

Set hostname

echo "hostname" > /etc/hostname

# Set hostname from file
hostname -F /etc/hostname

# Verify hostname
hostname

Edit hosts file

nano /etc/hosts

and add a line:

[IP address] [Fully Qualified Domain Name (FQDN)] hostname

The value you assign as your system’s FQDN should have an “A” record in DNS pointing to your Linode’s IPv4 address.

(Save and close file after editing with nano: CTRL-X, then Y, then ENTER.)

Set timezone:

dpkg-reconfigure tzdata

# Check time
date

Securing Your Server

Ref: Securing Your Server

Add a Limited User Account

Create user:

adduser example_user

Add user to sudo group:

adduser example_user sudo

Switch to example_user:

exit
ssh [email protected][IP]

Authentication by SSH key pair

On local machine,

ssh-keygen -b 4096

Press Enter three times to use default filenames and empty passphrase.

Two files id_rsa and id_rsa.pub are generated in /home/your_username/.ssh.

On Linode,

mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/

Upload public key to server:

scp ~/.ssh/id_rsa.pub [email protected][IP]:~/.ssh/authorized_keys

Exit and log into Linode again. No password is needed now.

Adjust SSH settings

Edit /etc/ssh/sshd_config

# Disable SSH password authentication
PasswordAuthentication no

# Disable PAM authentication
UsePAM no

# Disallow root logins over SSH
PermitRootLogin no

Apply new ssh configurations:

sudo systemctl restart sshd

Use Fail2Ban for SSH Login Protection

sudo apt-get install fail2ban

Remove Unused Network-Facing Services

To see your Linode’s running network services:

sudo netstat -tulpn

And remove unused services accordingly.

Enable the Firewall

Refs:

Tools

zsh

Ref: Getting oh-my-zsh to work in Ubuntu

Prereq:

sudo apt-get install zsh
sudo apt-get install git-core

Getting zsh to work in ubuntu is weird, since sh does not understand the source command. So, you do this to install zsh

wget https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh -O - | zsh

and then you change your shell to zsh

chsh -s `which zsh`

and then reboot

sudo shutdown -r 0

Because the default theme does not show hostname, we may want to change a theme (zsh themes).

Edit ~/.zshrc file

ZSH_THEME="alanpeabody"

Cyberduck for File transfer

Use Cyberduck: Transfer Files with Cyberduck on Mac OS X

Install desktop

Ref: Install VNC on Ubuntu 16.04

Install full desktop:

sudo apt-get install ubuntu-desktop gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal

Or, install desktop environments without full packages (no tools like office and browser, small size, however there exists coding problem for Chinese font):

sudo apt-get install --no-install-recommends ubuntu-desktop gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal

During the install process, you will be asked whether or not to change a system file to the new version. Type y then enter to use the updated version.

Install VNC server:

sudo apt-get install vnc4server

Exit and reconnect with command:

ssh -L 5901:127.0.0.1:5901 [email protected][IP]

start vnc server (for first time, set a password after prompt):

vncserver :1

Then connect with VNC viewer.

Ignore the “unencrypted connection” message. And a gray screen showed.

Close VNC server:

vncserver -kill :1

And edit ~/.vnc/xstartup file to add a few lines to the end:

gnome-panel &
gnome-settings-daemon &
metacity &
nautilus &

Start VNC server again and connect from client. Desktop should show.

In case that VNC viewer shows connection error: “Too many Security Failures”, restart the server:

vncserver -kill :1
vncserver :1

Install Chrome

How To Install Chrome Browser In Linux Or Ubuntu VPS

Troubleshooting

Perl locale warning

like this:

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
    LANGUAGE = (unset),
    LC_ALL = (unset),
    LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

Solution: comment out line from /etc/ssh/sshd_config:

AcceptEnv LANG LC_*

Ref: link

Leave a Reply