First generate an SSH key on your local machine. You can do this by running the following command:
Following through you will have two files, id_rsa
and id_rsa.pub
. The id_rsa
file is your private key and should
be kept secure. The id_rsa.pub
file is your public key and can be shared with anyone.
It might be worth learning how SSH keys works because you will run into them not only here but many other places and services, Dealing with private github repos, using Github actions and more.
So now, you could copy the contents in the public key and then login into a cloud server. After the login You should create a new user. This is because you should not be using the root login for security reasons.
Write any name you want (something you would remmember obviously)
After creating the user, you should add the user to the sudo group. This will allow the user to run commands as root.
Now before switching to the new user, you should copy the public key to the new user’s home directory. You can do this by running the following command:
onetimeusername should be replaced with the username you created
Paste the contents of the public key file into the authorized_keys
file. Save and exit the file.
Now you can re-login into the server using the new user you created. You can do this by running the following command:
If you have another key you can specify it with the
-i
flag That is incase the key does not have the default nameid_rsa
You should now be logged in as the new user. You can now disable root login and password login. You can do this by running the following command:
Find the line that says PermitRootLogin yes
and change it to PermitRootLogin no
.
Find the line that says PasswordAuthentication yes
and change it to PasswordAuthentication no
.
Save and exit the file. You can now restart the SSH service by running the following command:
If this does not work, replace
sshd
withssh
Now you should setup a firewall. You can do this by running the following commands:
You can check the status of the firewall by running the following command:
You should now have a very basic cloud server setup. From here everything else is very specefic for the use case of the server.
Don’t let anyone tell you that it’s too hard or too scary to run a server on the internet. It’s never been easier or safer. You don’t need a vendor.
DHH - Creator of Ruby on Rails
Do this couple of times and you will be able to do this under 5 minutes per new server.