Security
Change password
The first thing you login into your VPS using root is to change your root password your VPS provider gave. Run the passwd
to change your root password.
After you run this command, your terminal will prompt you to input new password. So just type your new password twice. Linux will check your new password to prevent simple password or short password. So don’t use any exist words or any password only contains number.
Create a new User
One of the most important security thing is try your best not to login to your VPS using root account. A better way is to create a new user account and do anything you like as this new user.
Following command is to create a new user and set a password for this user. Please replace einverne
as your own name.
# create a new user called einverne
adduser einverne
# set password for user einverne
passwd einverne
After you create a new user account successfully, we give the new user root privileges. Someone may be curious about why we create a new user and grant root privileges, so why don’t we just use root account. There are two points. One is that this can prevent user making system-destroying mistakes, second is that all command run by sudo
will have a record in /var/log/secure
which can be reviewed later if needed.
Run visudo
command to enter sudo config file. Find a section called user privilege specification. And add a new line under this section like this:
# User privilege specification
root ALL=(ALL) ALL
# new add
einverne ALL=(ALL) ALL
ssh configuration
Now it’s time to make the server more secure. You can set the ssh configuration to permit root login. But before doing this config, please make sure to have a new account have the root privileges.
Edit ssh config file:
sudo vim /etc/ssh/sshd_config
Then change follow line:
Port 22
PermitRootLogin no
Port means the ssh port you can connect, you can set any number between 1025 and 65535. PermitRootLogin means you can disallow root login, if you set to no.
Finally, add AllowUsers einverne
at the bottom of the sshd_config file.
Then reload the config file to make ssh work.
service ssh reload
To test the new ssh config, do not logout of root. Open a new terminal and login with your new account like:
ssh -p port einverne@server.address
After you set up server ssh, you can generate SSH key at local computer and use SSH key to connect to server rather than using password. Generating a key at local computer:
ssh-keygen
follow the instruction of this command, for example you name it vps , just enter to skip password of key, and you will get two files under ~/.ssh/
, vps is your private key, keep it safe. And vps.pub is the public key. And Now use ssh-copy-id
to copy public key to server.
ssh-copy-id user@server.address
Then type the password. And it will be the last time to type your password to connect to server. If your computer don’t have the command ssh-copy-id
, you have to copy the public key to server ~/.ssh/authorized_keys
manually.
scp ~/.ssh/name.pub user@server:~/.ssh/
Then copy the file content to authorized_keys
file.
cat name.pub >> authorized_keys
Finally to check the permission of the folder .ssh
and file authorized_keys
drwx------ 2 einverne einverne 4096 Apr 19 21:25 .ssh
-rw------- 1 einverne einverne 744 Apr 19 21:14 authorized_keys
and if not:
chmod 700 ~/.ssh/
chmod 600 authorized_keys
setup alias
Add alias to .bashrc
or .zshrc
file.
alias vps = "ssh username@server -p port"
Then next time, you can just type vps
to connect to server.
ssh config
There are two config file to setup ssh. One is system wide configuration file which can be found /etc/ssh/ssh_config
. And another is per-user configuration file which is located under user home directory ~/.ssh/config
. Most time we only care about user config.
Try to set up:
Host ds #this can be anything just a alias
HostName server
Port 22
User username
Then we can use ssh ds
to connect to server. If you have multi config just add to following like:
Host ds
HostName server
Port 22
User einverne
Host github
HostName github.com
Port 22
User einverne
IdentityFile ~/.ssh/private_key_name
After all this, you can type following command to have a try:
scp filename ds:~/filename # copy file to server
ssh ds "ls ~" # list server files
setup hostname
hostnamectl set-hostname example_hostname
setup timezone
dpkg-reconfigure tzdata
Test VPS
Processor test
There are a serveral things need to check. The first thing is to test CPU, menory and hard drive.
cat /proc/cpuinfo
cat /proc/meminfo
df -lh
Network test
You can use this solution to solve the problem. Or there are some download test file.
Install speedtest package:
pip install speedtest-cli
or
easy_install speedtest-cli
Usage:
$ speedtest-cli -h
usage: speedtest-cli [-h] [--bytes] [--share] [--simple] [--list]
[--server SERVER] [--mini MINI] [--source SOURCE]
[--timeout TIMEOUT] [--secure] [--version]
Command line interface for testing internet bandwidth using speedtest.net.
--------------------------------------------------------------------------
https://github.com/sivel/speedtest-cli
optional arguments:
-h, --help show this help message and exit
--bytes Display values in bytes instead of bits. Does not affect
the image generated by --share
--share Generate and provide a URL to the speedtest.net share
results image
--simple Suppress verbose output, only show basic information
--list Display a list of speedtest.net servers sorted by
distance
--server SERVER Specify a server ID to test against
--mini MINI URL of the Speedtest Mini server
--source SOURCE Source IP address to bind to
--timeout TIMEOUT HTTP timeout in seconds. Default 10
--secure Use HTTPS instead of HTTP when communicating with
speedtest.net operated servers
--version Show the version number and exit
一些机房100M测速下载文件地址,用于测速之用
description: VPS的网络性能,主要分出口和入口二个指标,入口可以用wget文件得到。 看下载速度,如果是11M/s,大概就是百兆口,70M/S,大概就是G口。 您的VPS搭建好网站环境后,可以用其它的VPS去拽这个文件,得到出口的带宽。
Directspace机房/10M.100M测试包 Portland
wget http://bandwidth.directspace.net/10MBtest.zip
wget http://bandwidth.directspace.net/100MBtest.zip
I/O test
The speed of read and write of your hard drive.
dd if=/dev/zero of=test bs=64k count=4k oflag=dsync
dd if=/dev/zero of=test bs=8k count=256k conv=fdatasync
shadowsocks
sock5 proxy.
-
first install pip
yum update && yum install python-setuptools easy_install pip
or use command
yum -y install python-pip
to install pip -
install shadowsocks using pip
pip install shadowsocks
just run this command
-
create json config file
vim /etc/shadowsocks.json
edit file as follow:
{ "server":"[ip]", "server_port":[port], "local_port":[port], "password":"[password]", "timeout":600, "method":"AES-256-CFB" }
Explanation of each field:
- server: your hostname or server IP (IPv4/IPv6). - server_port: server port number. - local_port: local port number. - password: a password used to encrypt transfer. - timeout: connections timeout in seconds. - method: encryption method, "bf-cfb", "aes-256-cfb", "des-cfb", "rc4", etc. Default is table, which is not secure. "aes-256-cfb" is recommended.
-
start server
ssserver -c [json_path] -d start
start service
lnmp
Second thing is to install lnmp, if you want to host a website on your VPS. You can use screen to install lnmp.
Screen can prevent network connection error during the lnmp installation. You can find more details on the lnmp official site
- install screen
- run this command:
screen -S lamp
to create a screen session - download packages
wget -c http://soft.vpser.net/lnmp/lnmp1.1-full.tar.gz
- uncompress the package
tar zxf lnmp1.1-full.tar.gz
- enter directory:
cd lnmp1.1-full/
- install lnmp
If you are using Centos run
./centos.sh
, If you are using Debian run./debian.sh
, If you are using Ubuntu run `./ubuntu.sh
If you’re ssh connection suddenly failed, you can connect to your server. Then run command screen -r lnmp
to restore your lnmp installation.
From:http://www.vpser.net/manage/run-screen-lnmp.html
After installation, you will see some short instructions.
lnmp status manage: /root/lnmp {start|stop|reload|restart|kill|status}
default mysql root password:12345678
phpinfo : http://yourIP/phpinfo.php
phpMyAdmin : http://yourIP/phpmyadmin/
Prober : http://yourIP/p.php
Add VirtualHost : /root/vhost.sh
The path of some dirs:
mysql dir: /usr/local/mysql
php dir: /usr/local/php
nginx dir: /usr/local/nginx
web dir : /home/wwwroot/default
LNMP is a tool to auto-compile & install Nginx+MySQL+PHP on Linux
This script is a tool to Manage status of lnmp
For more information please visit http://www.lnmp.org
Usage: /root/lnmp {start|stop|reload|restart|kill|status}