Linode the Easy Way

Posted by mlechang on Tue 10 January 2017

Setting up a Linode server consists of four main steps:

  1. Create an image
  2. Boot up the server
  3. Create a non-root user
  4. Sett up ssh access from your local machine (with a shortcut)

Most of this info can be found in Linode's excellent Getting Started guide, but hey, what can I say? I like to write stuff down. This is a reference for myself and for anyone who wants to walk through the process with a normal person, rather than an official Linode guide.

Prerequisites

Before we get started, make sure you:
- Sign up for Linode if you haven't already. You can get a $20 credit with promo code PodcastInIt2017.
- Sign in to Linode.

First steps

Select the plan you want. I went with the cheapest $10/mo plan.

In the Linode Manager dashboard, click on Deploy an Image.

We are going to create an image now. You can think of it almost like you're creating the first cookie cutter that determines what "shape" of a server you want (in this case, the "shape" consists of the Linux distro, disk size, and swap disk size). Although we're only making one cookie today, you should probably choose a type of cookie that you're likely to want later on.

Choose your Linux distribution. I went with trusty old Ubuntu 14.04 and chose to set my Deployment Disk Size to half the max value. Linode says you can always revise this value later on so no worries if you change your mind later on.

Now it's time to create a root password for your Linode. Make sure it's at least 6 characters long. It should also include a mix of lowercase and uppercase letters, and/or puncutation & numbers.

Make a note of this root password; you'll need it again soon.

Click Deploy!

Once Linode is done creating the disk and filesystem, click on the Boot button (below your image) in the Dashboard section. Once that's up and running, the Server Status section on the right column of your Linode Manager will say Running.

Congrats...your Linode server is now running! Reward yourself with a cookie. I'll still be here when you get back.

SSH into your brand-new server

Click on the Remote Access tab at the top of your Linode Manager page. Copy the SSH Access command listed in the first line.

Open up your command line and paste in the ssh command you just copied:
ssh root@<IP_ADDRESS>

You'll get a message like: 

The authenticity of host '<IP_ADDRESS>' can't be established.
RSA key fingerprint is blablabla.
Are you sure you want to continue connecting (yes/no)?

Type "yes" and hit Enter.

When prompted, enter the root password you just created (right before you had that cookie).

Your Terminal prompt should now start with root@ubuntu:~#

You've successfully accessed your new Linode server!

Configuration & security stuff

Update the software

For Ubuntu, do: apt-get update && apt-get upgrade

Set your Linode server's hostname

  1. echo "<HOST_NAME>" > /etc/hostname (replacing <HOST_NAME> with your desired hostname in quotes, e.g. "silverback")
  2. hostname -F /etc/hostname

Set the timezone

dpkg-reconfigure tzdata
Select your region when prompted.
Check that it updated correctly:
root@ubuntu:~# date
Tue Jan 3 20:48:25 EST 2017

Create a non-root user

  1. Add a user, : adduser <USER_NAME>
  2. It will prompt you to create a UNIX password for <USER_NAME>. Make sure to make a note of this somewhere so you don't forget!
  3. Add to the sudo group: adduser <USER_NAME> sudo
  4. Disconnect from your server: exit
  5. Try logging in with your new user name: ssh <USER_NAME>@my.ip.address

Using ssh keys rather than passwords

  1. While logged in to your Linode server with the non-root user you created, create an ssh directory and give it permissions: mkdir -p ~/.ssh && sudo chmod -R 700 ~/.ssh/
  2. Create an authorized_keys file: touch authorized_keys
  3. Give the file permissions: chmod 600 ~/.ssh/authorized_keys
  4. Go back to your local computer's Terminal.
  5. Check for the existence of a public SSH key: ls -al ~/.ssh
  6. If you see id_rsa.pub and id_rsa listed there, you're good to go. Otherwise, you'll need to generate one: ssh-keygen -b 4096
  7. Now copy and paste that public key into your Linode server's authorized_keys file: cat ~/.ssh/id_rsa.pub | ssh <USER_NAME>@my.ip.address 'cat >> .ssh/authorized_keys'
  8. Go back to your Linode server console and check for the key in your authorized_keys file: cat ~/.ssh/authorized_keys
  9. Try disconnecting from Linode and then ssh'ing back in. You shouldn't need to enter a password anymore because it's now using the public-private key pair you just set up!

Note: If step 7 doesn't work, go into Linode's Lish console (log into Linode, navigate to Remote Access, and at the bottom, click on "Launch Lish Console." Go in your local computer's Terminal and enter the command cat ~/.ssh/id_rsa.pub. Copy the output (should end with your email user) and go back to your Lish console. In the Lish console, log into the user you want to be able to ssh into. Then open your authorized_keys file: nano ~/.ssh/authorized_keys and paste your public key at the end of the file, save, and exit. You should now be able to ssh into your Linode from that computer using this ssh key.

Create a shortcut to ssh into

You must be tired of copying and pasting your Linode's IP address by now. Let's create a shortcut on your local machine so you can ssh into your Linode more easily.

On your local machine, create a config file within your ~/.ssh directory if it doesn't exist already.

In the config file, put something like the below:

Host <DESIRED_HOST_NAME>
    HostName <LINODE_IP>
    User <USER_NAME>

Here's an example:

Host myawesomelinodeserver
    HostName 123.45.67.89
    User imthenonrootuser

Now try it out: ssh myawesomelinodeserver

You should automatically be able to connect to your Linode server, no password or IP address required! How cool is that?

More secure SSH options

While connected to your Linode server, open your /etc/ssh/sshd_config file:
sudo nano /etc/ssh/sshd_config

In the file, change PermitRootLogin and PasswordAuthentication to no.

Disable the protocol you're not using, either IPv4 of IPv6. Check which one your Internet Service Provider is using by opening a web browser on your local machine and navigating here.

My ISP only supports IPv4 so I'm going with AddressFamily inet. If you support IPv6 and only want to listen over IPv6, replace that part with AddressFamily inet6.

echo 'AddressFamily inet' | sudo tee -a /etc/ssh/sshd_config

This should add AddressFamily inet as the last line in your sshd_config file.

To make these changes take effect, restart the ssh service on your Linode server. For mine (Ubuntu 14.04) I had to issue the following command: sudo service ssh restart

Install Fail2Ban

Switch to root user: sudo su
Update your system: apt-get update && apt-get upgrade -y
Install Fail2Ban: apt-get install fail2ban
Go to the config file: cd /etc/fail2ban

Connect a domain name

Time to connect your domain to your Linode server. I bought a Namecheap domain, so that's what I'm going to . In Namecheap, go to your domain > Manage. In the Nameservers section, add in these five:

ns1.linode.com  
ns2.linode.com  
ns3.linode.com  
ns4.linode.com  
ns5.linode.com

In Linode, go to DNS manager and then add a Domain Zone. Add your email under SOA email. Within a few hours, you should be able to see that your Namecheap domain maps to your Linode IP.

This seems like a good stopping point for now. More to come soon!

Resources:
Linode's official Getting Started guide.
Linode's guide to securing your server.
A useful guide to SSH keys and host names.
Linode DNS manager guide