Post

Simple Guide for Ubuntu/Debian Configuration

Posted Updated
Preview Image
By Kuibin Lin
views 1 min read
Simple Guide for Ubuntu/Debian Configuration

Simple Guide for Ubuntu/Debian Configuration

  1. Set up Firewall
    1
2
3
4
5

    sudo apt update
sudo apt install wget -y
wget https://raw.githubusercontent.com/linsnotes/iptables-setup/main/configure-iptables.sh
chmod +x configure-iptables.sh
sudo ./configure-iptables.sh
  2. Generate SSH Key on Client Machine
    1
2

    ssh-keygen -t rsa -b 4096 -C "comments"
# Copy the Public Key to the Remote Server
  3. Configure sshd
    1
2
3
4
5
6
7
8

    sudo nano /etc/ssh/sshd_config.d/mysshd.conf
# Add or modify configurations as needed, then restart SSH service
#PermitRootLogin no
#PasswordAuthentication no
#KbdInteractiveAuthentication yes
#UsePAM yes
#Banner /etc/ssh/sshd_config.d/banner.txt
#AuthenticationMethods publickey,keyboard-interactive

    1
2
3
4
5
6
7
8
9
10
11
12
13

    sudo nano /etc/ssh/sshd_config.d/banner.txt

# copy and paste the following
*****************************************************************************
   
                             WARNING NOTICE
   
 You are accessing a secure system. This system is for the use of authorized
 users only. All connections are logged and monitored. Any unauthorized
 access or misuse of this system will be prosecuted to the fullest extent
 of the law. If you are not an authorized user, disconnect now.
    
 *****************************************************************************
  4. Run SSH Login Alert Script
    1
2
3

    wget https://raw.githubusercontent.com/linsnotes/ssh-login-alert/main/ssh-login-alert.sh
chmod +x ssh-login-alert.sh
sudo ./ssh-login-alert.sh
  5. Set Up 2FA
    1
2
3
4
5
6

    sudo apt install libpam-google-authenticator
google-authenticator
sudo nano /etc/pam.d/sshd
# Comment: # @include common-auth
# Add: auth required pam_google_authenticator.so
sudo systemctl restart ssh
  6. Run the WireGuard Script
    1
2
3

    wget https://raw.githubusercontent.com/linsnotes/wireguard-vpn-server-script/main/wgvpn.sh
chmod +x wgvpn.sh
sudo ./wgvpn.sh add <client_name>
  7. Create Aliases
    1
2
3
4

    sudo nano /etc/profile.d/myaliases.sh
# Add aliases, make script executable
sudo chmod +x /etc/profile.d/myaliases.sh
source /etc/profile.d/myaliases.sh

Conclusion

These simplified steps cover the essential configurations for setting up a firewall, SSH key, SSH daemon, SSH login alerts, 2FA, WireGuard VPN, and custom aliases on Ubuntu/Debian.

linux
linux ubuntu debian
This post is licensed under CC BY 4.0 by the author.