First lesson learned about Digital Ocean; for temporary Droplets using public / private key authentication in SSH for ‘root’ login is not worth it! In fact its a real PITA! But as turning off root access by SSH is strongly recommended there’s really no point anyway. Better to do steps 2 to 7 as a matter of routine.
Once I know that I will keep a Droplet longer term then I will set up an RSA key to authenticate to it using my ‘normal’ account, at least from Braeburn, using the method of configuring public / private key authentication here by running the command ssh-copy-id {remote_host}
to install the local machine public key on the remote server.
My build method basically follows this page and this page.
- Select the lowest configuration option, nearest available datacentre (London or Amsterdam) and Debian 7.0 x32 as the O/S giving it an appropriate hostname. The root password is emailed, which for a temporary Droplet is fine.
- Log in using SSH and use
passwd
to immediately change the root password to the usual long Rob Roy
- Add
garrathe
as a normal user by running adduser
- Configure
garrathe
as a sudo capable user following the above build page and running visudo
and adding the line:
garrathe ALL=(ALL:ALL) ALL
in the section
# User privilege specification
root ALL=(ALL:ALL) ALL
- Log out the root account and log in as me
- To make the server more secure open the configuration file
sudo nano /etc/ssh/sshd_config
Find the following sections and change the information where applicable:
Port yyyymmdd
(use a memorable date e.g. birthday or wedding anniversary)
Protocol 2
PermitRootLogin no
(changing this from yes
to no
prevents future root login)
Add these lines to the bottom of the document. AllowUsers will limit login to only the users on that line.
UseDNS no
(at this time I’m not sure what this line does?)
AllowUsers garrathe
- Patch using
sudo apt-get update
to freshen the database of ‘stuff’ followed by an sudo apt-get upgrade
to get things patched up to date.
- Confirm the name of the packages using
apt-cache search {package name}
.
- Install the AMP using
sudo apt-get install apache2 mysql-server php-pear php5-mysql php5 libapache2-mod-php5
.
Info: The last one might be installed by one of the preceding ones and so may be redundante, update when sure.
- Confirm that Apache is working by
http://{IP address}
.
- Enter
mysql -p
in the shell to confirm MySQL is working.
- To check whether php is installed and running properly, use
sudo nano /var/www/test.php
to create a test.php in the /var/www
folder with the phpinfo() function exactly as shown:
# test.php
Point a browser to http://ip.address/test.php
and this should show all your php configuration and default settings.
- Optional: To install phpMyAdmin just execute
sudo apt-get install phpmyadmin
.