First lesson learned about Digital Ocean; for temporary Droplets using public / private key authentication in SSH for ‘root’ login is not worth it! In fact its a real PITA! But as turning off root access by SSH is strongly recommended there’s really no point anyway. Better to do steps 2 to 7 as a matter of routine.
Once I know that I will keep a Droplet longer term then I will set up an RSA key to authenticate to it using my ‘normal’ account, at least from Braeburn, using the method of configuring public / private key authentication here by running the command ssh-copy-id {remote_host}
to install the local machine public key on the remote server.
My build method basically follows this page and this page.
- Select the lowest configuration option, nearest available datacentre (London or Amsterdam) and Debian 7.0 x32 as the O/S giving it an appropriate hostname. The root password is emailed, which for a temporary Droplet is fine.
- Log in using SSH and use
passwd
to immediately change the root password to the usual long Rob Roy - Add
garrathe
as a normal user by runningadduser
- Configure
garrathe
as a sudo capable user following the above build page and runningvisudo
and adding the line:
garrathe ALL=(ALL:ALL) ALL
in the section
# User privilege specification
root ALL=(ALL:ALL) ALL
- Log out the root account and log in as me
- To make the server more secure open the configuration file
sudo nano /etc/ssh/sshd_config
Find the following sections and change the information where applicable:
(use a memorable date e.g. birthday or wedding anniversary
Port yyyymmdd)
(changing this from
Protocol 2
PermitRootLogin noyes
tono
prevents future root login)
Add these lines to the bottom of the document. AllowUsers will limit login to only the users on that line.
(at this time I’m not sure what this line does?)
UseDNS no
AllowUsers garrathe
- Patch using
sudo apt-get update
to freshen the database of ‘stuff’ followed by ansudo apt-get upgrade
to get things patched up to date. - Confirm the name of the packages using
apt-cache search {package name}
. - Install the AMP using
sudo apt-get install apache2 mysql-server php-pear php5-mysql php5 libapache2-mod-php5
.
Info: The last one might be installed by one of the preceding ones and so may be redundante, update when sure. - Confirm that Apache is working by
http://{IP address}
. - Enter
mysql -p
in the shell to confirm MySQL is working. - To check whether php is installed and running properly, use
sudo nano /var/www/test.php
to create a test.php in the/var/www
folder with the phpinfo() function exactly as shown:
# test.php
Point a browser tohttp://ip.address/test.php
and this should show all your php configuration and default settings. - Optional: To install phpMyAdmin just execute
sudo apt-get install phpmyadmin
.
DebLAMP Built On Digital Ocean Droplet
With the exception of the
UseDNS no
that I added but commented out until I know what it really does this works a charm!So shutdown the server with
sudo shutdown -hP now
and take a snapshot. 1 cent well spent!Use DNS Directive in sshd_config
So now I’ve found out this This directive tells sshd process to check resolved host name for the connected client’s ip address maps back to the very same ip address or not. and that tells me that ssh is double-checking that the connecting host is not being spoofed. Sounds like a good idea to me, so its staying commented out for now. (Which leaves it at the default state of
UseDNS yes
rather than explicit yes or no.)