edit-30   Chapter:  105  

Stop Root Logins Exessive Root Login Attempts

You may get quite a surprise when you look at your /var/log/auth. log. There may be and quite often are hundreds if not thousands of attempts to log in as root. If you see this you realize the importance of a secure login. Even more important you will realize that logins should be ssh key logins only. The Chapter before this shows how to set ssh key logins ( they do not require you enter your password each time. Logins are performed by comparing keys on both machines to match. To secure this type of login ( prevent brute force logins from hackers ) is prevent logins with a password, so ONLY the ssh keys are used.

Editing ssh_config

Add the following line to the /etc/ssh/ssh_config file : PasswordAuthentication no

Example:
nano /etc/ssh/ssh_config:

#   ProxyCommand ssh -q -W %h:%p gateway. example. com
#   RekeyLimit 1G 1h
    SendEnv LANG LC_*
    HashKnownHosts yes
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials no
    PasswordAuthentication no

PasswordAuthentication no --- will not allow logging in directly ' no key set-up no login '




KEYWORDS:   Stop Root Login, Exessive Login Attempts, ssh login only, Exessive, Login Attempts



edit-29   Chapter:  104  

Access VPS Using SSH Keys Instead of Login

Using SSH keys instead of manual login

The command ssh-copy-id will upload a copy of your keys to be matched with your login


@127:~/vcn$ ssh-copy-id root@XXX. XXX. XXX. XXX
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 3 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192. 250. 236. 160's password: 

Now try logging into the machine, with:   "ssh 'root@XXX. XXX. XXX. XXX'"
and check to make sure that only the key(s) you wanted were added. 

@127:~/vcn$ ssh root@192. 250. 236. 160
Welcome to Ubuntu 14. 04. 5 LTS (GNU/Linux 2. 6. 32-042stab125. 5 i686)

 * Documentation:  https://help. ubuntu. com/
Last login: Sat Feb 17 00:12:01 2018 



KEYWORDS:   Access VPS, SSH Keys, Access VPS SSH, Keys for Login, SSH Keys for Login



edit-28   Chapter:  103  

How To Install nginx on Ubuntu 14.04

sudo apt-get update
sudo apt-get install nginx

Install firewall software:
sudo apt-get install ufw  

Reconfigure our firewall software to allow access to the port.  Nginx registers itself as a service with ufw, upon installation.  This makes it easy to allow Nginx access. 

List the configurations of the applications that ufw is aware of:

sudo ufw app list

Responded:

Available applications:
  Apache
  Apache Full
  Apache Secure
  Bind9
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  OpenSSH
  Postfix
  Postfix SMTPS
  Postfix Submission
  Samba

Start the service:
sudo service nginx start

I had conficting ports 80 was used by Apache2

SO !



Go to the /etc/nginx/sites-enabled/default file. 

Edit the file.  I put 81 as my port for nginx

    server { listen 81; }

Then start the server
sudo service nginx start

vps-ip-number:81
The page came up. 

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working.  

All was installed and working

Very easy install




KEYWORDS:   Install nginx, VPS Ubuntu 14.04, nginx Ubuntu 14.04 vps



edit-27   Chapter:  102  

Login and Setup with Terminal Commands

Now you have a password you may login to the VPS from your local computer

ssh ip-address -l root
Example:
ssh 155. 555. 555. 555 -l root

You will be asked for a password
the response will be something like this.

[root@ip-address]
if you see something similar, YOU ARE IN !
first thing set-up a user so you do not do everything as root

Set-up a User as sudo

Add User:
adduser username

Give them a Password:
passwd username

Give privileges: usermod -aG wheel username

Using Nano in Visudo instead of Vi

Just because it is more user friendly.
export VISUAL=nano; visudo
it will open a file save the control-o, then exit control-x
visudo now uses nano

Below this line:
## Allow root to run any commands anywhere
Below this line I added myself with root powers, IF I use sudo

## Allows people in group wheel to run all commands
uncomment the following line to allow the wheel group sudo commands

## Sudoers allows particular users to run various commands as
## the root user, without needing the root password. 
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups. 
##
## This file must be edited with the 'visudo' command. 

## Host Aliases
## Groups of machines.  You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead. 
# Host_Alias     FILESERVERS = fs1, fs2
# Host_Alias     MAILSERVERS = smtp, smtp2

## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem


## Command Aliases
## These are groups of related commands. . . 

## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /u$

## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb

## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bi$

## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp

## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall

## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe

# Defaults specification

#
# Refuse to run if unable to disable echo on the tty. 
#
Defaults   !visiblepw

#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files.  Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
# env_reset is disabled or HOME is present in the env_keep list. 
#
Defaults    always_set_home

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"

#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo. 
#
# Defaults   env_keep += "HOME"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems). 
## Syntax:
##
##	user    MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it. 
##
## Allow root to run any commands anywhere
root    ALL=(ALL)	ALL
jack    ALL=(ALL)	ALL
# Allows members of the 'sys' group to run networking, software,
## service management apps and more. 
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE,$

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)	ALL

## Same thing without a password
# %wheel        ALL=(ALL)	NOPASSWD: ALL

## Allows members of the users group to mount and unmount the
# %users  localhost=/sbin/shutdown -h now

## Read drop-in files from /etc/sudoers. d (the # here does not mean a comment)
#includedir /etc/sudoers. d



KEYWORDS:   using terminal, using terminal commands



edit-26   Chapter:  101  

VPScheap VPS Centos 6.9 Final GUI

I was so pleased with my VPS, I wanted another to document every move of set-up

I decided to post line for line my setup for VPScheap Centos 6. 9 Final GUI.


Starting with Pay by Paypal I will describe the setup

I just clicked pay by PayPal.

When logging into VPScheap you will enter the Client Area. There, you will see your Products/Services. The Product and description, the cost, the due date of next payment and the service status is displayed. Also on this page is a history of any tickets you have made ( Questions to Support ). Support tickets are listed on the bottom of the page. Click on the product name.

After clicking product name in the Client Area

After clicking the product name you will be taken to that specific products page. The heading on the page will be your Product and description. The following list is displayed, but with all the details of your install filled in

Details

View server details and resource usage. 
Status 	
Type 	
Nodename 	
Hostname 	
Main IP Address 
IP Addresses 	
Root Password 	
Bandwidth 	
Memory 

Notice the Root Password line. Click the pencil icon to the right of Root Password and set your password. You may also let it choose a password for you. Of course, keep track of that password.


NEXT


KEYWORDS:   VPScheap, VPS Centos, Centos 6.9, Centos GUI, VPScheap Centos 6.9 Final GUI