server

Setup SSH connection

To access your server’s console, you will need to open an SSH tunnel connection. It’s a secure connection that will encrypt the dialogue between your computer and your server. For this, you must have an SSH client on your local computer and configure the SSH service on your server. Summary of the tutorial 1. First connection 2. Securing the server 2.1 Add user 2.2 Change SSH port 2.3 Create a public/private key (client side) 2.4 Key authentication (server side) 1. First connection Linux / MacOS Windows Just open a terminal Simultaneously click on keys windows + r Enter cmd in the field of the window that appears at the bottom left of your screen then click OK > ssh root@server_ip The following message is displayed : The authenticity of host '138.68.87.113 (138.68.87.113)' can't be established. ECDSA key fingerprint is SHA256:RBuop6/a8DrySzRx+XSw2uhY38DKkmlrjfMY+55iGAo. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes answer yes Warning: Permanently added '138.68.87.113' (ECDSA) to the list of known hosts. The terminal now prompts you for the root password root@138.68.87.113's password: Enter the password then confirm by pressing the enter key. You are now connected to the terminal of your remote server! root@v2202206177897232182:~# 2. Securing the server We will now add some additional securities to your SSH connection. 2.1 Add user The first thing to do is to reduce the execution rights of your login user. The root user has full control over the system and it can be dangerous if it falls into the wrong hands or if you do something wrong by mistake. We are therefore going to create a new user dedicated to this connection. Log in as root to your server and enter the following commands : > adduser --gecos "" maintainer The --gecos option will not display questions relating to the identity of the new user (Last name, First name, Telephone number, …) Adding user `maintainer' ... Adding new group `maintainer' (1000) ... Adding new user `maintainer' (1000) with group `maintainer' ... Creating home directory `/home/maintainer' ... Copying files from `/etc/skel' ... New password: Retype new password: passwd: password updated successfully Choose your password then confirm with the enter key. Let’s add the newly created user to the “sudoers” group to raise its execution level > usermod -aG sudo maintainer You can now log in as user maintainer ! 2.2 Change SSH port For this we will edit the configuration file of the SSH service Connect as user maintainer to your server and enter the following commands : > sudo nano /etc/ssh/sshd_config Replace line #Port 22 by (or any other available port of your choice) Port 22123 To save with nano: Ctrl+x and validate with the y key then the enter key To apply the modification : > sudo systemctl restart ssh In the future to connect to the server you will have to enter from your local terminal : > ssh maintainer@server_ip -p 22123 2.3 Create a public/private key (client side) To secure our SSH connection a little more, we are now going to create a public/private key pair to encrypt our exchanges with the server. Linux / MacOS Windows Just open a terminal Simultaneously click on the windows + r key Enter powershell in the field of the window that appears at the bottom left of your screen then click OK In the terminal that appears > start-process PowerShell -verb runas this will launch a new shell in admin mode Enter the following command to enable the SSH service on your machine > Get-Service -Name sshd | Set-Service -StartupType Automatic then the command > Start-Service sshd We will create a pair of public key / private key > ssh-keygen -t RSA -C "tuto@bitgen.com" You can press enter to accept the default or specify a path and/or filename where you would like your keys to be generated. The passphrase is optional Generating public/private RSA key pair. Enter file in which to save the key (C:\Users\hlavi/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in id_rsa. Your public key has been saved in id_rsa.pub. The key fingerprint is: SHA256:mvNMWgMO+QbD9GTQuSjD556wYK63kwMp3nyZzRVftGU tuto@bitgen.com The key's randomart image is: +---[RSA 3072]----+ | .. . | | .o . E | | . ..o. . + | | +oo=. . o | | . =* o S o . | |=.. .* + . . | |=oo= .% = | | o*oo= X . | |o..+. . o | +----[SHA256]-----+ Then, we need to copy the public key to the server. Let’s create the /home/maintainer/.ssh folder for the maintainer user on the server : > ssh maintainer@server_ip -p 22123 mkdir /home/maintainer/.ssh Enter the password to validate the creation of the file Linux / MacOS Windows > ssh-copy-id -p 22123 -i ~/.ssh/id_rsa.pub maintainer@server_ip Always in the PowerShell console Let’s copy the key in the directory just created > scp -P 22123 C:\Users\your_windows_user/.ssh/id_rsa.pub maintainer@server_ip:/home/maintainer/.ssh/authorized_keys Enter the password to validate the copy of the file 2.4 Key authentication (server side) Now that we have created a new user, changed the connection port of our SSH service and transferred the public key from our local computeur to the server, we will prohibit the direct connection by password as well as the user root and rather prefer an authentication key. Edit the SSH service configuration file > sudo nano /etc/ssh/sshd_config replace line PermitRootLogin yes by PermitRootLogin no then replace line PasswordAuthentication yes by PasswordAuthentication no and finally, uncomment the line #PubkeyAuthentication yes by PubkeyAuthentication yes To save with nano: Ctrl+x and validate with the y key then the enter key Then validate the configuration by restarting the SSH service > sudo systemctl restart ssh You can now log in without a password, directly from your SSH key !

Read more

Install & setup a firewall

This document will help you install and configure a UFW firewall to secure incoming connections to your server. We will detail here the basics to customize over the tutorials available on this blog. Sommaire du tutoriel 0. Prerequisite 1. Installation 2. Configuration Prerequisite Before starting this tutorial, please carefully read the following prerequisites : Setup SSH connection 1. Installation Connect in SSH to the server. Then let’s start by updating our server : > sudo apt-get -y update && sudo apt-get -y upgrade && sudo apt-get autoremove Then install the UFW firewall package : > sudo apt install -y ufw 2. Configuration In our base configuration, we will disallow all incoming connections > sudo ufw default deny incoming Then we will only allow connections to the SSH port (here port 22123) > sudo ufw allow 22123/tcp To validate the configuration run the command : > sudo ufw enable To check the status of your firewall : > sudo ufw status verbose If all went well, this last command should print : Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22123/tcp ALLOW IN Anywhere 22123/tcp (v6) ALLOW IN Anywhere (v6)

Read more

Install Docker

This document will help you to install and configure Docker. Docker is a platform that lets you design, test, and deploy applications quickly. Docker integrates software into standardized units called containers, which bring together all the elements necessary for their operation, including libraries, system tools, code and runtime environment. It will help you to deploy your masternodes more simply and quickly using BITGEN code repositories. Sommaire du tutoriel 0. Prerequisite 1. Preparing the package manager 2. Docker Engine installation 3. Docker Compose installation Prerequisite Before starting this tutorial, please carefully read the following prerequisites : Setup SSH connection 1. Preparing the package manager Connect in SSH to the server. Then let’s start by updating our server : > sudo apt-get -y update && sudo apt-get -y upgrade && sudo apt-get autoremove Then let’s configure the package manager to fetch Docker properly : > sudo apt-get -y install ca-certificates curl gnupg lsb-release > sudo mkdir -p /etc/apt/keyrings && curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg && sudo chmod a+r /etc/apt/keyrings/docker.gpg > echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null 2. Docker Engine installation > sudo apt-get -y update && sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-compose-plugin To verify the installation : > docker --version Docker version 20.10.17, build 100c701

Read more

Install & setup GIT

This document will help you to install and configure the GIT code version manager. It will help you to deploy your masternodes more easily and quickly using BITGEN code repositories. Summary of the tutorial 0. Prerequisite 2. Installation 3. Configuration Prerequisite Before starting this tutorial, please carefully read the following prerequisites : Setup SSH connection 1. Installation Connect in SSH to the server. Then let’s start by updating our server : > sudo apt-get -y update && sudo apt-get -y upgrade && sudo apt-get autoremove Then install the necessary package for GIT : > sudo apt-get -y install git 2. Configuration The following commands will inform GIT about the user who will manage the code repositories > git config --global user.name "Maintainer BITGEN" > git config --global user.email tuto@bitgen.com

Read more