In my opinion, the first and most important hurdle that should be overcome is logging in by SSH. Resolving kernel, mounting, networking, etc. issues to bring a box live is fun enough, and I always have a sigh of relief when I get my first successful ssh prompt.
Now that the "hard" part is done I'll share my first steps from that ssh prompt and would like to see what you all think.
Now that the "hard" part is done I'll share my first steps from that ssh prompt and would like to see what you all think.
- Make sure vim, not basic vi is installed. I even go so far as to set up vi mode for bash. https://sanctum.geek.nz/arabesque/vi-mode-in-bash/. I know #2 may be more important, but the task of doing 2 without 1 drives me bonkers.
- Configure ssh to use private/public shared keys. https://help.ubuntu.com/community/SSH/OpenSSH/Keys. I up the RSA key length to 4096. This is where I hold my breath. Then I turn off the authentication by passphrase. If I can continue to log in I start breathing again. By reviewing the logs on my home server, 99.999% of the ssh hack attempts try to leverage default user/passphrase vulnerabilities. By turning off the passphrase altogether solves the vast majority of hack attempts.
- Install tmux. I used to use screen, but I gave tmux a try and I love it now. I configure multiple sessions based on the work I'm doing, and have multiple windows in each session. I never 'exit' out, I just log off. When I log back in I am looking at the exact screen I logged off to. This also is immensely useful when you start a task that runs a while and you need to log off the server. By logging out of tmux, it doesn't kill your task.