mirror of
https://github.com/IT4Change/gradido.git
synced 2025-12-13 07:45:54 +00:00
setup.md describing how to setup a bare debian host
This commit is contained in:
parent
166469efde
commit
b9d9bb5935
GPG Key ID:
DA6B843E748679C9
73
deployment/bare_metal/setup.md
Normal file
73
deployment/bare_metal/setup.md
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
# Setup script to setup the server be ready to run gradido
|
||||||
|
# This assums you have root access via ssh to your cleanly setup server
|
||||||
|
# Furthermore this assums you have debian (10 64bit) running
|
||||||
|
|
||||||
|
> ssh root@gddhost.tld
|
||||||
|
|
||||||
|
# Create user `gradido`
|
||||||
|
> useradd -d /home/gradido -m gradido
|
||||||
|
> passwd gradido
|
||||||
|
>> enter new
|
||||||
|
|
||||||
|
# Gives the user priviledges - this might be omitted in order to harden security
|
||||||
|
> usermod -a -G sudo gradido
|
||||||
|
|
||||||
|
# switch to the new user
|
||||||
|
> su gradido
|
||||||
|
|
||||||
|
# Register first ssh key for user `gradido`
|
||||||
|
> mkdir ~/.ssh
|
||||||
|
> chmod 700 ~/.ssh
|
||||||
|
> vim ~/.ssh/authorized_keys
|
||||||
|
>> press i
|
||||||
|
>> insert public key
|
||||||
|
>> press esc
|
||||||
|
>> write :wq
|
||||||
|
>> press enter
|
||||||
|
|
||||||
|
# Test authentication via SSH
|
||||||
|
> ssh -i /path/to/privKey gradido@gddhost.tld
|
||||||
|
>> This should log you in and allow you to use sudo commands, which will require the user's password
|
||||||
|
|
||||||
|
# Disable password authentication & root login
|
||||||
|
> cd /etc/ssh
|
||||||
|
> sudo cp sshd_config sshd_config.org
|
||||||
|
> sudo vim sshd_config
|
||||||
|
>> press i
|
||||||
|
>> change `PermitRootLogin yes` to `PermitRootLogin no`
|
||||||
|
>> change `#PasswordAuthentication yes` to `PasswordAuthentication no`
|
||||||
|
>> change `UsePAM yes` to `UsePAM no`
|
||||||
|
>> press esc
|
||||||
|
>> write :wq
|
||||||
|
>> press enter
|
||||||
|
> sudo /etc/init.d/ssh restart
|
||||||
|
|
||||||
|
# Test SSH Access only, no root ssh access
|
||||||
|
> ssh gradido@gddhost.tld
|
||||||
|
>> Will result in in either a password request for your key or the message `Permission denied (publickey)`
|
||||||
|
> ssh -i /path/to/privKey root@gddhost.tld
|
||||||
|
>> Will result in `Permission denied (publickey)`
|
||||||
|
> ssh -i /path/to/privKey gradido@gddhost.tld
|
||||||
|
>> Will succeed after entering the correct keys password (if any)
|
||||||
|
|
||||||
|
# update system
|
||||||
|
> sudo apt-get update
|
||||||
|
> sudo apt-get upgrade
|
||||||
|
|
||||||
|
# Install security tools
|
||||||
|
## UFW
|
||||||
|
> sudo apt-get install ufw
|
||||||
|
> sudo ufw allow http
|
||||||
|
> sudo ufw allow https
|
||||||
|
> sudo ufw allow ssh
|
||||||
|
> sudo ufw enable
|
||||||
|
|
||||||
|
## fail2ban
|
||||||
|
> sudo apt-get install fail2ban
|
||||||
|
> sudo /etc/init.d/fail2ban restart
|
||||||
|
|
||||||
|
# Install gradido
|
||||||
|
> sudo apt-get install git
|
||||||
|
> git clone https://github.com/gradido/gradido.git
|
||||||
|
> cd gradido/deployment/bare_metal
|
||||||
|
> ./install.sh
|
||||||
Loading…
x
Reference in New Issue
Block a user