Initial Server Setup with Debian 11

2023-10-19 · 5 min read

PendahuluanPendahuluan

When first building a server using Debian 11, there are a few configuration steps that should be done from the start as part of the basic setup. These steps will improve the security, usability of the server and will give you a solid foundation for further action.

In this tutorial, we will learn how to setup a server from scratch with Debian 11, starting from the login process, creating a new user and setting up a basic firewall.

Step 1 - Login as RootStep 1 - Login as Root

To log in to the server, you need to know the server’s IP address and credentials. If you are using a VPS server, such as on DigitalOcean or Vultr, the authentication method is determined by yourself during the server creation process, and then you will receive the server’s IP address.

In this step, we will need to log in as root user using the following command via Terminal.

ssh root@server_ip

Enter your root password to log in, or if this is your first time logging in with a password, you may be prompted to change the root password to a new one. If you are using a password-protected SSH key, you may also be prompted to enter the password for each session.

About RootAbout Root

The root user is an administrative user in a Linux environment that has very broad access rights. Because of the higher access rights of the root account, you are not recommended to use it routinely. This root user ability can make changes that can be damaging, even accidentally.

The next step is to set up an alternate user account with reduced privileges for day-to-day server maintenance. We will explain later how to set up privileges when needed.

Step 2 - Creating a New UserStep 2 - Creating a New User

Once you are logged in as root, we will add a new user that will be used in future login sessions.

In this example, I created a new user named Fahmi. Of course, you can adjust it according to your own chosen username.

adduser fahmi

You will be asked a few questions, starting with a password for this new user. Enter a strong password and fill in additional (optional) information if required.

Next, we will give this user access rights with admin access rights.

Step 3 - Granting Administrative PrivilegesStep 3 - Granting Administrative Privileges

Now, we have a new user with regular user privileges. But sometimes we need to perform administrative processes using this user account.

To avoid logging in and out with the root user account, we can set this new user as a superuser. By adding this privilege to the new user, we can run commands with administrative privileges by inserting the word sudo before the command.

To grant this access to the new user, we will add this new user to the sudo group. By default on Debian 11, users who are members of the sudo group are allowed to use the sudo command.

In a session logged in as root, run this command to add the user to the sudo group:

usermod -aG sudo fahmi

After this, when you log in as a normal user, you can type sudo before a command to run the command with superuser privileges.

Step 4 - Setting Up a Basic FirewallStep 4 - Setting Up a Basic Firewall

Debian servers can use firewalls to ensure that only certain connections are allowed access to certain services. In this tutorial, I will install and use the UFW firewall for managing rules or rules in the firewall.

We will use the apt package manager to install UFW. First, update the local index to get the latest information about available packages, then install the UFW firewall by running the command:

apt update
apt install ufw

Firewall profiles allow UFW to manage named firewall rule sets for installed applications. Several common applications are bundled with UFW by default. One of them is OpenSSH, which is the service that allows us to connect to servers like today. To see the available application profiles, run this command:

ufw app list
Output
Available applications:
 . . .
 OpenSSH
 . . .

We need to make sure that the firewall allows SSH connections, so that we can log back in later. Allow these connections by running the following command:

ufw allow OpenSSH
ufw enable

To view the current firewall status, run the following command:

ufw status
Output
Status: active

To              Action   From
--              ------   ----
OpenSSH         ALLOW    Anywhere
OpenSSH (v6)    ALLOW    Anywhere (v6)

From now on, the firewall is active and blocks all connections except SSH. If you install a new application/service, you will need to adjust the firewall settings by adding rules to allow connections to be accepted.

Step 5 - VerificationStep 5 - Verification

Once we have a new and persistent user for day-to-day use, we need to make sure we can SSH into that account directly.

You need to verify that you can login and use sudo with the new user, I recommend staying logged in as root. This way, if you run into problems, you can troubleshoot and make changes that require root access.

You can SSH into the new user account by opening a new terminal session and SSHing in with the new username:

ssh fahmi@server_ip

After entering the password, you will be logged in as the user fahmi. Please note, if you need to run a command with administrative privileges, type sudo before the command:

sudo command_name

You will be prompted for the user password when using sudo for the first time in each session (and periodically thereafter).

To improve the security of your server, I highly recommend setting up SSH keys instead of using password authentication. In the future, I will write a tutorial on how to configure SSH key-based authentication.

Where To Go From Here?Where To Go From Here?

At this point, you have a server with a pretty solid foundation. Next, you can install whatever applications you need on the server.