Secure SSH on your VPS, Update the OS, and Install CyberPanel: Part 2 of 4
ฝัง
- เผยแพร่เมื่อ 23 ก.ค. 2024
- If you have ever wanted to host your own websites and e-mail, but didn't want to pay for alternative hosting control panels such as CPanel or Plesk, then learn how to get started with CyberPanel in this 4-part series. CyberPanel is a free Hosting Management Panel that you install on your own server. This can be your own home server, dedicated hosted server, or a virtual private server (VPS). CyberPanel makes it easy to setup the proper DNS records (MX/SPF/DKIM) to help reduce the possibility of your outbound mail landing in your recipients spam. It also provides free SSL Certificates via LetsEncrypt. Those certificates secure your website, CyberPanel admin page, and your e-mail server (SSL/TLS/STARTTLS) .
Please note all non-English Subtitles are auto-translated.
What can you do with CyberPanel and this series of tutorial videos?
- Self Host your own free secure email server - SMTP/IMAP/POP3 - Secured with TLS
- Easily install a high performance web server for Wordpress
- Host multiple domains, subdomains, websites
This video is part 2 of 4, and covers the following topics:
00:00 - Intro
0:24 - SSH Access to VPS
1:33 - Create a non-root user
2:00 - Grant user sudo access
2:54 - Add SSH Pub key for passwordless SSH access
3:52 - Confirm SSH and sudo access of non-root user
6:59 - Configure SSH Server to not permit root or password based logins
9:29 - Confirm root cannot login
10:05 - Update apt repo and upgrade packages on OS
13:00 - Confirm “sed” is accessible as /usr/bin/sed
15:28 - Install CyberPanel
20:15 - Reboot and Login to the CyberPanel UI
Blog Post: dimensionquest.net/2022/01/cy...
This video was NOT sponsored by any vendor. Any paid products/services shown were paid for out of my own pocket.
If you wish to support this channel:
Feel free to tip me here ko-fi.com/DimensionQuest
The following are PAID affiliate links. Any revenue generated via the links below will help pay for systems and services used in the hosting and production of my content:
- - -
RackNerd VPS: bit.ly/dqRackNerd
Domain Registration, CPanel Shared Hosting, VPS, SSL via NameCheap: bit.ly/dqNameCheap
== My Gear - #AD Amazon Links:
As an Amazon Associate, I earn from qualifying purchases.
USB Capture Device: amzn.to/3NFvdpR
Standing Desk: amzn.to/3hBXFJG
34in Monitor: amzn.to/3HBCwKj
Thunderbolt 3 Dock: amzn.to/36W7YXb
== Workstation Build:
Full Tower Case: amzn.to/3vqJtKM
MB: amzn.to/3WSpNuY
CPU: amzn.to/3jCvij4
Cooler: amzn.to/3i1gyJW
Memory: amzn.to/3WQtBg5 (X2 for 128GB)
GPU: amzn.to/3G2f5v8
PSU: amzn.to/3PY54nf
Cache (nvme): amzn.to/3vn1qd2
OS (nvme): amzn.to/3vnDUwr
Data (SSD): amzn.to/3C9Ae5e (X2)
Keyboard: amzn.to/347VfPA
Mouse: amzn.to/3C8KzgH
Microphone: amzn.to/3JD4Myv - แนวปฏิบัติและการใช้ชีวิต
Great Tutorial, easy to follow enjoying watching.
Thanks for watching and taking the time to comment!
8:06min instead of editing this file via command, because you have cyberpanel installed, just use the security section and under the tab secure ssh, you can upload your private pub keys under the tab ssh keys, and disable the root user and change the default ssh port.
Thanks for adding that comment :) I’m sure it may help others.
One thing I've noted. Adding keys via Cyberpanel GUI is OK. though deleting keys from the GUI does not delete redundant keys from the file, it only deletes them from the GUI.
Thanks for the videos :) They are awesome. I've subscribed. When I get to the stage of checking the sudoers.d directory using the command "ls -ahl /etc/sudoers.d" it say's "ls: cannot open directory '/etc/sudoers.d': Permission denied" If I type "sudo ls -ahl /etc/sudoers.d" then I get the same as you and it shows my file in there. Why can't I access it like you without the "sudo" prefixed? Thanks Michael
First off, thanks for watching AND subscribing :)
Interesting, I had to re-watch the video for this one... I just tried the same thing here on my Fedora workstation and had the same result as you... when I check the directory permissions for /etc/sudoers.d on Fedora, it shows 750, but on my Ubuntu systems it shows 755, which means anyone can list the directory...
Now the question for you: Which OS are you doing this on?? What are the permissions on /etc/sudoers.d
@@DimensionQuest Thanks for replying. I'm on ubuntu 22.04 and I've just run the command ls -ld /etc/sudoers.d which I think shows you the directory permissions its drwxr-x--- which i believe is 755 (google helped me there lol) I'm very new to linux and so GUI lol but I'm enjoying learning and your videos assist me greatly 👍
what terminal are you using? I quite like it lol
Thanks! It took me a moment to confirm since I vary between recording from my Macs and various distributions of Linux. This specific video was recorded from a Linux Mint system running Terminator for the terminal, with ZSH set as my shell and the prompt is thanks to Oh-my-zsh + PowerLevel10k Prompt. I always install Terminator on my Linux systems because I don't want to have to remember all the key combinations for TMUX to split panes, maximize a pane, etc...Terminator lets me simply righ-click and split horizontally or vertically. I can then right-click a specific pane to maximize/restore so that specific Pane can take up the full window in order to focus on tasks in there, then restore to see all the panes again. I tried a few other terminal programs but found Terminator to be my favorite by a long shot. On my Mac, I use iTerm and even published a video on my config for a 3-pane layout on that.
Great video! I accidentally changed my username to what you said on the video without realizing, I should put my own username, is there a way to change the username to my own?
It's been a couple hours since you posted this so hopefully you have already figured out to either Google "How to rename a linux user", which involves commands as well as having to rename home directory, etc... OR just create a NEW user with the appropriate username, group membership etc...
I’m having problems at finding the public keys to add to SSH PUB 3:10 I keep getting error message. Where do I find it?
By the way great video dude
Thanks for watching!!! You'll need to create your own key pair if you don't already have one to use: www.ssh.com/academy/ssh/keygen
For ssh I like to add AllowUsers. At the bottom of your /etc/ssh/sshd_config add the line and restart sshd -
AllowUsers bazbill
Yes, I like that as well :)
The passkey section is so hard to follow on a Windows.
This depends on how you look at it.. Just do an online search "how to generate ssh keys in windows" ... once you have followed the tutorial, you should have a private key and public key. The public key is the one you copy to remote systems that you wish to access and the private one is ONLY kept locally and secure by you.
Like your videos but I cant go past this level of copy ssh id ERROR: failed to open ID file , what am I doing wrong , Yes I made ssh-keygen
Hmm, that's odd, what OS are you on? For Linux and MacOS, the id_rsa and id_rsa.pub files should typically be placed in your ~/.ssh folder with chmod 600. If you simply did the ssh-keygen command and spit out files wherever with whatever name, perhaps you need to specify the file when running the ssh-copy-id command... IE: ssh-copy-id -i /path/folder/my-key.pub user@hostname
@@DimensionQuest Hi I am on windows, VPS from Contabo and running Ubuntu 20.04, I tried everything I search on the internet but no luck, I am not a programmer but will like to get it working, if there is any way you can help me out I will highly appreciate it, thanks
If I were on Windows, I'd probably just do it this way:
- Copy the contents of my .pub file
- SSH to my VPS
- create a .ssh folder in my home directory (chmod the dir to 700)
- Create the ~/.ssh/authorized_keys file (chmod it to 600)
- Edit the ~/.ssh/authorized_keys file and paste in the contents of your .pub file that you created on your windows system
- Confirm that the private key is in the .ssh folder of your home directory on the windows system
- test ssh to your VPS
Do not disable Password auth on the SSH server until you have validated that you can use key based auth! Otherwise, you will lock yourself out of remote access and have to use whatever console access your VPS provider gives you to re-enable password based auth and/or fix your authorized_keys file.
Also I didn't quite follow it your way as I'm on windows and I pasted my .pub key in via this method that I found online
mkdir ~/.ssh (it said the directory was already created)
chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 0644 ~/.ssh/authorized_keys
sudo vi ~/.ssh/authorized_keys
Pasted in pub.key saved and exited
Can ssh in fine with what I done above to the sudo member that I created.
I just see in the comments bellow that you recommended "chmod 600" I used 644 should I not of used that? Does me putting 0644 instead of 644 or 0700 instead of 700 make a difference?
Since the folder permission is already restricted to your user only (700), then 600 vs. 644 doesn't make much difference on the authorized_keys file inside that folder. as for prefixing the chmod with a "0" (IE: chmod 0644), leaving off the "0" makes no difference at all. Reference: askubuntu.com/questions/976168/difference-between-three-and-four-digit-file-permissions#:~:text=A%20three%2Ddigit%20permission%20is,exactly%20the%20same%20as%20644.
@@DimensionQuest Thanks for squaring that up and the link I will take a look