The following document describes how to install debian etch server on a dedicated 1&1 AMD 64-bit server.
Install minimal Debian Etch installation via 1&1 fronted.
As no SSH control is yet installed, you have to connect via your terminal (e.g. putty, or Mac OS terminal). The string should look somehow like:
ssh u12345678@sercon.onlinehome-server.info.
Your password is the one you provided on your 1&1 Web-Frontend.
Alternatively you can try if ’ssh root@yourdomain.com’ is already working, type in the password you set up in your web frontend during re-installation.
Update sources for aptitude
Debian:~# aptitude update Get:1 http://update.onlinehome-server.info etch Release.gpg [378B] Get:2 http://update.onlinehome-server.info etch/updates Release.gpg [189B] Get:3 http://update.onlinehome-server.info etch Release [58.2kB] Get:4 http://update.onlinehome-server.info etch/updates Release [37.6kB] Get:5 http://update.onlinehome-server.info etch/main Packages [4210kB] Get:6 http://update.onlinehome-server.info etch/contrib Packages [50.4kB] Get:7 http://update.onlinehome-server.info etch/non-free Packages [63.7kB] Get:8 http://update.onlinehome-server.info etch/main Sources [1214kB] Get:9 http://update.onlinehome-server.info etch/contrib Sources [18.3kB] Get:10 http://update.onlinehome-server.info etch/non-free Sources [28.2kB] Get:11 http://update.onlinehome-server.info etch/updates/main Packages [255kB] Get:12 http://update.onlinehome-server.info etch/updates/contrib Packages [3926B] Get:13 http://update.onlinehome-server.info etch/updates/non-free Packages [1420B] Get:14 http://update.onlinehome-server.info etch/updates/main Sources [41.0kB] Get:15 http://update.onlinehome-server.info etch/updates/contrib Sources [1168B] Get:16 http://update.onlinehome-server.info etch/updates/non-free Sources [1176B] Fetched 5986kB in 5s (1155kB/s) Reading package lists... Done
Now let’s update for security reasons all packages (the files from 1&1 are sometimes outdated)
Output can look similar to the below dump:
Debian:~# aptitude upgrade Reading package lists... Done Building dependency tree... Done Reading extended state information Initializing package states... Done Writing extended state information... Done Reading task descriptions... Done Building tag database... Done The following packages will be upgraded: libgnutls13 openssh-client openssh-server ssh 4 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 1273kB of archives. After unpacking 28.7kB will be freed. Do you want to continue? [Y/n/?] Y Writing extended state information... Done Get:1 http://update.onlinehome-server.info etch/updates/main libgnutls13 1.4.4-3+etch1 [315kB] Get:2 http://update.onlinehome-server.info etch/updates/main openssh-server 1:4.3p2-9etch2 [246kB] Get:3 http://update.onlinehome-server.info etch/updates/main openssh-client 1:4.3p2-9etch2 [712kB] Get:4 http://update.onlinehome-server.info etch/updates/main ssh 1:4.3p2-9etch2 [1052B] Fetched 1273kB in 0s (6401kB/s) Preconfiguring packages ... (Reading database ... 16424 files and directories currently installed.) Preparing to replace libgnutls13 1.4.4-3 (using .../libgnutls13_1.4.4-3+etch1_amd64.deb) ... Unpacking replacement libgnutls13 ... Preparing to replace openssh-server 1:4.3p2-9etch1 (using .../openssh-server_1%3a4.3p2-9etch2_amd64.deb) ... Unpacking replacement openssh-server ... Preparing to replace openssh-client 1:4.3p2-9etch1 (using .../openssh-client_1%3a4.3p2-9etch2_amd64.deb) ... Unpacking replacement openssh-client ... Preparing to replace ssh 1:4.3p2-9etch1 (using .../ssh_1%3a4.3p2-9etch2_all.deb) ... Unpacking replacement ssh ... Setting up libgnutls13 (1.4.4-3+etch1) ... Setting up openssh-client (4.3p2-9etch2) ... Setting up openssh-server (4.3p2-9etch2) ... Restarting OpenBSD Secure Shell server: sshd. Setting up ssh (4.3p2-9etch2) ... Debian:~#
Let’s now install some basic programs, you’ll most likely use in your daily live with your Debian Etch Server and which are not installed by default:
Debian:~# aptitude install mc zip unzip bzip2 screen vim rsync traceroute ftp lynx
Automatic time updating is pure convenience these days and I suggest to install this packages as well (you’ll most probably get a hint that a similar package has to be de-installed - just confirm please)
Debian:~# aptitude install ntp ntpdate
Now is good moment to check your time settings: (in current versions it seems that basis configuration from 1&1 is correct)
Debian:~# tzconfig Your current time zone is set to Europe/Berlin Do you want to change that? [n]: n Your time zone will not be changed
Install SSH (for Secure Shell Access, if not yet installed
Debian:~# aptitude install ssh
Security is a must, let’s now finally change root password
Debian:~# passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Let’s now add a new user:
Debian:~# adduser jsmith Adding user `jsmith' ... Adding new group `jsmith' (1000) ... Adding new user `jsmith' (1000) with group `jsmith' ... Creating home directory `/home/jsmith' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for jsmith Enter the new value, or press ENTER for the default Full Name []: John Smith Room Number []: home Work Phone []: - Home Phone []: - Other []: - Is the information correct? [y/N] y
For security purposes I suggest you really perform following steps to avoid root access through SSH connection.
It might be reasonable as well to change standard port number for even more security.
Therefore we need to edit the configuration file:
Debian:~# vi /etc/ssh/sshd_config
Please make the following changes:
Change Port 22 to something else i.e. 2444 Change PermitRootLogin from YES to NO
Add the following 2 lines (please, don’t forget to replace it by your user)
AllowUsers jsmith AllowGroups jsmith
Major issue is that most people stop right here. You have to restart ssh services for the changes to work.
Restarting OpenBSD Secure Shell server:
Debian:~# /etc/init.d/ssh restart
Now let’s exit
Debian:~# exit
the console and restart via ssh root@yourdomain.com.
You will get something like:
ssh: connect to host yourdomain.com port 22: Connection refused
as we did change the port number.
Please call you domain via:
ssh root@yourdomain.com -p yourportnumber
Still getting an error like: Permission denied, please try again.
? Well yes, we have limited access to our user jsmith. So all our security initiatives seem to work, now let’s hope that the following command will work:
ssh jmsith@yourdomain.com -p yourportnumber
Gotcha! Well, you’re not perfectly secure yet but more secure than most people with a dedicated server.
Don’t forget that you have to type from now on:
Debian:~# su (and typing in root password to get root rights)
Well done, now let’s continue to install some software, where I’m sure you want to use it (apache2, mysql, php5, etc.):
Debian:~# aptitude install apache2 libapache2-mod-php5 php5-cli php5-common php5-cgi
After this you should be able to see “It works!” by typing www.yourdomain.com into your webbrowser.
Debian:~# aptitude install mysql-common mysql-server mysql-server-5.0
Now I suggest to immediately set a new password to your mysql-root user:
Debian:~# mysqladmin -u root -p password 'MyNewPassword'
You’ll be prompted for a password. Just hit ENTER, as the initial password from the installation is empty!! Please be aware that you don’t have to retype the password, there is no further check, so please be careful to remind your settings!
Most probably you have more room on your home drive than on /var/
Let’s move your www directory to your home directory and make a soft link to it (so the system will not see any difference):
Debian:~# mv www /home/jsmith/ Debian:~# ln -s /home/jsmith/www/ www
Let’s install webmin (especially in the case that you’re not yet a linux guru). Watch www.webmin.com for the latest release and the correct link.
Debian:~# cd /tmp Debian:~# wget http://switch.dl.sourceforge.net/sourceforge/webadmin/webmin_1.410_all.deb Debian:~# dpkg -i webmin_1.410_all.deb
The system found a lot of dependencies which you will now solve and finally install webmin with:
Debian:~# aptitude install webmin
The systems will tell you after installation how to log in.
First thing you should do is creating a user (i.e. jsmith) with all rights - log off (as you can not delete yourself) - and login with this new user, then please delete root user immediately.
We need to change /etc/apache2/sites-available/default
Debian:~# vi /etc/apache2/sites-available/default
add the ‘#’ sign before RedirectMatch …
and change ‘AllowOverride None’ to ‘AllowOverride All’
After having restart your server, apache will read the files in your /home/jsmith/www directory.
Before you should enable apache2 module re_write.
Debian:~# a2enmod rewrite
Debian:~# /etc/init.d/apache2 restart
Most probably you want to have php5 support on your mysql database (i.e. for Wordpress)
Debian:~# aptitude install php5-mysql
Now we need some changes on the php.ini
Debian:~# vi /etc/php5/apache2/php.ini
change ‘upload_max_filesize = 2M’ to ‘upload_max_filesize = 20M’
change ‘post_max_size = 8M’ to ‘post_max_size = 20M’
change ‘memory_limit = 16M ‘ to ‘memory_limit = 64M’
change ‘expose_php = On’ to ‘expose_php = Off’
Now you should restart your apache2 and forcing to reload all new values:
Debian:~# /etc/init.d/apache2 force-reload
You should now be able to install whatever web application you want. Often you need mod_rewrite on apache2 enabled.
What we are still missing is the FTP Server:
Debian:~# aptitude install Debian:~# cp /bin/false /bin/ftp Debian:~# echo "/bin/ftp" >> /etc Debian:~# addgroup ftpuser Debian:~# usermod -G ftpuser jsmith
Configure settings
Debian:~# vi /etc/proftpd/proftpd.conf
add the following at the end of this file
DenyGroup !ftpuser !jsmith RootLogin off RequireValidShell on UseReverseDNS off IdentLookups off change UseIPv6 from 'On' to 'Off'
Restart Server
Debian:~# /etc/init.d/proftpd restartSphere: Related Content
Recent Comments