The following document describes how to install debian etch server on a dedicated 1&1 AMD 64-bit server.

Install minimal Debian Etch installation via 1&1 fronted.

As no SSH control is yet installed, you have to connect via your terminal (e.g. putty, or Mac OS terminal). The string should look somehow like:

ssh u12345678@sercon.onlinehome-server.info.

Your password is the one you provided on your 1&1 Web-Frontend.
Alternatively you can try if ’ssh root@yourdomain.com’ is already working, type in the password you set up in your web frontend during re-installation.

Update sources for aptitude

Debian:~# aptitude update
Get:1 http://update.onlinehome-server.info etch Release.gpg [378B]
Get:2 http://update.onlinehome-server.info etch/updates Release.gpg [189B]
Get:3 http://update.onlinehome-server.info etch Release [58.2kB]
Get:4 http://update.onlinehome-server.info etch/updates Release [37.6kB]
Get:5 http://update.onlinehome-server.info etch/main Packages [4210kB]
Get:6 http://update.onlinehome-server.info etch/contrib Packages [50.4kB]
Get:7 http://update.onlinehome-server.info etch/non-free Packages [63.7kB]
Get:8 http://update.onlinehome-server.info etch/main Sources [1214kB]
Get:9 http://update.onlinehome-server.info etch/contrib Sources [18.3kB]
Get:10 http://update.onlinehome-server.info etch/non-free Sources [28.2kB]
Get:11 http://update.onlinehome-server.info etch/updates/main Packages [255kB]
Get:12 http://update.onlinehome-server.info etch/updates/contrib Packages [3926B]
Get:13 http://update.onlinehome-server.info etch/updates/non-free Packages [1420B]
Get:14 http://update.onlinehome-server.info etch/updates/main Sources [41.0kB]
Get:15 http://update.onlinehome-server.info etch/updates/contrib Sources [1168B]
Get:16 http://update.onlinehome-server.info etch/updates/non-free Sources [1176B]
Fetched 5986kB in 5s (1155kB/s)
Reading package lists... Done

Now let’s update for security reasons all packages (the files from 1&1 are sometimes outdated)
Output can look similar to the below dump:

Debian:~# aptitude upgrade
Reading package lists... Done
Building dependency tree... Done
Reading extended state information
Initializing package states... Done
Writing extended state information... Done
Reading task descriptions... Done
Building tag database... Done
The following packages will be upgraded:
  libgnutls13 openssh-client openssh-server ssh
4 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1273kB of archives. After unpacking 28.7kB will be freed.
Do you want to continue? [Y/n/?] Y
Writing extended state information... Done
Get:1 http://update.onlinehome-server.info etch/updates/main libgnutls13 1.4.4-3+etch1 [315kB]
Get:2 http://update.onlinehome-server.info etch/updates/main openssh-server 1:4.3p2-9etch2 [246kB]
Get:3 http://update.onlinehome-server.info etch/updates/main openssh-client 1:4.3p2-9etch2 [712kB]
Get:4 http://update.onlinehome-server.info etch/updates/main ssh 1:4.3p2-9etch2 [1052B]
Fetched 1273kB in 0s (6401kB/s)
Preconfiguring packages ...
(Reading database ... 16424 files and directories currently installed.)
Preparing to replace libgnutls13 1.4.4-3 (using .../libgnutls13_1.4.4-3+etch1_amd64.deb) ...
Unpacking replacement libgnutls13 ...
Preparing to replace openssh-server 1:4.3p2-9etch1 (using .../openssh-server_1%3a4.3p2-9etch2_amd64.deb) ...
Unpacking replacement openssh-server ...
Preparing to replace openssh-client 1:4.3p2-9etch1 (using .../openssh-client_1%3a4.3p2-9etch2_amd64.deb) ...
Unpacking replacement openssh-client ...
Preparing to replace ssh 1:4.3p2-9etch1 (using .../ssh_1%3a4.3p2-9etch2_all.deb) ...
Unpacking replacement ssh ...
Setting up libgnutls13 (1.4.4-3+etch1) ...
Setting up openssh-client (4.3p2-9etch2) ...
Setting up openssh-server (4.3p2-9etch2) ...
Restarting OpenBSD Secure Shell server: sshd.
Setting up ssh (4.3p2-9etch2) ...
Debian:~#

Let’s now install some basic programs, you’ll most likely use in your daily live with your Debian Etch Server and which are not installed by default:

Debian:~# aptitude install mc zip unzip bzip2 screen vim rsync traceroute ftp lynx

Automatic time updating is pure convenience these days and I suggest to install this packages as well (you’ll most probably get a hint that a similar package has to be de-installed - just confirm please)

Debian:~# aptitude install ntp ntpdate

Now is good moment to check your time settings: (in current versions it seems that basis configuration from 1&1 is correct)

Debian:~# tzconfig
Your current time zone is set to Europe/Berlin
Do you want to change that? [n]: n
Your time zone will not be changed

Install SSH (for Secure Shell Access, if not yet installed

Debian:~# aptitude install ssh

Security is a must, let’s now finally change root password

Debian:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Let’s now add a new user:

Debian:~# adduser jsmith
Adding user `jsmith' ...
Adding new group `jsmith' (1000) ...
Adding new user `jsmith' (1000) with group `jsmith' ...
Creating home directory `/home/jsmith' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for jsmith
Enter the new value, or press ENTER for the default
	Full Name []: John Smith
	Room Number []: home
	Work Phone []: -
	Home Phone []: -
	Other []: -
Is the information correct? [y/N] y

For security purposes I suggest you really perform following steps to avoid root access through SSH connection.
It might be reasonable as well to change standard port number for even more security.
Therefore we need to edit the configuration file:

Debian:~# vi /etc/ssh/sshd_config

Please make the following changes:

Change Port 22 to something else i.e. 2444
Change PermitRootLogin from YES to NO

Add the following 2 lines (please, don’t forget to replace it by your user)

AllowUsers jsmith
AllowGroups jsmith

Major issue is that most people stop right here. You have to restart ssh services for the changes to work.
Restarting OpenBSD Secure Shell server:

Debian:~# /etc/init.d/ssh restart

Now let’s exit

Debian:~# exit

the console and restart via ssh root@yourdomain.com.

You will get something like:

ssh: connect to host yourdomain.com port 22: Connection refused

as we did change the port number.

Please call you domain via:

ssh root@yourdomain.com -p yourportnumber

Still getting an error like: Permission denied, please try again.
? Well yes, we have limited access to our user jsmith. So all our security initiatives seem to work, now let’s hope that the following command will work:

ssh jmsith@yourdomain.com -p yourportnumber

Gotcha! Well, you’re not perfectly secure yet but more secure than most people with a dedicated server.

Don’t forget that you have to type from now on:

Debian:~# su (and typing in root password to get root rights)

Well done, now let’s continue to install some software, where I’m sure you want to use it (apache2, mysql, php5, etc.):

Debian:~# aptitude install apache2 libapache2-mod-php5 php5-cli php5-common php5-cgi

After this you should be able to see “It works!” by typing www.yourdomain.com into your webbrowser.

Debian:~# aptitude install mysql-common mysql-server mysql-server-5.0

Now I suggest to immediately set a new password to your mysql-root user:

Debian:~# mysqladmin -u root -p password 'MyNewPassword'

You’ll be prompted for a password. Just hit ENTER, as the initial password from the installation is empty!! Please be aware that you don’t have to retype the password, there is no further check, so please be careful to remind your settings!

Most probably you have more room on your home drive than on /var/

Let’s move your www directory to your home directory and make a soft link to it (so the system will not see any difference):

Debian:~# mv www /home/jsmith/
Debian:~# ln -s /home/jsmith/www/ www

Let’s install webmin (especially in the case that you’re not yet a linux guru). Watch www.webmin.com for the latest release and the correct link.

Debian:~# cd /tmp
Debian:~# wget http://switch.dl.sourceforge.net/sourceforge/webadmin/webmin_1.410_all.deb
Debian:~# dpkg -i webmin_1.410_all.deb

The system found a lot of dependencies which you will now solve and finally install webmin with:

Debian:~# aptitude install webmin

The systems will tell you after installation how to log in.

First thing you should do is creating a user (i.e. jsmith) with all rights - log off (as you can not delete yourself) - and login with this new user, then please delete root user immediately.

We need to change /etc/apache2/sites-available/default

Debian:~# vi /etc/apache2/sites-available/default

add the ‘#’ sign before RedirectMatch …
and change ‘AllowOverride None’ to ‘AllowOverride All’
After having restart your server, apache will read the files in your /home/jsmith/www directory.
Before you should enable apache2 module re_write.

Debian:~# a2enmod rewrite

Debian:~# /etc/init.d/apache2 restart

Most probably you want to have php5 support on your mysql database (i.e. for Wordpress)

Debian:~# aptitude install php5-mysql

Now we need some changes on the php.ini

Debian:~# vi /etc/php5/apache2/php.ini

change ‘upload_max_filesize = 2M’ to ‘upload_max_filesize = 20M’
change ‘post_max_size = 8M’ to ‘post_max_size = 20M’
change ‘memory_limit = 16M ‘ to ‘memory_limit = 64M’
change ‘expose_php = On’ to ‘expose_php = Off’

Now you should restart your apache2 and forcing to reload all new values:

Debian:~# /etc/init.d/apache2 force-reload

You should now be able to install whatever web application you want. Often you need mod_rewrite on apache2 enabled.

What we are still missing is the FTP Server:

Debian:~# aptitude install
Debian:~# cp /bin/false /bin/ftp
Debian:~# echo "/bin/ftp" >> /etc
Debian:~# addgroup ftpuser
Debian:~# usermod -G ftpuser jsmith

Configure settings

Debian:~# vi /etc/proftpd/proftpd.conf

add the following at the end of this file

DenyGroup !ftpuser !jsmith
RootLogin off
RequireValidShell on

UseReverseDNS off
IdentLookups off

change UseIPv6 from 'On' to 'Off'

Restart Server

Debian:~# /etc/init.d/proftpd restart