How to Set Up Your First Debian 9 Server on Alibaba Cloud

Prerequisites

  1. A valid Alibaba Cloud account. If you don’t have one already, sign up to the Free Trialto enjoy up to $300 worth in Alibaba Cloud products.
  2. An ECS instance running Debian 9. You can select your preferred region and configurations; this will not affect the outcome of the server setup.
  3. A root password for your server.

Step 1: Connect to Your Alibaba Cloud Debian 9 Server

Locate the Internet IP address (Public IP address) associated with your Alibaba Cloud ECS Instance.

Step 2: Change the Hostname on Your Debian 9 Server

The hostname is a default identifier when you communicate to a Linux server. It is like a computer name that is associated with your home PC or laptop. Naming your Debian 9 server with a descriptive hostname helps you to differentiate your machines especially if you are running a bunch of them.

$ sudo apt-get update
$ sudo apt-get upgrade -y
$ hostname
$ sudo nano /etc/cloud/cloud.cfg
preserve_hostname true
$ sudo nano /etc/hostname
$ sudo nano /etc/hosts
127.0.0.1 localhost
127.0.1.1 miami
111.111.111.111 miami
$ sudo reboot

Step 3: Configure Time Zone on Your Debian 9 Server

You can check the default date and time zone on your Debian 9 server by typing the command below:

$ timedatectl
$ sudo timedatectl set-timezone
$ sudo timedatectl set-timezone Europe/London
$ date

Step 4: Create a Non-Root User with Sudo Privileges on Debian 9

Logging on your Debian 9 server using a root user can create a lot of problems. For instance, a simple rm command with wrongly typed parameters can wipe your entire production’s server data.

$ sudo adduser
$ sudo adduser james
$ sudo usermod -aG sudo james

Step 5: Creating Authentication Key Pair for Logging onto Your Debian 9 Server

Logging in to your Debian 9 server using a private/public key pair is more secure that using a password. In this mode, you keep the private key on your local computer and the public key under the .ssh/authorized_keys file on your Alibaba cloud server.

$ mkdir ~/.ssh
$ nano ~/.ssh/authorized_keys
$ chmod 700 -R ~/.ssh && chmod 600 ~/.ssh/authorized_keys

Step 6: Disable Password Authentication

Once you set up the private/public key pair, you should disable password based logins to ensure that only a person with the correct private key can gain access to your Debian 9 server.

$ sudo nano /etc/ssh/sshd_config
PasswordAuthentication no
$ sudo service ssh restart

Step 7: Disable SSH Root Access on Your Debian 9 Server

Once you have created non-root user with sudo privileges and password logins disabled, you can go ahead and disable root login over SSH. This will make sure that no one can login to your Debian server over SSH using the root username.

$ sudo nano /etc/ssh/sshd_config
PermitRootLogin no
$ sudo service ssh restart

Step 8: Install a Firewall on Your Debian 9 Server

Debian 9 comes with a default interface for interacting with IP tables known as UFW (Uncomplicated Firewall). UFW is a simplified tool which aims towards simplifying the process of setting up IP tables especially for beginners who are new to the Linux environment.

$ sudo apt-get install ufw
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw allow
$ sudo ufw allow 22
$ sudo ufw allow ssh
$ sudo ufw allow http
$ sudo ufw allow https
$ sudo ufw enable
$ sudo ufw status numbered
$ sudo ufw delete
$ sudo ufw disable
$ sudo ufw reset

Step 9: Install Fail2Ban on Your Debian 9 Server

Fail2Ban is a tool that adds another layer of security to your Debian 9 server by utilizing IP tables. It simply bans users trying to access your Debian server based on the number of failed logged in attempts.

$ sudo apt-get install fail2ban
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
$ sudo nano /etc/fail2ban/jail.local

Conclusion

That’s it! You have successfully provisioned your Debian 9 server running on Alibaba Cloud Elastic Compute Service (ECS). Although this is not a conclusive list of all Linux security measures that you should take when setting up your server, it can keep hackers away especially if you are just starting out with ECS. You can now install a web server and database server to run your website or web application. I hope you enjoyed reading the tutorial!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website:https://www.alibabacloud.com