novaa's site

the internet sucks

30 Jan 2024

Running a server

There’s lots of reasons to run your own server actually. There are many different things you can do with your own server.

But the best part is that you get full control over what happens to it and what goes on it.

Maybe you’re sick of streaming services, and you want to rid yourself of Netflix, Spotify, Disney+, etc.

Well you can do that! With many different options.

Maybe you want to run your own website?

Regardless of your use, there are many reasons to use your own self hosted software, over a subscription based, centralized service.

Okay I’ve got one setup, now what?

After running a server for less than 48 hours, I already had multiple bots attempting to exploit common vulnerabilities on my server.

To put it simply, you need to make this thing secure.

Fail2Ban

You should absolutely setup Fail2Ban on your server. It will block connections that are trying to bruteforce into your server.

I used this website to setup my Fail2Ban service.

Configuring SSH

Assuming you have an SSH server setup so that you can access your server, as I do, you’re going to be getting a lot of bogus connection attempts. These are bots connecting and attempting to bruteforce your password.

Obviously we don’t want this, however, in combination with some configuration and Fail2Ban, we can solve this quite easily.

Setting up an SSH Key

SSH keys! Simple, and effective.

To set this up, first thing you need to do is go to your local computers that you will be connecting to the server with, and complete the following:

  • $mkdir -p ~/.ssh
  • $ssh-keygen
    • You will get two prompts from this. First one, I reccommend leaving blank, it will use the default directory, second will be the password you use to secure this key.
    • Make sure you use a strong password.
  • $scp ~/.ssh/id_ed25519.pub <username>@<host>:<name>.pub
    • This will copy the public key file over to your server.

Now once you’ve completed this on all of the machines that you plan to connect to the server with. It’s time to SSH into your server.

Here:

  • $mkdir -p ~/.ssh
  • $touch ~/.ssh/authorized_keys
  • For each public key that you’ve transfered to this machine, you want to do the following:
  • $cat ~/<name>.pub >> ~/.ssh/authorized_keys
  • This will add all of the keys that you ported over, into the accepted keys for the machine.

After you’ve added all of the keys into that ~/.ssh/authorized_keys file, there is one last step.

Edit /etc/ssh/sshd_config

And change the line that says # PasswordAuthentication yes -> PasswordAuthentication no. (Uncomment, and change yes to no).

If you lose your private key, or you want to connect from a different computer you will not be able to.

Ensure that you have a backup of one of these private keys, or else you will not be able to connect to the server via SSH again.

Next time, we'll talk about "What Tiger King can teach us about x86 Assembly"