DuckDuckWhale
9736e73c8e
- Setup: add Fedora guides, Signal, Dynamic Desktop, and Flatseal
- Shells: fix $() on older fish versions and unalias batcat on Fedora
- Auto:
- Detect git dependency
- Add .clang-format for C/C++ family
- Add full-setup script
- Helix: update to 24.03, add text width, rulers, and fix reflow
- Rust: fix fish env
- Starship: fix config path
- System: rename mac fnmode scripts and update sshd_config
44 lines
1.0 KiB
Markdown
44 lines
1.0 KiB
Markdown
# Debian Server Setup
|
|
|
|
Here's the minimum setup I put on my Debian 12 Bookworm servers.
|
|
|
|
## System configuration
|
|
|
|
```
|
|
# system updates
|
|
sudo apt update
|
|
sudo apt install -y openssh-server mosh ufw vim
|
|
sudo apt upgrade -y
|
|
sudo apt autoremove -y
|
|
# use Vim
|
|
sudo update-alternatives --config editor
|
|
# OpenSSH & Mosh & UFW
|
|
sudo groupadd --system ssh-users
|
|
sudo usermod -aG ssh-users $(whoami)
|
|
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
|
|
sudo wget \
|
|
https://git.duckduckwhale.com/DuckDuckWhale/dotfiles/raw/branch/main/system/sshd/sshd_config-debian \
|
|
-O /etc/ssh/sshd_config
|
|
sudo systemctl enable ssh --now
|
|
sudo systemctl reload ssh
|
|
sudo ufw limit OpenSSH # sudo ufw limit 22/tcp
|
|
sudo ufw allow mosh # sudo ufw allow 60001:60999/udp # mosh profile includes unused 60000 & 61000
|
|
sudo ufw enable
|
|
# sanity check
|
|
systemctl status ssh
|
|
sudo ufw status
|
|
su - $(whoami)
|
|
# apply all settings
|
|
sudo reboot
|
|
```
|
|
|
|
## User SSH keys
|
|
|
|
```
|
|
mkdir -p ~/.ssh
|
|
chmod 700 ~/.ssh
|
|
# insert your SSH public keys into the file
|
|
touch ~/.ssh/authorized_keys
|
|
chmod 600 ~/.ssh/authorized_keys
|
|
```
|