ConoHa VPS
$ cat /etc/os-release NAME="Ubuntu" VERSION="18.04.3 LTS (Bionic Beaver)"
$ add user lambda34 # Add user $ password # password setting $ gpasswd -a lambda34 sudo # Make users belong to a group
$ ssh-keygen -t rsa
You can see that the public and private keys have been created.
$ ls -la ~/.ssh total 72 drwx------ 9 aaa staff 288 10 12 23:34 . drwxr-xr-x+ 59 aaa staff 1888 12 8 04:07 .. -rw------- 1 aaa staff 1843 12 8 17:03 id_rsa -rw-r--r-- 1 aaa staff 413 12 8 17:03 id_rsa.pub
$ scp ~/.ssh/id_rsa.pub [email protected]:~/
$ ssh [email protected] $ mv ~/id_rsa.pub ~lambda34/.ssh/authorized_keys $ chown -R lambda34: ~lambda34/.ssh $ chmod 700 ~lambda34/.ssh $ chmod 600 ~lambda34/.ssh/authorized_keys
Enter the VPC as the root user and create the public key in the user directory of lambda34. Installed in. Change the authority.
** Make sure that the user created from the local PC can connect **
$ ssh -i ~/.ssh/id_rsa [email protected]
Edit sshd_config so that you cannot log in as the root user.
** Make a backup before editing **
$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bac
$ sudo vi /etc/ssh/sshd_config ↓ Port 65656 # port22 is guessed, so change to another port PermitRootLogin no #Prohibit login in root directory PasswordAuthentication no #Prohibit login with password
Reboot
$ sudo service ssh restart
Confirm that you cannot log in as the root user
$ ssh -p 65656 -i ~/.ssh/id_rsa [email protected] [email protected]'s password: Permission denied, please try again
When logging in using the port specification and private key
$ ssh -p 65656 -i ~/.ssh/id_rsa [email protected]
It should be inactive by default.
$sudo ufw status [sudo] password for lambda34: Status: inactive
activation
$ sudo ufw enable
Access is denied by default
$ sudo ufw default deny
Only communication of required protocol is allowed Here we will open ports 80 and 443.
$ sudo ufw allow https/tcp $ sudo ufw allow http/tcp
Confirmation command
$ sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 443/tcp ALLOW IN Anywhere 80/tcp ALLOW IN Anywhere 65656 ALLOW IN Anywhere 443/tcp (v6) ALLOW IN Anywhere (v6) 80/tcp (v6) ALLOW IN Anywhere (v6) 65656 (v6) ALLOW IN Anywhere (v6)
Reload
$ sudo ufw reload Firewall reloaded
$ sudo apt-get update
$ sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg-agent \ software-properties-common - y $ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - $ sudo apt-key fingerprint 0EBFCD88 $ sudo add-apt-repository \ "deb [arch=amd64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" $ sudo apt-get update $ sudo apt-get install docker-ce -y
Docker auto-start settings
$ sudo systemctl enable docker
Add user to Docker group
$ sudo usermod -aG docker $USER
$ sudo curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose $ sudo chmod +x /usr/local/bin/docker-compose $ exit
$ sudo mkdir -p /data/repo $ sudo chown -R $USER /data
Recommended Posts