Streamline Debian VPS Setup: A Step-by-Step Guide

A few weeks ago, I was looking for a way to streamline Debian VPS setup. I wanted to ‘automate’ the configuration of a new Debian VPS or Virtual private server, using a method that could be replicated across different computers. Be referencing several guides, and generous assistance from AI chat tools, I came up with a script. This guide provides a step-by-step explanation of this script that automates the setup of a Debian VPS. This script updates the system, installs tools, configures the firewall, and configures the SSH server. It assumes a Debian installation on a VPS and command-line usage.

Summary (Hindi): यह गाइड एक स्क्रिप्ट की कदम-दर-कदम व्याख्या प्रदान करती है जो डेबियन VPS की सेटअप को स्वचालित करती है। स्क्रिप्ट सिस्टम को अपडेट करती है, उपकरण स्थापित करती है, फ़ायरवॉल को कॉन्फ़िगर करती है, और SSH सर्वर की सेटअप करती है। यह एक VPS पर डेबियन स्थापना और कमांड लाइन उपयोग का धारणा करती है।

---

Introduction

Setting up a Debian Virtual Private Server (VPS) can be a daunting task, especially for beginners. This guide simplifies the process by providing a script that automates the setup. This script assumes that you have a Debian installation on your VPS and are comfortable using the command line.

Creating custom script for Debian Linux for new VPS install

Debian Linux is one of the most popular and widely used operating systems for virtual private servers (VPS). Whether you are a beginner or an experienced user, setting up a new VPS with Debian Linux can be a daunting task. The default installation of Debian Linux provides a solid foundation, but it may not always meet the specific needs and requirements of every user. This is where custom scripts come into play. By creating custom scripts, users can automate the installation and configuration process, saving time and effort. In this article, we will explore the process of creating custom scripts for Debian Linux on a new VPS install.

We will cover the tools and techniques required, as well as the benefits and potential challenges of creating custom scripts. By the end of this article, readers will have a better understanding of how to customize their Debian Linux installation to suit their unique needs, making the VPS experience more efficient and tailored to their specific goals. So, let’s dive into the world of custom scripting for Debian Linux and take our VPS setup to the next level.

The need to set up a custom script

Setting up a custom script for your Debian Linux VPS install is crucial to optimize your server’s performance and ensure it meets your specific requirements. By tailoring a script to your needs, you can automate repetitive tasks, streamline processes, and enhance security measures. Whether you’re managing a website, running a database, or hosting applications, a custom script allows you to fine-tune your server environment, saving you time and effort in the long run. With a tailored script, you have the flexibility to install the necessary software, configure settings, and establish monitoring systems that align with your unique objectives. Embracing the need for a custom script empowers you to maximize the efficiency and effectiveness of your Debian Linux VPS, ensuring a smooth and optimized operating environment.

Building blocks of the script for Debian VPS setup

Once the Debian operating system has been installed on a new VPS, it is crucial to ensure that the system is up to date and secure. The first step for debian VPS setup involves performing essential upgrades to patch any vulnerabilities and keep the system running smoothly. Additionally, the installation of essential tools such as curl, ufw, and rclone is necessary to enhance the functionality and versatility of the server. These tools enable efficient data transfer, firewall management, and remote file synchronization, respectively.

Furthermore, configuring the SSH settings is vital to establish secure and reliable remote connections to the VPS, allowing for seamless management and administration of the server. By carefully implementing these building blocks into the custom script, the Debian Linux installation can be optimized for a new VPS, ensuring a stable and secure environment for future operations.

What does the script do?

Step 1: The script begins by updating the .bashrc file for the user with several useful aliases. These aliases are shortcuts for common commands, making them quicker and easier to type. For example, ‘dl’ changes the directory to Downloads, ‘apti’ installs packages, and ‘aptu’ updates and upgrades the system.

Step 2: The script then updates the Debian installation. This is done using the ‘aptu’ alias created in the previous step, which updates the package lists and upgrades the installed packages.

Step 3: The script installs several useful tools: curl, wget, rclone, neofetch, ufw and fortune. These tools are used for downloading files, syncing files, displaying system information, and displaying random quotes, respectively.

Step 4: The script then configures the Uncomplicated Firewall (UFW). It sets the default policies to deny incoming connections and allow outgoing connections. It then enables UFW and allows traffic on specific ports. It also enables UFW for IPv6. Any custom ports that you may use or require will also get added or updated.

Step 5: The script updates the SSH server configuration. It enables root login, sets the client alive interval and count, disables X11 forwarding, and changes the SSH port. It then restarts the SSH server for the changes to take effect.

Note: You can access the below script by visiting this page. This link leads you to my other blog which acts as a ‘feeder’ to this site, which is my main blog.

---

Bash Script for customizing Debian VPS Setup

Notes:

1. This script assumes a Debian installation on a VPS
2. Assumption: User has logged on to VPS via SSH and is familiar with command-line usage.

#!/bin/bash

Step 1: Update .bashrc for user with aliases

cat << EOF >> /home/user/.bashrc
alias dl='cd ~/Downloads'
alias doc='cd ~/Documents'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
alias ghar='cd ~'
alias grep='grep --color=auto'
alias apti='sudo apt-get -y install'
alias aptu='sudo apt-get update && sudo apt-get -y upgrade'
alias ll='ls -alFh'
alias ls='ls --color=auto'
alias ping='ping -c 6'
alias ping6='ping6 -c 6'
alias rsync='ionice -c2 -n7 rsync'

Update the source for your_username

source /home/user/.bashrc

Step 2: Update the Debian installation

#No need for update because alias for upgrade already updates the apt
sudo aptu

Step 3: Install curl, wget, rclone, ufw

sudo apti curl wget rclone neofetch fortune ufw

Step 4: Configure ufw

sudo ufw default deny incoming

sudo ufw default allow outgoing

sudo ufw enable

sudo ufw allow 80/tcp,443/tcp,22,21,53/udp

#sudo ufw allow custom port (optional)

#sudo ufw allow xxxx

Enable UFW for IPv6 as well

sudo sed -i 's/IPV6=no/IPV6=yes/g' /etc/default/ufw

sudo ufw reload

Step 5: Update /etc/ssh/sshd_config

sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config

sudo echo 'ClientAliveInterval 20' >> /etc/ssh/sshd_config

sudo echo 'ClientAliveCountMax 30' >> /etc/ssh/sshd_config

sudo sed -i 's/#X11Forwarding yes/X11Forwarding no/g' /etc/ssh/sshd_config

sudo echo 'Port xxxx' >> /etc/ssh/sshd_config

sudo systemctl restart sshd

 

Explanation of each step in the above script

Step 1: Update .bashrc for user with aliases

Note: for simplicity, only selected aliases are shown below
cat << EOF >> /home/user/.bashrc

This command appends the following lines to the .bashrc file in the user’s home directory. The .bashrc file is a script that runs every time you open a new terminal.

alias dl='cd ~/Downloads'
This line creates an alias 'dl' which changes the current directory to the Downloads directory in the user’s home directory.

alias apti='sudo apt-get -y install'
This line creates an alias 'apti' which installs packages without asking for confirmation.

alias aptu='sudo apt-get update && sudo apt-get -y upgrade'

This line creates an alias 'aptu' which updates the list of available packages and upgrades the installed packages.

source /home/user/.bashrc: This line reloads the .bashrc file to apply the changes.

---

Step 2: Update the Debian installation

sudo aptu

This line updates the list of available packages and upgrades the installed packages.

Step 3: Install curl, wget, rclone, ufw

sudo apti curl wget rclone neofetch fortune ufw
This line installs the curl, wget, rclone, neofetch, ufw and fortune packages.

Step 4: Configure ufw

sudo ufw default deny incoming
This line sets the default policy for incoming connections to deny.

sudo ufw default allow outgoing
This line sets the default policy for outgoing connections to allow.

sudo ufw enable
This line enables UFW.

sudo ufw allow 80/tcp,443/tcp,22,21,53/udp
Port xxxx is custom port used in Step 4, and is optional
sudo ufw allow xxxx
This line allows incoming traffic on ports 80, 443, 22, 21, and 53. Any custom port will also get added (optional)

sudo sed -i 's/IPV6=no/IPV6=yes/g' /etc/default/ufw
This line enables IPv6 support in UFW.

sudo ufw reload
This line reloads UFW to apply the changes.

Step 5: Update /etc/ssh/sshd_config

sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
This line enables password-based authentication for the root user.

sudo echo 'ClientAliveInterval 20' >> /etc/ssh/sshd_config
This line sets the interval at which SSH sends keep-alive messages to the client.

sudo echo 'ClientAliveCountMax 30' >> /etc/ssh/sshd_confi
This line sets the maximum number of keep-alive messages that SSH sends without receiving any response from the client.

sudo sed -i 's/#X11Forwarding yes/X11Forwarding no/g' /etc/ssh/sshd_config
This line disables X11 forwarding.

sudo echo 'Port xxxxx' >> /etc/ssh/sshd_config
This line changes the port on which SSH listens for connections to xxxxx.

sudo systemctl restart sshd
This line restarts the SSH daemon to apply the changes.

Key Takeaways

• Automating the setup process can save time and reduce errors.
• Aliases can make common commands easier to type.
• Regular system updates and firewall configuration are essential for security.
• Changing the default SSH port can enhance security.

Conclusion

This script provides a streamlined way for a Debian VPS setup. It automates the process of updating the system, installing tools, configuring the firewall, and setting up the SSH server. By using this script, you can save time and avoid common setup mistakes.

---

References

Debian Administration: https://www.debian.org/doc/
UFW Documentation: https://help.ubuntu.com/community/UFW
SSH Configuration: https://www.ssh.com/ssh/config/

---

Additional Notes:

The .bashrc file is a script that runs every time you open a new terminal. It’s a place where you can set up things like aliases, functions, and environment variables that you want to be available every time you use the terminal. It’s a powerful tool, but it’s also easy to make mistakes that can cause problems with your terminal environment.

Here are some general guidelines and words of caution for working with the .bashrc file:

1. Always backup your original .bashrc file before making changes. This way, if something goes wrong, you can easily restore the original file.

2. Be careful with sudo. Using sudo gives you root privileges, which means you can make changes that affect the entire system. Always double-check your commands before running them with sudo.

3. Update your .bashrc file in a phased manner. Start with the most basic changes, and gradually add more complex ones. This way, if something goes wrong, it’s easier to figure out what caused the problem.

4. Keep aliases for the very end. Aliases are shortcuts for longer commands, and they can make your terminal experience more efficient. However, they can also cause confusion if you’re not used to them, so it’s best to add them after you’re comfortable with the other changes you’ve made to your .bashrc file.

5. Finally, always test your changes. After updating your .bashrc file, open a new terminal and make sure everything works as expected. If something goes wrong, you can use your backup to restore the original file and try again.

---

Optional : move aliases to the end of the script

Or, you may create two scripts: one for the system configuration, other for user account. Highly recommended for beginners.

Script without the aliases

#!/bin/bash

Step 2: Update the Debian installation

sudo apt-get update && sudo apt-get -y upgrade

Step 3: Install curl, wget, rclone

sudo apt-get -y install curl wget rclone neofetch ufw fortune

Step 4: Configure ufw

sudo ufw default deny incoming

sudo ufw default allow outgoing

sudo ufw enable

sudo ufw allow 80/tcp,443/tcp,22,21,53/udp

#sudo ufw allow custom port (optional)

#sudo ufw allow xxxx

step 4: Enable UFW for IPv6 as well

sudo sed -i 's/IPV6=no/IPV6=yes/g' /etc/default/ufw

sudo ufw reload

Step 5: Update /etc/ssh/sshd_config

Port xxxx is custom port used in Step 4, and is optional

sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config

sudo echo 'ClientAliveInterval 20' >> /etc/ssh/sshd_config

sudo echo 'ClientAliveCountMax 30' >> /etc/ssh/sshd_config

sudo sed -i 's/#X11Forwarding yes/X11Forwarding no/g' /etc/ssh/sshd_config

sudo echo 'Port xxxx' >> /etc/ssh/sshd_config

sudo systemctl restart sshd

---

Annexure I

Understanding Key Terms

Aliases: In Linux, an alias is a shortcut for a command. It’s a way to run a command or a series of commands using a keyword that you define. For example, you could create an alias called ‘update’ that runs the command ‘sudo apt-get update && sudo apt-get upgrade’.

UFW (Uncomplicated Firewall): This is a user-friendly front-end for managing iptables firewall rules. Its main goal is to make managing iptables easier or, as the name states, uncomplicated.

SSH (Secure Shell): This is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution.

---

Annexure II

Customizing .bashrc with aliases

One of the key aspects of optimizing your workflow on a Debian Linux VPS is customizing your .bashrc file with aliases. These aliases serve as shortcuts for commonly used commands, making your command line experience more efficient and streamlined. By defining these aliases in your .bashrc file, you can create personalized commands that save you time and effort. Whether it’s a simple alias to navigate to a frequently accessed directory or a complex alias that combines multiple commands, customizing your .bashrc with aliases allows you to tailor your command line experience to your specific needs.

By setting up a custom script and understanding the building blocks of its structure, you can greatly improve your efficiency and productivity in the command line. And with the ability to customize your .bashrc file, you can make your script truly unique and tailored to your specific needs. So why not take the time to set up a custom script and see the positive impact it can have on your workflow?

---

Annexure III

Logging in via SSH to the Remote VPS – basic steps to follow.

Note: for detailed steps, you can use any of the links provided here from search results in duckduckgo

Step 1: Open a terminal window on your local machine.

Step 2: Type ‘ssh username@ip address’ (replace ‘username’ with your username on the VPS and ‘ip address’ with the IP address of the VPS). Press Enter.

Step 3: You will be prompted to enter your password. Type your password and press Enter. Note that you won’t see the characters as you type your password.

Step 4: If this is your first time logging in to the VPS from your local machine, you may see a message about the server’s host key not being cached. Type ‘yes’ and press Enter to continue.

Step 5: If your username and password are correct, you should now be logged in to your VPS.

Running the Script and Troubleshooting:

How to Run the Script: To run the script, open a terminal window, navigate to the directory where the script is located using the ‘cd’ command, and then type ‘./scriptname.sh’ (replace ’scriptname.sh’ with the actual name of your script). Press Enter to execute the script.

What to Expect: The script will begin executing the commands one by one. Depending on your system and internet speed, this could take a few minutes. You may see text output in the terminal as the script runs, which is normal.

Troubleshooting: If you encounter an error while running the script, the error message will typically give you some indication of what went wrong. Common issues include not having the necessary permissions to run the script (you can fix this by running ‘chmod +x scriptname.sh’) or a command in the script failing (you’ll need to check the script and correct the command).