In this educational article, we are showing the steps needed for the Operating System setup for WordPress installation, from the operating system to securing the WordPress installation. This is the first article in the series and it walks us through preparing the Operating System setup for WordPress installation.
ip: 167.71.34.152 (replace it with your server ip)
OS: Ubuntu 23.10 (GNU/Linux 6.5.0-9-generic x86_64)
User: bg-user
Login to your server (assuming you already have one – if not contact us)
We have a root user login with a password as provided by hosting so we’ll first go ahead and secure the login by:
- Creating bg-user
- Adding bg-user to sudoers
- Creating an SSH key for bg-user
- Disable root user login
- Disable password login
Creating bg-user
root@bluegrid:~# useradd -m bg-user
-m
flag instructs the “useradd
” command to create a home directory for bg-user
which we can confirm has been done properly:
Define a password for this user:
root@bluegrid:~# passwd bg-user
Adding bg-user to sudoers
root@bluegrid:~# usermod -aG sudo bg-user
Login as a new user and confirm the login works:
root@bluegrid:~# su - bg-user
Note: if you see a prompt with nothing but:
$
(No user is shown in the prompt – like you had for root: root@bluegrid – and your commands don’t take TAB as path autocomplete) you need to set the bash path. First find out the location of the shell on your ubuntu machine:
$ chsh -s /usr/bin/bash
Now lets set the location of our shell:
$ chsh -s /usr/bin/bash
Now logout and log back into your Ubuntu machine and you should see:
bg-user@bluegrid:~$
Creating SSH key for user bg-user
Now, let’s go to our local system and create a key that we’ll use to login to the Ubuntu server:
$ ssh-keygen -t rsa -b 4096 -C [email protected]
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/ivan/.ssh/id_rsa): bluegrid.io-edu
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in bluegrid.io-edu
Your public key has been saved in bluegrid.io-edu.pub
The key fingerprint is:
SHA256:j6NetegTloOkTM6zG0FD/DuXeetZB4jGUERY0A3n87c [email protected]
The key’s randomart image is:
+---[RSA 4096]----+
| .. .B*o. |
| .. ...o. |
| o.. o |
| ...oo . + |
| =.o oS+o o . |
| *.+.O=.. o . |
| .o +=+o.. E |
| .. +...o . |
| .oo .oo |
+----[SHA256]-----+
MacBook-Pro-ID:~ ivan$
Commands flags:
- t
: type of the key to be generated. Options are: [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]
- b
: size of the key in bytes- C
: comment that describes the key if we need it
This is where the prompt asks for key file name:
Enter file in which to save the key (/Users/ivan/.ssh/id_rsa): bluegrid.io-edu
ssh-keygen will create two files:
$ ll bluegrid.io-edu*
-rw------- 1 ivan staff 3434 Dec 2 11:05 bluegrid.io-edu
-rw-r--r-- 1 ivan staff 742 Dec 2 11:05 bluegrid.io-edu.pub
We will take the contents of the bluegrid.io-edu.pub
and place it on the server. To do it, use any file viewer you are comfortable with and copy its contents (I used cat):
$ cat bluegrid.io-edu.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvljKroHCj3qPUMAFh+IgUchzPwqPBByhS3sBQqLZItGe5RC5ZH7jduUIlcI3hu1LzO/g8nmkOJ+/csyV1i392AUE+9d9kIGKXlhEubr7Wkpwz5HyYcc1G6Z9wQhFF3bmB0y3FkGewr/QP0IeMW4OiRdk+TfyZek7AYgE0v7YH2oZ5PUXxNOJI+TY/lnqBDGIcqcsSeQo7NWr3jnusZsSy4HqetAOaoR9YY0/4JX4opwvm0Slrd/lYmkJyxRlDEPTIIPee3uBpQN+ak6FKelxDIWWvkyWTqoJv1uGAHXqsZhX+BpT2iDptoxwmv8rc+CYQVQ3ozzmxcOvJrGGV7FCFTJiksC3h6DifdVodsvym14/q0Y01nDc825+BliW3RdkHNclKqnUm6myp7qZM4JWUKlyLpfu4G7aNaNAxrjVEGNVlV6Nr3BNLTk+wzq9ZsfnwaU5l0sKLRIBmDxE6JoJgJ7tMox90rJqwaxsDjY7GmHCMIidyQxvhfKK4vedbfg5Yy3wuzDXI6nz+m1uZbzFOelZu4XBsDYBkgRL0V2HMQRVa5tys9p2U4CgEPByIkbaRTtLZm+B4VDLOY/bXd90j7Eis2vd6brPBkI0BmlRFOmkme26gtDg+OPzqoVokRTqb0lYc4suSNfsIcGb/GfT8EocdlX88ts4XnM+FH0KpxQ== [email protected]
Copy this content and log in to the server, I use the tmp
folder:
$ scp bluegrid.io-edu.pub [email protected]:/tmp/
scp
command is used to remotely copy the file bluegrid.io-edu.pub
to the remote server. When asked for the password you enter your bg-user password previously set – the one you use to login to this server.
Now login to the server and create .ssh
directory in which we’ll, store authorized keys:
bg-user@bluegrid:~$ mkdir .ssh
Then copy the contents of the key to the SSH autorized_keys file (if the file doesn’t exist this command will create it):
bg-user@bluegrid:~$ cat /tmp/bluegrid.io-edu.pub >> .ssh/authorized_keys
Make sure that the key has been copied:
bg-user@bluegrid:~$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvljKroHCj3qPUMAFh+IgUchzPwqPBByhS3sBQqLZItGe5RC5ZH7jduUIlcI3hu1LzO/g8nmkOJ+/csyV1i392AUE+9d9kIGKXlhEubr7Wkpwz5HyYcc1G6Z9wQhFF3bmB0y3FkGewr/QP0IeMW4OiRdk+TfyZek7AYgE0v7YH2oZ5PUXxNOJI+TY/lnqBDGIcqcsSeQo7NWr3jnusZsSy4HqetAOaoR9YY0/4JX4opwvm0Slrd/lYmkJyxRlDEPTIIPee3uBpQN+ak6FKelxDIWWvkyWTqoJv1uGAHXqsZhX+BpT2iDptoxwmv8rc+CYQVQ3ozzmxcOvJrGGV7FCFTJiksC3h6DifdVodsvym14/q0Y01nDc825+BliW3RdkHNclKqnUm6myp7qZM4JWUKlyLpfu4G7aNaNAxrjVEGNVlV6Nr3BNLTk+wzq9ZsfnwaU5l0sKLRIBmDxE6JoJgJ7tMox90rJqwaxsDjY7GmHCMIidyQxvhfKK4vedbfg5Yy3wuzDXI6nz+m1uZbzFOelZu4XBsDYBkgRL0V2HMQRVa5tys9p2U4CgEPByIkbaRTtLZm+B4VDLOY/bXd90j7Eis2vd6brPBkI0BmlRFOmkme26gtDg+OPzqoVokRTqb0lYc4suSNfsIcGb/GfT8EocdlX88ts4XnM+FH0KpxQ== [email protected]
Let’s check if we can log in to this server from our local computer:
Note that the key used was bluegrid.io-edu
, not the bluegrid.io-edu.pub
! .pub
is for public locations like our server, and the private one (without .pub
) stays on our local machine hidden from everyone.
Disable root ssh login
Open sshd_config
file with your preferred editor (I used nano
):
bg-user@bluegrid:~$ sudo nano /etc/ssh/sshd_config
Then find PermitRootLogin yes
and change it to PermitRootLogin no
Save the change (in nano: CTRL+X; Select Y as a “Yes” to save the change; hit ENTER to save it) and restart the ssh service:
bg-user@bluegrid:~$ sudo service ssh restart
Now let’s test root login from our local machine:
ssh [email protected] -i bluegrid.io-edu
As you can see the server will not allow ssh login as a root user.
Disable password for SSH logins
The reason we need to do this is that even though we have an SSH key to log in with, the password is still a login option. So, if someone knows (or cracks) your password they can still log in to your server.
Open sshd_config
file with your preferred editor
bg-user@bluegrid:~$ sudo nano /etc/ssh/sshd_config.d/50-cloud-init.conf
and find (it’s probably a single line):
PasswordAuthentication yes
And change it to
PasswordAuthentication no
Save the change and restart the ssh service:
bg-user@bluegrid:~$ sudo service ssh restart
Let’s test the login without the key:
Now let’s do it with the key:
ssh [email protected] -i bluegrid.io-edu
We are now set with the operating system environment and will proceed to install the necessary services needed for a web server to run and serve the HTTP requests.