1. Operating System setup for WordPress installation

Post by Ivan Dabić
Subscribe to our blog articles!
February 20, 2024 | 6 minutes read

In this educational article, we are showing the steps needed for the Operating System setup for WordPress installation, from the operating system to securing the WordPress installation. This is the first article in the series and it walks us through preparing the Operating System setup for WordPress installation.

Specification:

ip: 167.71.34.152 (replace it with your server ip)
OS: Ubuntu 23.10 (GNU/Linux 6.5.0-9-generic x86_64)
User: bg-user

Login to your server (assuming you already have one – if not contact us)

We have a root user login with a password as provided by hosting so we’ll first go ahead and secure the login by:

  1. Creating bg-user
  2. Adding bg-user to sudoers
  3. Creating an SSH key for bg-user
  4. Disable root user login
  5. Disable password login

Creating bg-user

root@bluegrid:~# useradd -m bg-user

-m flag instructs the “useradd” command to create a home directory for bg-user which we can confirm has been done properly:

Define a password for this user:

root@bluegrid:~# passwd bg-user

Adding bg-user to sudoers

root@bluegrid:~# usermod -aG sudo bg-user

Login as a new user and confirm the login works:

root@bluegrid:~# su - bg-user

Note: if you see a prompt with nothing but:

(No user is shown in the prompt – like you had for root: root@bluegrid – and your commands don’t take TAB as path autocomplete) you need to set the bash path. First find out the location of the shell on your ubuntu machine:

$ chsh -s /usr/bin/bash

Now lets set the location of our shell:

$ chsh -s /usr/bin/bash

Now logout and log back into your Ubuntu machine and you should see:

bg-user@bluegrid:~$ 

Creating SSH key for user bg-user

Now, let’s go to our local system and create a key that we’ll use to login to the Ubuntu server:

$ ssh-keygen -t rsa -b 4096 -C [email protected]
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/ivan/.ssh/id_rsa): bluegrid.io-edu
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in bluegrid.io-edu
Your public key has been saved in bluegrid.io-edu.pub
The key fingerprint is:
SHA256:j6NetegTloOkTM6zG0FD/DuXeetZB4jGUERY0A3n87c [email protected]
The key’s randomart image is:
+---[RSA 4096]----+
|   .. .B*o.      |
|   .. ...o.      |
|    o..   o      |
|   ...oo . +     |
|   =.o oS+o o .  |
|    *.+.O=.. o . |
|    .o +=+o.. E  |
|    .. +...o .   |
|    .oo .oo      |
+----[SHA256]-----+
MacBook-Pro-ID:~ ivan$

Commands flags:

- t: type of the key to be generated. Options are: [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]
- b: size of the key in bytes
- C: comment that describes the key if we need it

This is where the prompt asks for key file name:

Enter file in which to save the key (/Users/ivan/.ssh/id_rsa): bluegrid.io-edu

ssh-keygen will create two files:

$ ll bluegrid.io-edu*
-rw-------  1 ivan  staff  3434 Dec  2 11:05 bluegrid.io-edu
-rw-r--r--  1 ivan  staff   742 Dec  2 11:05 bluegrid.io-edu.pub

We will take the contents of the bluegrid.io-edu.pub and place it on the server. To do it, use any file viewer you are comfortable with and copy its contents (I used cat):

$ cat bluegrid.io-edu.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvljKroHCj3qPUMAFh+IgUchzPwqPBByhS3sBQqLZItGe5RC5ZH7jduUIlcI3hu1LzO/g8nmkOJ+/csyV1i392AUE+9d9kIGKXlhEubr7Wkpwz5HyYcc1G6Z9wQhFF3bmB0y3FkGewr/QP0IeMW4OiRdk+TfyZek7AYgE0v7YH2oZ5PUXxNOJI+TY/lnqBDGIcqcsSeQo7NWr3jnusZsSy4HqetAOaoR9YY0/4JX4opwvm0Slrd/lYmkJyxRlDEPTIIPee3uBpQN+ak6FKelxDIWWvkyWTqoJv1uGAHXqsZhX+BpT2iDptoxwmv8rc+CYQVQ3ozzmxcOvJrGGV7FCFTJiksC3h6DifdVodsvym14/q0Y01nDc825+BliW3RdkHNclKqnUm6myp7qZM4JWUKlyLpfu4G7aNaNAxrjVEGNVlV6Nr3BNLTk+wzq9ZsfnwaU5l0sKLRIBmDxE6JoJgJ7tMox90rJqwaxsDjY7GmHCMIidyQxvhfKK4vedbfg5Yy3wuzDXI6nz+m1uZbzFOelZu4XBsDYBkgRL0V2HMQRVa5tys9p2U4CgEPByIkbaRTtLZm+B4VDLOY/bXd90j7Eis2vd6brPBkI0BmlRFOmkme26gtDg+OPzqoVokRTqb0lYc4suSNfsIcGb/GfT8EocdlX88ts4XnM+FH0KpxQ== [email protected]

Copy this content and log in to the server, I use the tmp folder:

$ scp bluegrid.io-edu.pub [email protected]:/tmp/

scp command is used to remotely copy the file bluegrid.io-edu.pub to the remote server. When asked for the password you enter your bg-user password previously set – the one you use to login to this server.

Now login to the server and create .ssh directory in which we’ll, store authorized keys:

bg-user@bluegrid:~$ mkdir .ssh

Then copy the contents of the key to the SSH autorized_keys file (if the file doesn’t exist this command will create it):

bg-user@bluegrid:~$ cat /tmp/bluegrid.io-edu.pub >> .ssh/authorized_keys 

Make sure that the key has been copied:

bg-user@bluegrid:~$ cat .ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvljKroHCj3qPUMAFh+IgUchzPwqPBByhS3sBQqLZItGe5RC5ZH7jduUIlcI3hu1LzO/g8nmkOJ+/csyV1i392AUE+9d9kIGKXlhEubr7Wkpwz5HyYcc1G6Z9wQhFF3bmB0y3FkGewr/QP0IeMW4OiRdk+TfyZek7AYgE0v7YH2oZ5PUXxNOJI+TY/lnqBDGIcqcsSeQo7NWr3jnusZsSy4HqetAOaoR9YY0/4JX4opwvm0Slrd/lYmkJyxRlDEPTIIPee3uBpQN+ak6FKelxDIWWvkyWTqoJv1uGAHXqsZhX+BpT2iDptoxwmv8rc+CYQVQ3ozzmxcOvJrGGV7FCFTJiksC3h6DifdVodsvym14/q0Y01nDc825+BliW3RdkHNclKqnUm6myp7qZM4JWUKlyLpfu4G7aNaNAxrjVEGNVlV6Nr3BNLTk+wzq9ZsfnwaU5l0sKLRIBmDxE6JoJgJ7tMox90rJqwaxsDjY7GmHCMIidyQxvhfKK4vedbfg5Yy3wuzDXI6nz+m1uZbzFOelZu4XBsDYBkgRL0V2HMQRVa5tys9p2U4CgEPByIkbaRTtLZm+B4VDLOY/bXd90j7Eis2vd6brPBkI0BmlRFOmkme26gtDg+OPzqoVokRTqb0lYc4suSNfsIcGb/GfT8EocdlX88ts4XnM+FH0KpxQ== [email protected]

Let’s check if we can log in to this server from our local computer:

Note that the key used was bluegrid.io-edu, not the bluegrid.io-edu.pub! .pub is for public locations like our server, and the private one (without .pub) stays on our local machine hidden from everyone.

Disable root ssh login

Open sshd_config file with your preferred editor (I used nano):

bg-user@bluegrid:~$ sudo nano /etc/ssh/sshd_config

Then find PermitRootLogin yes and change it to PermitRootLogin no

Save the change (in nano: CTRL+X; Select Y as a “Yes” to save the change; hit ENTER to save it) and restart the ssh service:

bg-user@bluegrid:~$ sudo service ssh restart

Now let’s test root login from our local machine:

ssh [email protected] -i bluegrid.io-edu

As you can see the server will not allow ssh login as a root user.

Disable password for SSH logins

The reason we need to do this is that even though we have an SSH key to log in with, the password is still a login option. So, if someone knows (or cracks) your password they can still log in to your server.

Open sshd_config file with your preferred editor

bg-user@bluegrid:~$ sudo nano /etc/ssh/sshd_config.d/50-cloud-init.conf 

and find (it’s probably a single line):

PasswordAuthentication yes

And change it to 

PasswordAuthentication no 

Save the change and restart the ssh service:

bg-user@bluegrid:~$ sudo service ssh restart

Let’s test the login without the key:

ssh [email protected]

Now let’s do it with the key:

ssh [email protected] -i bluegrid.io-edu

We are now set with the operating system environment and will proceed to install the necessary services needed for a web server to run and serve the HTTP requests.

Need help with your website?
Share this post

Share this link via

Or copy link