gemini://the.teabag.ninja/akkoma/linode/

I looked around for something local to me, and found Linode does a $5USD/month Shared CPU 1GB RAM VPS.

I made an account unfortunately before realising I should have used the link from Late Night Linux so I didn't get the $100 credit, assuming it's still a thing. No matter though, as I was only going to use $5 of it.

Do give them a listen, if Linux podcasts are your thing.

So, I created my account, added a credit card, then once logged into after verfying email etc. I then went to "Linodes" on left menu and then *Create Linode*

This brings up a new page where you select what you want:

- Choose Distribution: Debian 11

- Linode Plan: The second tab along is Shared CPU, which are super cheap. Nanode 1GB is a great start for trying this out and is what I use with multiple users.

- Linode Label: Give your server a name for the Admin Panel in Linode. I entered the domain I will be using, to make it obvious for myself if I end up with more than one.

- Root Password: make a password for root user. I generate long strings in KeepassXC and save there.

- SSH Keys: I am on a windows machine, however this is pretty simple. See below

- Attach a VLAN: leave, not needed

- Add-ons: Backups would be a smart idea.

Check the summary of your Linode, then click *Create Linode*

I should have done this sooner to allow time for DNS propogation - which is why I am suggesting you do it now.

Go into the DNS settings of your domain providor, and create a new A-Record.

The entry you need to put in will be the IPv4 address of your shiny new Linode VPS. You can see this by going to cloud.linode.com

You can also do the same for IPv6 using the AAAA-Record IP which you can get by clicking into the VPS to show more info.

Open start menu, then type `cmd`

Run `ssh-keygen` and give the output file a memorable name if needed (Or just *Enter* to use the default of id_rsa)

![screenshot showing the process described above](/cmd_sshkeygen.jpg)

This will output the public and private keys to a folder on Windows at `C:\Users\<username>\.ssh`

This will show a bunch of files. `id_rsa.pub` is the one we want to upload to Linode. Or `whatever-you-named-it.pub`

![screenshot of the folder containing id_rsa.pub and a couple of other files](/id_rsa.jpg)

The first time you connect it will ask if you're sure, then store the fingerprint of the server so it knows you are always connecting to the same server. It does not ask for a password, as it uses the ssh key we uploaded when creating the server.

Once in, you can update the software package repositories

And then upgrade the system

**A couple of additional tweaks I like to do on a VPS can be found [here](/posts/2023/01/btop-backports-and-swappiness/)**

Optional, but recommended.

<br/>This can be done later if need be... but you should really just do it now and get it out of the way.

...so that multiple failed logins lock that IP out.

Make sure system is updated, then install:

Then start the service

And enable the service to run at startup, so it comes back up when rebooting

This is so if someone manages to get into your server, they do not have root. Also the port being a non-standard port for ssh means the likelyhood of that actually happening is lower. If you like, it may be a good idea to do a manual snapshot in cloud.linode.com in case you screw up and can't log in.

Do all of the following while logged in as root.

Create a new user, where `<user>` is a username of your choosing:

Set a long pasword - ideally using a password manager to create a random string or phrase so it can't be easily worked out or guessed. You can leave the other entries blank and just *Enter* through them (Name, Room, etc).

You then need to add your public ssh key from earlier, to the user you just created.

Now edit the ssh config

Where it says `#Port 22` insert another line above or below saying `Port 55555` (or whatever port you want to use)

Down a bit further in the config it says `PermitRootLogin` change the `yes` to `no`

Then add `AllowUsers <user>` at the top or bottom of that block - or anywhere. The end... or where ever.

*Ctrl+X* to exit, *Y* to save, *Enter* to save as same name.

Then do the following to restart the ssh service and apply the settings.

Leave the current session open, and start another terminal on your machine (eg. another cmd.exe) and attempt to login as described below before you close the other one - this is so you can recify any mistakes if it does not work.

Open cmd.exe or Powershell (assuming Windows), and enter the following substituting port/username/IP to suit:

Then once in, drop to root using `su -` and enter the root password. (and no, the curser does not move when entering passwords)

**This will be how you log into your server from now on.**

I currently manually do this every week(ish) to make sure I have security updates etc for my system. I really need to automate it with cron probably. I will update here when I get around to it...

Creating the host server on Linode for Akkoma

Point your Domain to your Linode.

SSH Keygen (Windows)

To log in to your Linode now:

Harden your server a little bit

Install fail2ban...

Create a non-root user for login, and change the ssh port

How to log in as the user on a different port, then drop to root:

Updating Debian