Note: Because this is an ongoing series, there is no certificate of completion available for this course.
Skill Level Intermediate
- [Instructor] One great place to run Linux in the cloud is DigitalOcean. For a while now, they've had an offering that starts at $5 a month for a small Linux machine that's great for experimenting with services and web apps. Whenever I want to set up a small personal project online, DigitalOcean is usually my first stop. From their site, you can sign up and then choose to create a Droplet, which is what they call their virtual machines. From my dashboard here, I'll choose Create and Droplets. I can choose a distro, Ubuntu, Fedora, Debian, CentOS, even FreeBSD, and I can choose which of the available versions to use.
Down below, I can choose a Droplet size. I'll go for the $5 a month one here. That's just fine for learning about Linux in the cloud and even for hosting a personal website or blog or a variety of simple services. Further down, I can choose which of their global datacenters to start the Droplet in. I'll choose one in San Francisco. Following some additional options, I'm asked about an SSH key. When the Droplet gets set up, it only has the root user. If I set a key, this key will be associated with that user, allowing me to log in as root.
If I don't set a key, DigitalOcean will email me a root password that I can use to log in. I'll click New SSH Key, and I'll paste in my public key. Again, this is an optional step. And if you don't do this, keep an eye out for an email with a root password instead. Take a look at other episodes in this series for the steps to create an SSH key pair. Then I can choose to start up one or more machines with these settings.
I'll stick with one for now. And I can choose a hostname, or I can leave it with this auto-generated one. Let's call this one apollo. That sounds cool. Then I'll click Create, and DigitalOcean will build and deploy my virtual machine in the datacenter I've selected. Once that's done, I'll copy this IP address up here, which is the public IP of my server. I'll open up my terminal and connect to my shiny new Droplet. I'll write ssh root@, my IP address.
And then since I'm using a key, I'll write -i .ssh/ and the path to my key. And I'm connected. Like many cloud providers, DigitalOcean maintains their own repository mirrors, so updates are nice and fast. It's a good idea to update as soon as you get a new system to make sure it's, well, up to date with the latest security patches. Remember, this machine is exposed to the internet, so it really needs to have the latest security patches applied. I'll open up a tmux session here in case my connection gets interrupted, and then I'll run apt update.
Our lists are up to date, so now I'll run apt upgrade. With tmux here, if I get disconnected, the virtual session will keep the package manager going, and I'll be able to get back to this session when I reconnect. Let's do a little bit of cleanup with apt autoremove.
And let's take a few more steps to protect this machine from the internet. First, I'll add a firewall rule to allow access only on port 22 for now with ufw allow 22/tcp. And then I'll turn the firewall on with ufw enable. Then I'll install software called Fail2Ban, which will keep track of login attempts and automatically block abusive logins.
Right now, the only user I can use to log in is root. That's not a great idea, so let's create a user and then use it to log in instead. I'll write adduser and give a username. I'll set a password and confirm that that's correct. I'll make sure that the user is part of the admin group with usermod, dash a capital G, sudo, and the username.
Okay, now let's copy that SSH key from root's home folder over to my new user's. Keep in mind, this is only something you want to do for your user. Other users on this server should have different keys, their own keys, not yours. Let's switch over to that user. I'll switch to the user's home folder, and I'll create a folder called .ssh. Inside there, we'll need to create a file called authorized_keys with a key that we'll use to log in.
And here I'll paste my public key. I'll save that and close the editor. And we'll drop back to root. Now let's look through the SSH server setup and make sure root can't log in and make sure that we're not accepting passwords to log in, so only users with a key can. I'll edit /etc/ssh/sshd_config. I'll change PermitRootLogin to no.
I'll uncomment PubkeyAuthentication and make sure it's set to yes. And I'll make sure that PasswordAuthentication is set to no. I'll save this and restart the SSH daemon. Then I'll disconnect. Now I'll reconnect with the user we just created and the key.
Great. Back here on my dashboard, I can manage my server. I can restart it or power it off, see what resources it's used, and even use the web console if need be. DigitalOcean is a good choice for a cloud host, and I encourage you to consider it when you're setting up a server to experiment with.