How To Linux Server

Published 03-01-2019 03:47:15

For Pi-Hole servers, I have a post with some tips on How to Pi-Hole

Also check out my ASSSS – A Simple Server Sync Script for an example of a backup job that can be automated on your server to sync data to a backup repo.

Packages

sudo apt-get install vim ranger tmux htop neofetch rsync msmtp

curl my tmux config

mkdir -p ~/.config/tmux
curl theatomheart.net/raw/.config/tmux/tmux.conf >~/.config/tmux/tmux.conf

Setup msmtp for notifications

Create a ~/.msmtprc file

vim ~/.msmtprc

and make it look something like:

defaults
auth on
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile ~/.msmtp.log

account default
host smtp.office365.com
port 587
from sender@domainname.com
user sender@domainname.com
password password

If you put your password in this file, adjust permissions with:

chmod 600 ~/.msmtprc

Or, you can use passwordeval with an encrypted key file. That line would look like:

passwordeval "gpg -d --quiet --for-your-eyes-only ~/keyfile.gpg | sed -e '$a\'"

Bash Aliases

vim ~/.bash_aliases
alias ls="ls --color=auto"

# Program Shortcuts
alias files="ranger"
alias v="vim"
alias tmux="tmux attach || tmux -f ~/.config/tmux/tmux.conf"
alias tm="tmux attach || tmux -f ~/.config/tmux/tmux.conf"
alias nf="clear ; neofetch"
alias reboot="sudo reboot now"
alias upgr="clear ; neofetch ; sudo apt-get update -y && sudo apt-get upgrade -y"

# Pi-Hole Shortcuts
alias wl='pihole -w'
alias bl='pihole -b'
alias wild='pihole -b --wild'
alias eb='sudo vim /etc/pihole/blacklist.txt'
alias ew='sudo vim /etc/pihole/whitelist.txt'

SSH Config

First, make sure you’re able to connect to your server via SSH with a private key.

Second, modify /etc/ssh/sshd_config to apply some or all of these settings.

vim /etc/ssh/sshd_config

PermitRootLogin

Either comment out PermitRootLogin to prohibit SSH logins from user ‘root’

Or, to permit SSH logins from user ‘root’ only with a private key, set this to

PermitRootLogin without-password

Change listening port

Change the line

Port 22

Permitted users

AllowedUsers root theatomheart

To put these changes into effect

systemctl restart sshd.service