commit 7f436d39de4a476db6001a2d00750c406b0aaef4
parent e8d9de15a01d74d88e4f51a5d4145dffbc2c0e12
Author: Kévin Le Gouguec <kevin.legouguec@gmail.com>
Date: Sat, 3 Jul 2021 01:47:10 +0200
Keep noting down VPS admin stuff
Diffstat:
1 file changed, 22 insertions(+), 0 deletions(-)
diff --git a/guides/cloud/vps.org b/guides/cloud/vps.org
@@ -14,3 +14,25 @@ On OVH's Debian image:
Debian's fail2ban comes with a jail for ~sshd~, so it's just a matter
of ~apt install fail2ban~.
+** Tweak user accounts
+=debian= seems mildly popular among bots looking for valid usernames.
+
+Ideally I'd just rename the =debian= account, but renaming does not
+seem to be a very well-defined operation. ~usermod --login $name
+--move-home --home /home/$name debian~ gets partway there, but leaves
+a bunch of miscellany to take care of (e.g. sudoers).
+
+So instead, I'll
+- create my own user account: ~sudo adduser $name~
+- add it to all groups =debian= belongs to:
+ #+begin_src sh
+ groups=$(groups | sed -e 's/ *debian *//' -e 's/ /,/g')
+ sudo usermod --append --groups ${groups} $name
+ #+end_src
+- only allow password authentication over SSH for this new user
+ account:
+ #+begin_src conf
+ PasswordAuthentication no
+ Match User …
+ PasswordAuthentication yes
+ #+end_src
