diff options
| author | Kévin Le Gouguec <kevin.legouguec@gmail.com> | 2021-07-03 01:47:10 +0200 |
|---|---|---|
| committer | Kévin Le Gouguec <kevin.legouguec@gmail.com> | 2021-07-03 01:47:10 +0200 |
| commit | 7f436d39de4a476db6001a2d00750c406b0aaef4 (patch) | |
| tree | 548d9442d5fb6851bedafcbcafcb2fc6dc154a80 /guides | |
| parent | e8d9de15a01d74d88e4f51a5d4145dffbc2c0e12 (diff) | |
| download | memory-leaks-7f436d39de4a476db6001a2d00750c406b0aaef4.tar.xz | |
Keep noting down VPS admin stuff
Diffstat (limited to 'guides')
| -rw-r--r-- | guides/cloud/vps.org | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/guides/cloud/vps.org b/guides/cloud/vps.org index cfb1b89..b8c3fd5 100644 --- a/guides/cloud/vps.org +++ b/guides/cloud/vps.org @@ -14,3 +14,25 @@ On OVH's Debian image: Debian's fail2ban comes with a jail for ~sshd~, so it's just a matter of ~apt install fail2ban~. +** Tweak user accounts +=debian= seems mildly popular among bots looking for valid usernames. + +Ideally I'd just rename the =debian= account, but renaming does not +seem to be a very well-defined operation. ~usermod --login $name +--move-home --home /home/$name debian~ gets partway there, but leaves +a bunch of miscellany to take care of (e.g. sudoers). + +So instead, I'll +- create my own user account: ~sudo adduser $name~ +- add it to all groups =debian= belongs to: + #+begin_src sh + groups=$(groups | sed -e 's/ *debian *//' -e 's/ /,/g') + sudo usermod --append --groups ${groups} $name + #+end_src +- only allow password authentication over SSH for this new user + account: + #+begin_src conf + PasswordAuthentication no + Match User … + PasswordAuthentication yes + #+end_src |