Essential First Steps for Every New Linux Server Build
HTML-код
- Опубликовано: 14 июл 2024
- In this video for new Linux users, Jay covers the essential first tweaks that should made to every new Linux server build. Although these first tweaks may seem a bit "basic", don't underestimate their importance! A little preparation goes a long way.
Learn Linux TV - Your Home For Linux-Related Fun and Learning!
Time Codes
00:00 - Intro
02:00 - Installing all available updates via apt (Debian/Ubuntu/etc)
05:03 - Installing all available updates (Fedora)
06:10 - Creating a non-root user for ourselves (general method)
08:00 - Creating a non-root user for ourselves (Debian/Ubuntu specific method)
10:15 - Setting the hostname/domain name for the server
11:19 - Adding the servers hostname/domain name to /etc/hosts
13:13 - Generating an SSH key
14:05 - Copying an SSH public key to a server
16:08 - Disabling root login password access for SSH
19:15 - Rebooting the server
Support Linux Learning (commission earned)
• Become a channel member here on RUclips ➜ learnlinux.link/join
• Become a Patron on Patreon ➜ learnlinux.link/patron
• Receive a 5% discount on an LPI exam voucher ➜ learnlinux.link/lpi-voucher
Recommended stand-alone videos from Learn Linux TV
• How to create a bootable flash drive for installing Linux ➜ linux.video/flash-usb
• Installing an operating system for Raspberry Pi ➜ linux.video/pi-imager
• How to connect to a Linux server via ssh ➜ Coming soon!
• Understanding Linux permissions ➜ linux.video/perms
• Essential tweaks for ALL Linux Servers ➜ linux.video/all-servers
Full Courses from Learn Linux TV
• Linux Crash Course series ➜ linux.video/cc
• Learn how to exit use tmux ➜ linux.video/tmux
• Learn how to use vim ➜ linux.video/vim
• Bash Scripting Series ➜ linux.video/bash
• Proxmox VE Cluster Full Course ➜ linux.video/pve
• Learn Ansible ➜ linux.video/ansible
Linux-related Podcasts
• Enterprise Linux Security ➜ enterpriselinuxsecurity.show
• The Homelab Show ➜ thehomelab.show
Official *Learn Linux TV on the Web*
• Main site ➜ www.learnlinux.tv
• Community ➜ community.learnlinux.tv
Content Ethics
• The following article covers the rules and guidelines Learn Linux TV abides by ➜ www.learnlinux.tv/content-ethics
Disclaimer
LearnLinuxTV produces technical content that will hopefully be helpful to you and teach you something new. However, this content is provided without any warranty (expressed or implied). LearnLinuxTV is not responsible for any damages that may arise from any use of the content and information that's being provided. The viewer is expected to follow best judgement and to make his/her/their best decisions while working with production or non-production software, systems and hardware.
#Linux #LinuxTutorial #LinuxForBeginners 
Наука
I’ve been a system engineer in and Windows environment for 17 years. My goal is to be a DevOps engineer by 2024. Your videos and books make learning Linux simple besides I love technology and have a passion for it. I really enjoy your content. Please keep the videos coming sir.
True, Jay is the man
Hey, I know this is random but any advice to someone wanting to be a system engineer/admin for Windows? Got 4 years experience as Helpdesk, Desktop Tech & App Analyst Sys Admin. Never been an OS admin professionally though, but doing research and testing in my own VMs and studying for the AZ-900 to start.
A year latter and the video still kicks ass ;~o
What a great video! I thought I had a good routine for setting up servers, but man was I wrong.
Thanks so much, Jay!
This is amazing stuff. I'm going to be referencing this when starting my homelab projects for sure.
This is the only channel I keep checking.
Your videos are so amazing, thank you Jay!
Great video! One of the most valuable channels that I ever subscribed to.
What a great timing. I am about to build my first server and of course I'm going to install Linux on it. Just waiting for a motherboard, everything else already arrived.
Again, when upgrading your packages, don't do it blindly. Read the list of upgraded packages.
If you see something you were not expecting, press "n". "Just like that." 😉
Great video amigo! Keep up the good content 🤩
Thank you for all you are doing sir! 💪🏾👽👌🏽
Thats some nice looking Fedora swag!
Great video.
- Next steps would be to configure your firewall (ufw on Debian) and setup and VPN connections etc.
- then automating everything (e.g. via Ansible) for repeatable infrastructure
Thank you, amazing content.
I am your old subscriber.
Your all videos are gold mines.
👍🏻👌🏻
To add a user in Debian I use adduser(8) or addgroup(8) instead of usermod(8) to add secondary group to an account, as that has less switch and easier to remember.
Usually one change configurations for the sshd by adding files into /etc/ssh/sshd_config.d/ direcotory instead of editing /etc/ssh/sshd_config.
Useful video! I will be going through this shortly once I finish building this 7900 (non-x) PC that I plan to put Mint Cinnamon on.
My daily driver is a custom built Ryzen 5900x rig with 32 GB of ram and two SSD NVME drives. Drive one is my default boot and I usually run Zorin OS 16.2. (Drive two is Win 10 Pro). I have absolutely no complaints with my 5900x machine. It just runs and is dead silent thanks to an giant (overkill) beefy heatsink with a 140mm fan in the middle and two large 140mm front intake fans. I love this machine. It is rock solid with my Linux install. I usually upgrade every other processor generations, so I will likely build my next rig with Zen 5 (or Zen 4+) and will look for an "9900x" or equivalent.
The only thing I use Windows 10 for these days is playing SC II and Diablo III along with a few other Windows games. I also have an RTX 3080 TI in it. Oh one more things --for some reason some streaming services will not display 4K or even 1080p content in Linux regardless of the browser I try to use with it.
@aytviewer2421 the services won't stream higher resolution video on Linux clients because it's harder for them to restrict you with the usual DRM tools. It's a super shady/malicious practice of the big streaming services.
This channel is gold!
Love the new Intro. Don't remember if I said
Pretty solid video! Thanks much! Is there a concise guide for hardening a Linux Server you would recommend?
thx short n simple
Very helpful content sir. Please make a video on how to set up PBS job submission in ubuntu server.
Nice Video :) This is my first time owning a VPS and viewing /var/log/auth.log was a little unnerving. I feel a little more confident now. Thanks.
I like your Fedora cup.
Very good tnx ❤
Nice tutorial with very clear and detail introduced steps, would be even better with some basic firewall setup steps :D
Can you make a video about analysing linux metrics and logs in Grafana and Loki ?
Thanks for this video. I do have a question though: when you install updates on a server do you need to reboot afterwards or is the system so intelligent that updates can be installed on the fly? When a server is in a production environment reboots are not something you want to do.
I've been a linux guy for over 20 years and I didn't know about copy-ssh-id.. I've been copy/pasting my RSA keys into ~/.ssh/authorized_keys like a dummy this entire time. I assume the command appends, so as not to remove existing keys, if so I'm gonna have to start using that!
This command does several things that are useful. It’ll create the ~/.ssh directory and the authorized_keys file and sets their permissions appropriately. If they already exist, then it’ll just append the key to the authorized_keys file after performing a check to see if the key is already authorized for the specified user.
Really? Copying pub keys by hand is no fun. Glad you found out about it. Generally those are baked into a holden image so you don't have to set a password. Remember that ssh-copy-id requires a password, which kinda feats the purpose for automation accounts. Although the cmd is useful for users. But if users are mountingn their homedir then not needed...😊 excellent 101 stuff nonetheless....
Good basics video. Thanks.
@@rodrigito7833 33 33😢😢èrr4444 44 33 hai 44rr
qa@aaC gt
Many thanks for extremely useful educational content! I love your channel and have been following it for a while. Question - I have a remote Linode UBUNTU machine and am accessing it via a VM running Mint 21.1 - I followed all your steps here, however, when I try to connect to the cloud server using SSH, Mint asks me to "enter password to enter a private key" for my local account - when I do this, it just ask me to repeat - so I still have to access the cloud Ubuntu server using password... So, I was not able to complete the process and I would be grateful for any hints and help ! Thanking you in advance !
Hi, can you please make a video explaining when and why these files are used in simple terms /etc/nsswitch.conf and /etc/named.conf if you can show a practical usage it will be great. Please it's a request. Please do reply
You forgot "install vim" make it the default.
;)
Have you ever try medicat? is a very usefull tool too. You should make a video of it!
Can these steps be tied in with your Ansible series? Can I automate the part where I generate a public SSH key on my workstation, send it to the server, have Ansible verify that I can connect to the server with the keys, then update the sshd_config to prevent root login?
Great video, btw!
Jay, can you please make some video on linux IAM including ldap and sssd with AD?
what do you use to have a local linux repo for your proxmox server?
2:28 Ok, but how do you get your Ubuntu server connected to the internet? When I start up my installation it says it is waiting to be configured. I don't see the steps to configure the internet to update from the "~$" (in the video it is "~#"). Where's the tutorial on this?
I was wondering how you ended up without having user other than root on the fresh installation if the installer requires to create one?
Dear Learn Linux TV,
Current, i has Dell server run Os Ubuntu 22.04.
in the future, I will setup one more server run Os Ubuntu 22.04 to run in parallel, for the purpose of redundancy and backup. If the first dies server, there is still second replace.
but, I don't know the steps how to configure, set up and synchronize data for the two servers.
May can you and everyone help me.
Thank you so much.
What happens if the workstation we have ssh key on gets corrupted and I cannot use it to log in to the server? Would I be able to log in to my remote server? Or from a different machine?
If you have physical access, you can always log on to the server via direct connection with a monitor and kb to make the required edits on your configuration files. Be careful with key-pair generation, I read a very interesting article on how easily these keys can be manipulated when the proper safeguards are not in place..
OK, this may be a silly question, but: What is the purpose of the "randomart image" for a newly generated SSH key? Is this used somewhere? I should I save this separately for future reference?
I am in NO WAY and expert, but I believe you are seeing "machine code" or something of the like for the SSH key that was generated. I don't believe you need to copy it anywhere. At least that is my understanding of it.
@@ggalland1 I have never saved it nor used it over the past few years... was wondering why it is even generated and if there is some worthwhile use for it.
OK, I spent a little time and did a brief bit of research on the subject. First of all, I now understand that "randomart" is two words: random art. My brain had it as rando mart and thought that "mart" was significant in some way to the function of the image. But it is in fact "art" created as a visual representation of a newly generated public key. My understanding from what I found is that a randomart image's purpose is to make it easier for mere mortals to differentiate one public SSH key from another. As in you see a nice (17x9 ?) grid of characters in place of a 1-2k+ string of ASCII (UTF-8?) characters. I think this likely was a well intended feature. Yet, in reality over the past 15-20 years I personally have never seen a randomart image in the wild except when an SSH key is generated. So in a nutshell, I do not think there is any present day real-world purpose for this feature. Someone PLEASE correct me if I am wrong and thanks in advance if you provide a better explanation and cite a real-world usage example.
Do you recommend any cert?
I'm always scared to do any update, because thousands users using the server.
Hello Jay, what to do if you lock yourself?
👏👏👏
Hi Everyone,
I'm new to linux is just created bootable USB today, and installed linux one of my old desktop PC, after installation i bought TP-Link AC600 wifi adapter, but i plugged wifi adapter nothing, then went online to TP link website no drivers for linux only windows and Mac, then installed git, dkms, cloned a git repo to get wifi going, wifi is working but internet speed is slow, at this stage i dont have deep understanding so was just copy pasting things into terminal to fix the internet. now Network manager is not working, i spent quite some time figuring out network, no luck now installing ubuntu again, initial friction is too much please make a video on if you dont have lan connection how to get going.
You used the root account for both distros. I thought that Ubuntu by default disabled the root account and the account used to install was a sudo user. Did I miss something?
Not on the Server version. The Desktop version disables root login by default, as I remember, as I switched to Mint some time ago for my Desktops. I believe Mint does as well, as during install, you are only asked to created a regular user, and not asked to set the root password. I have done MANY server installs over the years, from Ubuntu 8.04 on, and always have root user, and have to add any other users.
There is an option to disable the root account on new Ubuntu server installs.
@@oscs4556 during installation?
@@javabeanz8549 yes,
You also need to reboot your Fedora station after the very first update.
Also, also, using sudo with systemctl is redundant as it will ask your password to make changes.
I always use sudo for systemctl commands, because if you're within the sudo timeout window of your last sudo command (defaults to 5 min) you won't have to type it again, whereas authenticating directly with systemd will always require you to type it out.
I am always paranoid about being locked out of a device. How and where could you save the key that you now have on your remote computer so that you could use it to access the server in the event your remote computer died? I realize that having a usb drive or ..... with all sorts of passwords, keys, and credentials introduces a security risk but I think of people with a fortune in bitcoin that they can't access it because they forgot or lost the key.
Jay copied the public key from his local machine up to each server. So, he still has the local copy. If you put it on a flash drive, but want to prevent unauthorized access, you can encrypt the flash drive.
I print out the private key and put it in my gun safe. Same thing with QR codes for 2FA generators. It would be a pain to enter a key by hand, but not impossible.
@@paultruzzi911 You are correct! Hand entry is a pain. I had a site decide not to show the QR Code, so I had to hand input it to my phones. ( Yes, Phones, I don't want one dead phone locking me out of my accounts. )
Some minor changes in /etc/ssh/sshd_config since this video was made.
I notice you have an IPv6 address on the machines. That is good. Should use that for servers you want to access externally.
What is the best server VMware or Virtual Box.
They're hypervisors not servers
would you do a video teaching slurm for linux?
I'm fully of silly questions today -- but what is "slurm"? I've never heard of this.
@@aytviewer2421 "The Slurm Workload Manager, formerly known as Simple Linux Utility for Resource Management, or simply Slurm, is a free and open-source job scheduler for Linux and Unix-like kernels, used by many of the world's supercomputers and computer clusters." I hadn't heard of it either, so I Duck Duck Go'd it ;o)
You say to add the hostname to the hosts file so the server can ping itself - but you don’t explain why the server needs to be able to ping itself…?
Why do some people use "apt dist-upgrade" instead of "apt upgrade"? Does it matter?
@@RiverLiffey23 Many thanks Ahmad!
@@RiverLiffey23 that is incorrect... do-release-upgrade does that. For the differences, try "man apt" and "man apt-get" for full details. But dist-upgrade does some dependency handling that upgrade does not.
@@javabeanz8549 @AYTViewer You are right. I was wrong. I confused do-release-upgrade with apt dist-upgrade. Sorry my bad. I am removing previous comment to not confuse others.
Step 1 always: apt install ncdu
i use those command sudo apt update && sudo apt full-upgrade && sudo apt dist-upgrade && sudo apt autoremove && sudo dpkg --configure -a && sudo apt install -f && do-release-upgrade && sudo apt upgrade -y && apt install ubuntu-release-upgrader-core && sudo apt --fix-broken install && sudo apt clean && sudo at autoclean && sudo apt-get dist-upgrade -y
I like this channel but why does it always cover so, so basic concepts? For anyone above beginner level it's downright boring to watch this stuff.
Like, no offense, but half the video explains how to do things that would likely be already done in a regular installation, updating packages is obvious, and it's not exclusive to new installations, that's something you just do for maintenance from time to time, and disabling root and password access on SSH is good to know, but also expected.
Maybe I'm not the target audience.
From what he said in the video, the purpose for posting this is for a "reference" video that he can point to for future videos on setting up installs and more. Rather than repeat these basic things in every video going forward he will instead refer people to view this video. This will allow other videos to be more in-depth and focused on the topic at hand.
B
The only problem is you are a systemD guy... apart that your videos are very good. I wonder what's gonna be when we destroy systemD and Microsoft's plans to destroy Linux.
I wonder how long it will take for me to learn Linux or at what time I should just call it quits and give up. It reminds me a lot of the internet frontend of Retroarch. In that it does what it wants and I just have to put up with the randomness if today I will get to use the computer or be used by the computer.