![]() Wait a few minutes for the VPS to deploy and start up - you should get an email once it is ready.This is one of the lightest-weight mainstream operating systems that Pritunl is compatible with right out of the box. Once the VPS is running and ready, you'll need to get an SSH client so we can SSH into the VPS to setup the Pritunl VPN server.ĭownload, install and then launch the SSH client of your choice. ![]() We will be using PuTTY because it's simple, but any SSH client will do: ( )Ĭopy the IP address assigned to your VPS into PuTTY, and click "Open" ( ). You may be prompted about a "PuTTY Security Alert" with a message about the host key not being cached, this is normal, click Yes ( ).Īfter it prompts you with "login as:" enter 'root' You can find this in your VPS provider's control panel ( ). At a bare minimum, you should change the supplied root password. This was provided to you in plain text through your provider's web panel and should be considered insecure until it is changed:Įnter 'passwd' in PuTTY and hit enter.Now that you're SSH'd into the server, while technically optional, we highly recommend setting up some basic security including: changing your root password, setting up a sudo user and blocking root from SSH login, and setting up a firewall.**OPTIONAL BUT RECOMMENDED**: Setup automatic security updates on your VPS.Quickly update the server by running 'yum update -y' ( ) Update the server and setup automatic security updates.Then for password, copy and paste (paste in PuTTY by right clicking with your mouse) in the password supplied in your VPS provider's control panel ( ). Input and then confirm your desired new password ( ). Setup a firewall either in OS, or via the control panel of your VPS provider. We will be using the one supplied by Vultr. On the website, under Products>Firewall click the "Add Firewall Group" button ( ) and set the description to something related to VPN so you remember what it is for (ie. ![]() "VPN Firewall")Ĭreate a firewall rule to allow SSH connections to the VPS ( ).Source: My IP (or you can set this to Anywhere, but this will allow anyone to attempt to login to your server)Ĭreate a firewall rule for the VPN server IP ( ).Port: 1337 (or whatever you decide to use as your VPN port).Source: Anywhere (or you can define a specific IP range if you want to limit access to your VPN to only that range)Ĭreate a firewall rule to allow HTTPS connections to the VPN web panel ( ).Source: Anywhere (or you can define a specific IP range if you want to limit access to your VPN web panel to only that range)Ĭreate a firewall rule to allow HTTP connections to the VPN web panel for LetsEncrypt SSL, if you want to specify a custom domain ( ).Then, you must attach the Firewall Group to the VPS for it to take affect.On the website, under Products>Instances>Cloud Instance (the VPS you rented for this)>Settings>Firewall select the Firewall Group we created earlier, with the description you assigned yourself ( ).Ĭlick "Update Firewall Group" to apply the changes ( ). Setup a sudo user by creating a new user, setting the users password, and then adding the user to the sudo user group. This new user with only have access to commands that affect it's own user directory (not the rest of the system or other users), unless they prefix commands with ' sudo' (essentially running the command as root), which has password verification. For this to be at all beneficial we must also restrict root from logging in via SSH. Run 'useradd ', replacing '' with your desired user name ( ). Run 'passwd ' replacing '' with the username of the user you just created ( ). Run 'usermod -aG wheel ' replacing '' with the username of the user you just created ( ). Run 'nano /etc/ssh/sshd_config' and change the "PermitRootLogin yes" line to "PermitRootLogin no". This will prevent root login over SSH ( ).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |