Ubuntu – How to automate a new linux server’s initial setup

automationconfiguration-managementSecurityUbuntu

Every time I setup a new server, I follow a series of steps on each server in order to get updates, set passwd, remove login via root user, customize a familiar environment (bashrc) and secure the server.

Is it possible to do all that using a script? The setup could include:

distro upgrades and updates

apt-get update

apt-get upgrade
adding users

adduser deployer

adduser deployer sudo

mkdir /home/deployer/.ssh

chmod 700 /home/deployer/.ssh

touch /home/deployer/.ssh/authorization_keys

deployer passwd

su deployer

cd to /home/deployer/.ssh/

sudo chown deployer .ssh/
Executing commands on local machine:

ssh-copy-id root@hostname.com

ssh-copy-id deployer@hostname.com
logging back onto server:

chmod 400 /home/deployer/.ssh/authorized_keys

chown deployer:deployer /home/deployer -R

5..6…7.. Customizing bashrc, editing sshd_config, installing ufw & logwatch

Best Answer

Use a Kickstart or equivalent process to manage the build. Use a configuration management product like Puppet to deploy your settings.

You can also use a little bit of scripting magic to kick off the configuration management at the end of your build to make it a seamless experience.

My script sets a static IP, configures OSSEC and performs a couple puppet runs to sort out all the dependencies then runs a yum update (I'm primarily a CentOS user).

It's possible to cobble together other methods of getting the same results but I've found this to be the most flexible method I've worked with.

Related Solutions

Ssh authentication nfs

Your ssh client is trying password authentication before public key authentication.

Check your ~/.ssh/config and /etc/ssh/ssh_config files for a PreferredAuthentications entry.

I see similar behavior if I add the following entry to my ~/.ssh/config file:

PreferredAuthentications password,publickey

If you have something like that in either of the aforementioned files, comment it out.

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Best Answer

Related Solutions

Ssh authentication nfs

Ssh – How to automate SSH login with password

Related Topic