I've noticed when I am connected via ssh to my little cloud server, which has Ubuntu 20.04 Server, the connection is dead if I leave it for a minute or 2.

In bash, I still see the connection, but I cannot input anything.

The only way out I have found is close bash, which gives me a message "There is still a process running, do you really want to kill it?“

Is this actually some kind of safety feature?

Can I, should I, extend the death period for a connection?? Must be a .conf somewhere!

There is a inactivity timeout.

https://www.tecmint.com/increase-ssh...n-timeout/amp/

1 members found this post helpful.

Thanks, I followed the instructions and set:

ClientAliveInterval 1200

I read there are a lot of bots looking for open ssh connections, so I suppose it is not too good to keep it open too long!

The established connections would be of no use to any bots, the session is soundly encrypted.

On the other hand, systems that allow password authentication instead of using SSH keys or SSH certificates are vulnerable to password guessing bots, in principle. The best way to quiet the logs in that regard is to start using either SSH keys or SSH certificates and turn off the possibility of password authentication.

I definitely use ssh keys.

I believe it was you who told me to do that!

Great, if the keys work then you can turn off the password authentication for SSH. That will cause most of the bots to turn away and give up on bothering your logs. Also, be sure to set a second user, one that is not root for your routine development and maintenance tasks. Root should be used sparingly and only when absolutely needed. It's too easy to fumble a command or many other larger and smaller risks while logged in as root. If you need write access to a particular directory or file, that is a question of filesystem permissions instead.

I login via ssh now with pedro@123.456.789.123

pedro has sudo powers.

I am listening to what you say!!

Very important point.
Also, ssh root login should be disallowed (after checking that you can become root from an unprivileged user).

Personally, I use ServerAliveInterval on the client side instead. Seems less intrusive.

Pedroski, you have so much to learn.
We can answer questions, but what about other extremely important things you never figured out to even ask?
You need to read up on things. Actively search out server setup tutorials etc.

Well, to set up the Ubuntu Server, Ubuntu has a tutorial page. That's how I did it!

Like I said, I have only ever used shared web-hosting.

That's good for people like me, without much computer-savvy.

But people told me I should get a cloud server.

Now the task is, make it work!

I thought it couldn't be too hard, because I run apache2 on this laptop, where I make and test webpages before I upload them.

I am revising my opinion!

It's not too hard but the Internet is unforgiving on any mistakes or oversights, and it is generally we who are harmed by any mistakes resulting in a compromised server. Thus the abundance of admonitions towards caution and attention to detail.

The basics, as you've seen now:

On your laptop:

1. generate SSH keys for root
2. use ssh-copy-id to get the key to the server for root

On your server:

1. configure UFW to allow SSH, HTTP, and HTTPS
2. turn on UFW
3. install Apache2
4. create unprivileged user
5. grant write permissions to that vhost's document root to a group that user is in

On your laptop again:

1. generate SSH keys for the new user
2. use ssh-copy-id to get the key to the server for the new user

On your server again:

1. make sure that at least one unprivileged account can escalate to root via su or sudo
2. turn off remote root access in /etc/ssh/sshd_config

That's it. Then you can serve regular HTML+CSS. From there, you might look into installing a static site generator like Hugo, Pelican, or another on your laptop and syncing the results to your server using Rsync or SFTP. You can repeat steps like adding users or vhosts.

As for system administration, simpler is better. So removing the webadmin would be a good idea since SSH is faster, far more secure, and (once you get used to it) many times more powerful. PHP is very common source of grief.

Edit: upcoming steps:

1. make appropriate DNS record(s) for the site
2. set up TLS with Let's Encrypt or other service for HTTPS

You mean a tutorial to install Ubuntu server edition, or a tutorial to set up and sufficiently secure a LA(MP) stack?
You don't need to run Apache just to test some HTML pages. Total overkill. You can open local HTML files in your browser to see what they look like & how they respond.

Which brings us to another crucial question: what are you actually planning to serve there? Wordpress? Handmade HTML pages? Something else?