ssh connection to the server drops very quickly should I change this behaviour?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
ssh connection to the server drops very quickly should I change this behaviour?
I've noticed when I am connected via ssh to my little cloud server, which has Ubuntu 20.04 Server, the connection is dead if I leave it for a minute or 2.
In bash, I still see the connection, but I cannot input anything.
The only way out I have found is close bash, which gives me a message "There is still a process running, do you really want to kill it?“
Is this actually some kind of safety feature?
Can I, should I, extend the death period for a connection?? Must be a .conf somewhere!
The established connections would be of no use to any bots, the session is soundly encrypted.
On the other hand, systems that allow password authentication instead of using SSH keys or SSH certificates are vulnerable to password guessing bots, in principle. The best way to quiet the logs in that regard is to start using either SSH keys or SSH certificates and turn off the possibility of password authentication.
Great, if the keys work then you can turn off the password authentication for SSH. That will cause most of the bots to turn away and give up on bothering your logs. Also, be sure to set a second user, one that is not root for your routine development and maintenance tasks. Root should be used sparingly and only when absolutely needed. It's too easy to fumble a command or many other larger and smaller risks while logged in as root. If you need write access to a particular directory or file, that is a question of filesystem permissions instead.
Pedroski, you have so much to learn.
We can answer questions, but what about other extremely important things you never figured out to even ask?
You need to read up on things. Actively search out server setup tutorials etc.
I thought it couldn't be too hard, because I run apache2 on this laptop, where I make and test webpages before I upload
It's not too hard but the Internet is unforgiving on any mistakes or oversights, and it is generally we who are harmed by any mistakes resulting in a compromised server. Thus the abundance of admonitions towards caution and attention to detail.
The basics, as you've seen now:
On your laptop:
1. generate SSH keys for root
2. use ssh-copy-id to get the key to the server for root
On your server:
1. configure UFW to allow SSH, HTTP, and HTTPS
2. turn on UFW
3. install Apache2
4. create unprivileged user
5. grant write permissions to that vhost's document root to a group that user is in
On your laptop again:
1. generate SSH keys for the new user
2. use ssh-copy-id to get the key to the server for the new user
On your server again:
1. make sure that at least one unprivileged account can escalate to root via su or sudo
2. turn off remote root access in /etc/ssh/sshd_config
That's it. Then you can serve regular HTML+CSS. From there, you might look into installing a static site generator like Hugo, Pelican, or another on your laptop and syncing the results to your server using Rsync or SFTP. You can repeat steps like adding users or vhosts.
As for system administration, simpler is better. So removing the webadmin would be a good idea since SSH is faster, far more secure, and (once you get used to it) many times more powerful. PHP is very common source of grief.
Edit: upcoming steps:
1. make appropriate DNS record(s) for the site
2. set up TLS with Let's Encrypt or other service for HTTPS
Last edited by Turbocapitalist; 10-11-2021 at 06:33 AM.
Well, to set up the Ubuntu Server, Ubuntu has a tutorial page. That's how I did it!
You mean a tutorial to install Ubuntu server edition, or a tutorial to set up and sufficiently secure a LA(MP) stack?
Quote:
Originally Posted by Pedroski
I run apache2 on this laptop, where I make and test webpages before I upload them.
You don't need to run Apache just to test some HTML pages. Total overkill. You can open local HTML files in your browser to see what they look like & how they respond.
Which brings us to another crucial question: what are you actually planning to serve there? Wordpress? Handmade HTML pages? Something else?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.