Create a New MySQL Database and User

local:~ mysql -u root -p
create database new_db;
use new_db;
create user 'new_user'@'localhost' identified by 'password';
grant all privileges on new_db.* to 'new_user'@'localhost';
flush privileges;

SSH login without a password

Here are my personal notes for logging into an ssh-enabled server using key-based authentication.

Step 1 – Generate keys

On your computer, enter the following in a shell prompt. A passphrase is optional.

local:~ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/localuser/.ssh/id_rsa): [ENTER]
Created directory '/home/localuser/.ssh'.
Enter passphrase (empty for no passphrase): [ENTER]
Enter same passphrase again: [ENTER]
Your identification has been saved in /home/localuser/.ssh/id_rsa.
Your public key has been saved in /home/localuser/.ssh/id_rsa.pub.
The key fingerprint is:2f:3a:14:35:2b:2a:24:2b:2d:bc:f8:79:78:ad:48:f9 localuser@localhost

Step 2 – Ensure correct permissions

On your computer, ensure the permissions are set correctly.

local:~ cd ~
local:~ chmod 700 .ssh
local:~ cd .ssh
local:~ chmod 600 id_rsa
local:~ chmod 640 id_rsa.pub

Step 3 – Remote setup

Login to the remote computer, create a .ssh directory, and ensure correct permissions.

local:~ ssh remote-user@remote.example.com
remote-user@remote.example.com's password: [type your password]
remote:~ mkdir .ssh
remote:~ chmod 700 .ssh
remote:~ cd .ssh
remote:~ touch authorized_keys
remote:~ chmod 600 authorized_keys
remote:~ exit

Step 4 – Upload your public key

local:~ cd ~
local:~ cat .ssh/id_rsa.pub | ssh remote-user@remote.example.com 'cat >> .ssh/authorized_keys'
remote-user@remote.example.com's password: [type your password for the last time]

Step 5 – Done!

local:~ ssh remote-user@remote.example.com
remote:~

SSH security tip – custom port and disable root login

This is the very first thing I do on any public-facing Linux server I own.

Disable Root Login by following these steps:

remote:~ vi /etc/ssh/sshd_config

And change the ‘PermitRootLogin’ setting to be ‘no’ like so:

PermitRootLogin no

Then type:

:wq

…to save your changes and quit the vi text editor

Change the port

Look for the default port setting in that same file:

Port 22

…and change it to something else like 22666. If you leave it at port 22 and keep root ssh login enabled, you’ll notice in your logs, several attempts to login to your machine. These come from programs that people have written to look for insecure servers. To see that log type:

tail -f /var/log/auth.log

…and CTRL+C will exit. You can use netstat to check open connections like so:

sudo apt-get install net-tools
netstat -atn

…this should show your active ssh connection (over tcp).

UFW Firewall

I utilize the ufw firewall since it is very easy-to-use:

sudo apt-get install ufw
ufw status

To enable ufw:

ufw enable

To add a rule:

ufw allow 443/tcp