|
1 | | -This repository contains various scripts (StackScripts) that are used to make Linode deployments much easier and secure. There will be multiple scripts, intended for different purposes. Each script is going to be under the appropriate subdirectory and can be found directly from your Linode Dashboard under community StackScripts. |
| 1 | +This repository contains various scripts (StackScripts) that are used to make Linode deployments much easier, dynamic and secure. There will be multiple scripts, intended for different purposes. Each script is going to be under the appropriate subdirectory and can be found directly from your Linode Dashboard under "Community StackScripts". |
2 | 2 |
|
3 | 3 | # 1. deploy-essentials |
4 | 4 |
|
5 | | -This script doesn't do much. It is currently tested under Ubuntu 20.04 LTS but *should* work with other Ubuntu flavours as well. The short list of things that this script does are as follows |
| 5 | +This script doesn't do much. It is currently tested under Ubuntu 20.04 LTS but *should* work with other Ubuntu flavours as well. The list of things that this script does are as follows |
6 | 6 |
|
7 | | -- Asks for a non-root user name and password. |
8 | | -- Change many SSH daemon configuration parameters (like disabling password authentication if public keys are found on the filesystem). |
9 | | -- Optionally updates the whole server (this is optional because in certain situations like small tests updating may not be very necessary). |
10 | | -- Locks the root user altogether. |
| 7 | +## A non-root user |
| 8 | + |
| 9 | +Using the `root` user always in a production environment isn't the best idea. But Linode doesn't have the option to create a non-root user while deploying a server. This script takes care of that. |
| 10 | + |
| 11 | +The user creation is optional because there are times when a small test needs to be performed, and it's easier to use the `root` user for the time being. If no password is provided, the `root` is reused. |
| 12 | + |
| 13 | + |
| 14 | + |
| 15 | +## Upgrade the system |
| 16 | + |
| 17 | +This is again an optional setting, but defaults to yes. |
| 18 | + |
| 19 | + |
| 20 | + |
| 21 | +## SSH configuration |
| 22 | + |
| 23 | +First it asks for a port number for the SSH daemon to run, defaults to port 22. I recommend setting it to something different and do remember that as ***this change won't be reflected on you dashboard***. |
| 24 | + |
| 25 | + |
| 26 | + |
| 27 | +Based on other information, the script configures other parts of SSH as well. For example if you add a user, `root` won't be accessible through SSH, if at least one public key is provided, password log in is disabled. |
| 28 | + |
| 29 | +## Locks the root user |
| 30 | + |
| 31 | +You can also lock the `root` user right from the deployment screen. |
| 32 | + |
| 33 | + |
11 | 34 |
|
12 | 35 | ## TODO |
13 | 36 |
|
14 | | -- Make the script compatible with all flavours of Alpine, Debian, Arch, OpenSUSE, Fedora. |
15 | | -- Optionally add automatic upgrades for certain distributions. |
| 37 | +- [] Make the script compatible with all flavours of Alpine, Debian, Arch, OpenSUSE, Fedora. |
| 38 | +- [] Optionally add automatic upgrades for certain distributions. |
| 39 | +- [] Make the scripts Linode independent. |
0 commit comments