Home LXC: First commands on a new Debian CT
Post
Cancel

LXC: First commands on a new Debian CT

A list of the first commands I run on a new Debian LXC to homogenize and secure my new environment.

Utilities

1
apt update && apt upgrade -y
1
apt install curl nano openssl rsync fail2ban unattended-upgrades apt-listchanges sudo -y

Don’t use root

It is critical that you don’t use root for SSH or for typical CLI tasks. I always create a new user for that reason.

1
2
3
useradd -m -g users -G sudo patrick
chsh -s /bin/bash patrick
passwd patrick

Make the CLI more fun

1
nano /etc/bash.bashrc

Add the following lines to add color to bash:

1
2
3
export LS_OPTIONS='--color=auto'
eval "`dircolors`"
alias ls='ls $LS_OPTIONS'

SSH Configuration

I always disallow login for root over SSH and allow password logins for other users. To do this, edit /etc/ssh/sshd_config. You’re looking to uncomment and modify the following lines:

1
nano /etc/ssh/sshd_config
1
2
3
4
5
6
7
8
9
10
11
12
# Authentication:
LoginGraceTime 2m
PermitRootLogin no
StrictModes yes
MaxAuthTries 6
MaxSessions 2

-----

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no

Once you’ve made the changes, you can restart the LXC and use SSH with your new user.

Unattended Upgrades Configuration

Edit the following file.

1
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Uncomment the following line

1
2
3
4
5
6
7
8
9
10
11
"origin=*";

<--->

Unattended-Upgrade::InstallOnShutdown "false";

<--->

Unattended-Upgrade::Remove-Unused-Dependencies "true";

Unattended-Upgrade::Automatic-Reboot "true";
This post is licensed under CC BY 4.0 by the author.