setting up a new linux machine

Setting up a new Linux machine

This is the quick path for a fresh Linux VM or server that I want to use for a small amount of development, cloning repos, and running services. The main idea is to stop living as root, set up SSH access, clone the toolbox repo, and generate my Vim config.

create a normal user

If the machine starts with only root access, create a regular user and give it sudo privileges. 

adduser ccn
usermod -aG sudo ccn

Then log in as that user, or switch to it: 

su - ccn

install basics

On Debian or Ubuntu, install the tools I usually want immediately. 

sudo apt update
sudo apt install git vim curl openssh-client build-essential

create an SSH key for GitHub

Generate an SSH key on the new machine. Replace the email with the one used for GitHub if desired. 

ssh-keygen -t ed25519 -C "you@example.com"

Start the SSH agent and add the key. 

eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

Print the public key and add it to GitHub under Settings -> SSH and GPG keys -> New SSH key. 

cat ~/.ssh/id_ed25519.pub

Test the GitHub SSH connection. 

ssh -T git@github.com

clone toolbox

I usually keep cloned projects under ~/projects. 

mkdir -p ~/projects
cd ~/projects
git clone git@github.com:cuppajoeman/toolbox.git

generate vimrc

The toolbox repo has a script that generates ~/.vimrc from the Vim config fragments in the repo. Run it from the Vim notes directory. 

cd ~/projects/toolbox/content/notes/programming/vim
./generate_vimrc.sh

If the script is not executable yet: 

chmod +x generate_vimrc.sh
./generate_vimrc.sh

allow incoming connections

If a server is running but cannot be reached from another machine, check both the Linux firewall on the VM and the firewall/security rules from the VPS or cloud provider. Either one can block incoming connections.

On Ubuntu, ufw is a common local firewall. Check whether it is installed and active: 

sudo ufw status verbose

Allow SSH before enabling ufw, otherwise it is easy to lock yourself out of the machine. 

sudo ufw allow OpenSSH
sudo ufw enable

Open ports for the services you actually want reachable. For example: 

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 3000/tcp

To remove a rule: 

sudo ufw delete allow 3000/tcp

Some machines use lower-level firewall tools instead of, or underneath, ufw, such as iptables, nftables, or firewalld. Useful checks are: 

sudo systemctl status firewalld
sudo nft list ruleset
sudo iptables -S

Also check that the service is listening on the expected port and address. If it is only listening on 127.0.0.1, outside machines cannot connect even if the firewall allows the port. 

ss -tulpn

For a cloud VM, remember to open the same port in the provider control panel as well. These are often called firewall rules, security groups, network ACLs, or inbound rules.

running services

Keep project files owned by the regular user, and use sudo only for system-level tasks like installing packages, opening firewall ports, or creating systemd services. Avoid running application servers as root unless there is a specific reason. 

cd ~/projects/some-server
# run/build the server as the normal user

If a service needs to be long-lived, make a systemd service for it later. For a more serious public server, consider creating a dedicated service user instead of running the app under the personal login account.

edit this page