Getting Started with Debian 11

Logging in as Root

By default, our Debian templates come with root access.

We will access our server via SSH as below,

ssh [email protected]_server_ip

Creating a New User

Once we've accessed the server, we will create a new user with limited privileges.

adduser user1

By creating a new user, this will provide the user with their own home directory.

Granting Administrative Privileges

Run the below command to grant the new user with sudo or Administrative privileges,

usermod -aG sudo user1

Setting Up a Basic Firewall

Debian will not have UFW installed by default. We will run the below commands to install it using apt,

apt update

apt install ufw

Listing Available Application Profiles

In UFW, you can list and manage rules for a predefined set of applications. In order to list available profiles,

ufw app list

We will allow firewall to make SSH connections by executing the below command,

ufw allow OpenSSH

Output:

[email protected]:~# ufw allow OpenSSh
Rules updated
Rules updated (v6)

Enable Firewall

To enable UFW, run the below command,

ufw enable

Make sure that you've allowed SSH connection, otherwise, you will be locked out and you may have to manually gain access to the server via VNC console and then allow SSH connections.

Output:

[email protected]:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Status of Firewall

To check the status of UFW, run the below command,

ufw status

Output:

[email protected]:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
Nginx HTTP                 ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
OpenSSH                    ALLOW       Anywhere                  
Nginx HTTP (v6)            ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
OpenSSH (v6)               ALLOW       Anywhere (v6)   

Enabling External Access for Your Regular User

To enable external access for the newly created user, run the below command,

cp -r ~/.ssh /home/user1

chown -R user1:user1 /home/user1/.ssh