Project cantaloop - Infrastructure - Hetzner VM
π Project cantaloop - Infrastructure - Hetzner VM
Documenting steps when onboarding a VM in Hetzner cloud.
Onboarding Hetzner VM
β Sign up with account, added 2FA via Google Authenticator.
β Account and password stored in wallet.
β Smallest server requested - CX33 - 4 VCPU - 8 GB RAM - 80 GB disk - Max 6.86 EUR pr month.
β Storage volume 100 GB assigned to VM - Max 5.5 EUR pr month.
β OS = Ubuntu 24.10
β Upload ssh key for initial root access, so we can skip emailing password.
β Location: Falkenstein
Access with ssh key
Generate new key on my device - WSL Ubuntu user tom
1
2
ssh-keygen -t ed25519
<set passphrase? no just press enter>
Copy key from /home/tom/.ssh/id_ed25519.pub
First login and set password for root
root password stored in wallet.
1
2
3
ssh root@<IP>
passwd root
Initial update linux and setup daily user
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
sudo apt update
sudo apt upgrade
#Add user
adduser tom
usermod -aG sudo tom
# While logged in as root on the server:
mkdir -p /home/tom/.ssh
cp /root/.ssh/authorized_keys /home/tom/.ssh
# Set correct ownership and permissions (CRITICAL for SSH key auth to work)
chown -R tom:tom /home/tom/.ssh
chmod 700 /home/tom/.ssh
chmod 600 /home/tom/.ssh/authorized_keys
User tom password stored in wallet.
Verify access works with daily user
1
2
3
4
ssh tom@<IP>
whoami
sudo whoami
π‘Still to do
π disable password login to root (/etc/ssh/sshd_config)
PasswordAuthentication no
PermitRootLogin no
restart service = sudo systemctl restart ssh
π Hardening and firewall in next chapter