Immediate Steps After Provisioning
When you spin up a new Breeze, these first steps secure and configure it for production use.
1. Update the System
sudo apt update && sudo apt upgrade -y2. Create a Non-Root User
adduser deploy
usermod -aG sudo deploy3. Set Up SSH Keys
# On your local machine
ssh-copy-id deploy@your-server-ip
# On the server — disable root login
sudo sed -i 's/^PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sudo systemctl restart sshd4. Configure the Firewall
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enableTip Always allow SSH before enabling UFW, or you'll lock yourself out.
5. Set the Timezone
sudo timedatectl set-timezone America/New_York6. Set the Hostname
sudo hostnamectl set-hostname my-server7. Enable Automatic Security Updates
sudo apt install -y unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades8. Install Essential Tools
sudo apt install -y curl wget git htop vim nano ufw fail2ban9. Configure Fail2Ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo systemctl enable fail2ban
sudo systemctl start fail2ban10. Take a Snapshot
Before making further changes, take a snapshot in your Kazepute portal. This gives you a clean restore point.
Quick Verification Checklist
| Check | Command |
|---|---|
| OS version | cat /etc/os-release |
| Available RAM | free -h |
| Disk space | df -h / |
| CPU info | nproc |
| Firewall active | sudo ufw status |
| SSH key auth working | Log out and back in |