Debian 9 Server Setup on Google Cloud Platform.
When you first configure your VM Instance in Google Compute Engine, there are few steps to be done as a basic setup.
Not using Debian 9? Choose a different OS:
This guide demonstrates how to manually configure your new Debian 9 server in Compute Engine.
- Your Compute Engine Instance running.
- For setting up Compute Engine, see the Setting up Compute Engine Instance with Debian 9.
Once your server is up and running, SSH into your VM Instance and perform the following steps.
Once you create a VM Instance in Google Cloud a new user is created automatically by Google, so you need not to create a new user.
It’s recommended to setup a password for the user you currently logged in. This is because if you have locked out of your SSH or cannot access SSH, you need to use the serial port console to access your instance and recover your SSH.
To access your instance your Serial Port Console you need to enter the username and password to log in. So let’s set up a password for your user with the following command.
You will be prompted to enter password and confirm your password. Once done you can set up basic firewall.
Basic Firewall setup
Ubuntu can use the Uncomplicated
Install UFW in Debian 9
sudo apt update
sudo apt install ufw
sudo ufw app list
. . .
. . .
We need to make firewall to allow SSH connections so that we can access the instance by SSH.
sudo ufw allow OpenSSH
Now SSH port 22 is allowed for connections in your instance. Now we can enable firewall.
sudo ufw enable
y followed by
Enter to enable UFW.
You can view the allowed connections with the following command.
sudo ufw status
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Now Firewall is enabled and blocks all connections except SSH. So, if you install and configure additional services you need to allow connections to accept traffic.
Set up Fail2Ban
Fail2Ban is a tool which works alongside with Firewall and blocks the offending host for a period of time. It adds the IP Address which shows malicious host to your firewall rules.
sudo apt install fail2ban
sudo service fail2ban start
Install man Pages (Optional)
sudo apt install man-db
man command is not included by default on minimal installations. So if you want to use
man command you can install it with the above command.
Done! Once this setup is done you install any applications on your Google Cloud VM Instance.