Our work relates to Debian 13, php8.4, Nginx. We simulate the same ease-of-use logging in as an EC2 AWS instance.


Linode Initial Steps

The raw Linode installation has issues with ease-of-use for logging in, and the vi editor as well as the shell terminal history and scrolling. We fix this, and modify a few things to look the same as an EC2 AWS instance terminal. We keep the use of /home/admin as the primary home directory (whereas EC2 uses /home/ec2-user).

Linode Firewall and SSH

I like people to hunt around in terms of how to do things. e.g. search the Linode menus, check their documentation, Ask AI.

Our examples use an iMac and .pem files. We use FIleZilla for file transfers. Windows would use Putty and .ppk.

Firewall

When we create a shared USD $5 Linode plan, we want to end up with security rules similar to an EC2 instance’s Security Group(s).

We will need these settings:

IP4 HTTP Port 80

IP4 HTTPS Port 443

Memcached Port 11211 on 127.0.0.0/16

SSH Port 22 on your own IP address or IP address range. DO NOT OPEN TO THE WORLD as the system will be flooded and freeze up.

DROP IP6 – we don’t want it. (Note, this causes issues with some WordPress plugins, like WordFence as one exmaple, where we find the configuration to disable IP6 (there are two places to do this in the WF plugin.) The Linode menu is not intuitive as you select ADD instead of DROP and then select the All IP6 options to drop it.

We must not include IP6 in the domain DNS. This will cause havoc with things like email.

 

SSH

Very confusing, so here is an approach…

Create a key pair on your iMac. Open a terminal shell, use “sudo su” (see APple doco to create the root user login and password), then: (we do not create a passphrase unless you want to enter a password when logging in) USE YOUR OWN DOMAIN AND EMAIL

sh-3.2# mkdir .PEM. cd ./PEM
sh-3.2# ssh-keygen -t rsa -b 2048 -m PEM -C "admin@domain.com" -f /home/admin/domain.com
Generating public/private ed25519 key pair.
Enter file in which to save the key (/var/root/.ssh/id_ed25519): ./domain.com.pem
Enter passphrase for "./domain.com.pem" (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ./domain.com.pem
Your public key has been saved in ./domain.com.pem.pub
The key fingerprint is:
SHA256:RE......... admin@domain.com
sh-3.2# ls -l domain*
-rw------- 1 root staff 411 4 Apr 13:48 domain.com.pem
-rw-r--r-- 1 root staff 98 4 Apr 13:48 domain.com.pem.pub
cat domain.com.pem.pub > ./.ssh/authorized_keys
--> Copy domain.com.pem into your mouse and create the iMac .pem file with this content.
Then on the iMac change permissions to yourself as user, not root, and use 644 permissions: -rw-r--r--  1 MY_IMAC_NAME  staff  1678  7 Apr 10:31 domain.com.pem otherwise Filezilla will reject it. You can use 4096 as a test if you wish. Not all systems prefer RSA. We use it.

Make sure the domain.com.pem.pub file has the same treatment and contents as you created on the Linode server, and that authorized_keys is the same content.

We will copy and paste the content of domain.com.pem.pub into our final /home/admin/.ssh/authorized_keys file – firther below. And we will use domain.com.pem to execute the “ssh -i ….”  command below.

Linodes provide the SSH login via something like this, which takes us in as root while we set things up.

Login with this, and enter the password you used when creating the Linode.

Then:

--> single quotation marks must be vertical characters only

set -o vi
export EXINIT='set noautoindent'
export VISUAL=vim
adduser admin
--> enter the password you'd like to use

cd ~
vi .bashrc
export EXINIT='set noautoindent'
export VISUAL=vim
export PS1="[\u@domain.com: \w]\\$ "
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

[save and exit]

cd /home/admin
--> vi .bashrc with the same values

vi /etc/vim/vimrc.local
let skip_defaults_vim = 1
if has('mouse')
set mouse=r
endif

[save and exit]

--> Go to the end of this next file and add the following, then use :w! to save the contents, and then SHIFTZZ to exit.
vi /etc/sudoers
admin ALL=(ALL) NOPASSWD:ALL

[save and exit]
--> This along with root is our abilitry to log in.

usermod -aG admin admin
usermod -aG root admin

--> Create the admin login:

cd /home/admin
mkdir .ssh
ls -la
drwxr-xr-x 2 root root 4096 Sep 24 01:40 .ssh
chown admin .ssh;chgrp admin .ssh; chmod 700 .ssh
ls -la
drwx—— 2 admin admin 4096 Sep 23 16:17 .ssh
cd .ssh

vi authorized_keys
--> Add the public key you created for the Linode above, earlier in our steps
[save and exit]

--> for example, like thisL ssh-ed25519 AAAAC3Nz...... admin@domain.com

chmod 600 auth*
chown admin:admin auth*
ls -la
-rw------- 1 admin admin   98 Apr  4 04:14 authorized_keys

Log out, or start a new terminal session, and cd to the PEM directory you made with the private key.

On your iMac:
$ su root
# cd ./PEM --> assuming this is where you put it
ssh -i "domain.com.pem" admin@xxx.xxx.xxx.xxx
--> using your own values

You will see the login like this: (then type in sudo su)

Linux localhost 6.12.57+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.57-1 (2025-11-05) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
[admin@domain.com: ~]$ sudo su
[root@domain.com: /home/admin]# set -o vi

This gives us /home/admin to use for administration, scripts, file uploads, and a terminal shell that works properly.

Amazon AWS does all this for us from the EC2 console. Here we do it manually.

When we log into SSH we may sometimes have previously changes things and need to reset the iMac’s known_hosts.

Use this:

vi ssh.sh
#!/bin/sh
:>/var/root/.ssh/known_hosts
exit
[save and exit]
chmod 777 ssh.sh

We can put our ssh -i command into a shell script. e.g.:

--> use your own values

vi domain.sh
cd PEM
ssh -i "domain.com.pem" admin@xxx.xxx.xxx.xxx
exit
[save and exit]
chmod 777 domain.sh

./ssh.sh --> good to see how to use it
./domain.sh

 

Let’s make some changes to /etc/ssh

cd /etc/ssh

vi ssh_config

ClientAliveInterval 120
ClientAliveCountMax 360

[save and exit]

vi sshd_config

PermitRootLogin yes
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
ClientAliveInterval 120
ClientAliveCountMax 360

[save and exit]

systemctl daemon-reload
systemctl restart sshd

If you get this error when restarting SSH see these notes:

——————————-
[sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files!
Higher version of database is expected!
In order to upgrade the database, you must run SSSD.
Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials.
Could not open available domains
——————————–

--> To fix this, do the following:
cd /var/lib/sss/db
rm *
sss_cache -E

Set Date and Time

e.g., for Brisbane;

 

a="Australia/Brisbane";export a;echo $a
ln -sf /usr/share/zoneinfo/$a /etc/localtime
date

We may now update and install packages onto the Debian instance. (next article)

Disclaimer: This content is provided as reference only and reflects practical experience at the time of writing. Technology and best practices change, so examples may require modification. No warranty is provided. Always test configurations on a development system before using them in production.
Category: Linode Linux