I don't actually like SSH being pre-installed as I'm never sure if the template correctly generates an SSH host key or if every single person that uses the template gets the same key (which would open you up to MitM attacks). Also hard to confirm that the installed OpenSSH version is legit (which is why I always install from ISO on KVM). First thing I do with a template that has OpenSSH installed is purge it then reinstall so I know for sure the key is randomly generated.
If the minimal image isn't going to be extremely minimal, also add ca-certificates and apt-transport-https please.
Daniel said: I don't actually like SSH being pre-installed as I'm never sure if the template correctly generates an SSH host key
There are hooks within (within solusvm anyway) to take care of that, i do however appreciate the comment, it is a valid one that has been an issue in the past, the problem is though that no ssh would baffle and confuse 80% of customers.
Maybe what is important is also to have a list of what your minimal templates include so that people know what packages they need when they deploy? You can't satisfy everyone, but at least people can know what they need to install on top of the minimal with a glance.
@AnthonySmith the Debian 9 install I got from you the other day is awesomely minimal, and I'm very thankful for that. Keeps things clean and simple, plus everything else that might be missing is an apt install away.
Locales and tmux, easy fix. Run: sudo dpkg-reconfigure locales
Side effect is the lack of "dialog" being installed was interesting, it was neat to see an unexpectedly minimal screen while apt was setting things up and asking questions. Never came across it before and I learned something new!
Someone mentioned ssh, that would probably have confused the absolute shit out of me if that was missing! :-P
Tl;dr: keep it as it is, minimal means minimal. Everything is an apt install away.
Get the best deal on your next VPS or Shared/Reseller hosting from RacknerdTracker.com - The original aff garden.
Yes, Provider should probably add 'sudo, dialog, nano, locales'
Those are the ones that trip me up when setting up manually on a minimal image.
I do ssh key regen everytime I spin-up from a template. No point in leaving out openssh-server from minimal.
Terminal-first UX beats the VNC, then terminal UX.
dahartigan said: I love nano, but like curl it's not always available by default.
I have basically memorized a one liner for apt that I run the first time I hit the terminal.
Editor flame war? I actually remove nano, doing something like apt-get install vim nano-
(The minus/dash doing a remove)
(I find it confusing that "vim-tiny" does not provide vim, but just vi ... So, if using vim-tiny or other systems with just vi, I need an alias, as vim is to hard imprinted in my muscle memory by now.)
@dahartigan said: I think debian leaves out sudo by default, I've always had to install sudo if I needed it.
It depends on what you do during setup.
If you enter a root password, it does not install sudo. However, if you do not enter a root password (just leave the password field blank), it locks the root user, installs sudo, and adds the user account you created during installation to the sudoers group. The latter is my preferred approach - the root user is locked down on all my systems.
Comments
I don't actually like SSH being pre-installed as I'm never sure if the template correctly generates an SSH host key or if every single person that uses the template gets the same key (which would open you up to MitM attacks). Also hard to confirm that the installed OpenSSH version is legit (which is why I always install from ISO on KVM). First thing I do with a template that has OpenSSH installed is purge it then reinstall so I know for sure the key is randomly generated.
If the minimal image isn't going to be extremely minimal, also add
ca-certificates
andapt-transport-https
please.Daniel15 | https://d.sb/. List of all my VPSes: https://d.sb/servers
dnstools.ws - DNS lookups, pings, and traceroutes from 30 locations worldwide.
There are hooks within (within solusvm anyway) to take care of that, i do however appreciate the comment, it is a valid one that has been an issue in the past, the problem is though that no ssh would baffle and confuse 80% of customers.
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
I'm also a fan of rsync, I would put it on every minimal distro...
Haven't tried OVZ frankly...sticking to KVM because that's what I know/understand. From that list I'd probably miss:
tree
ufw
htop
Maybe what is important is also to have a list of what your minimal templates include so that people know what packages they need when they deploy? You can't satisfy everyone, but at least people can know what they need to install on top of the minimal with a glance.
Deals and Reviews: LowEndBoxes Review | Avoid dodgy providers with The LEBRE Whitelist | Free hosting (with conditions): Evolution-Host, NanoKVM, FreeMach, ServedEZ | Get expert copyediting and copywriting help at The Write Flow
Starting with Debian (the only one I really need and know):
If I am not wrong, anything else can then be installed
@AnthonySmith the Debian 9 install I got from you the other day is awesomely minimal, and I'm very thankful for that. Keeps things clean and simple, plus everything else that might be missing is an apt install away.
Locales and tmux, easy fix. Run: sudo dpkg-reconfigure locales
Side effect is the lack of "dialog" being installed was interesting, it was neat to see an unexpectedly minimal screen while apt was setting things up and asking questions. Never came across it before and I learned something new!
Someone mentioned ssh, that would probably have confused the absolute shit out of me if that was missing! :-P
Tl;dr: keep it as it is, minimal means minimal. Everything is an apt install away.
Get the best deal on your next VPS or Shared/Reseller hosting from RacknerdTracker.com - The original aff garden.
Yes, Provider should probably add 'sudo, dialog, nano, locales'
Those are the ones that trip me up when setting up manually on a minimal image.
I do ssh key regen everytime I spin-up from a template. No point in leaving out openssh-server from minimal.
Terminal-first UX beats the VNC, then terminal UX.
I think debian leaves out sudo by default, I've always had to install sudo if I needed it.
I love nano, but like curl it's not always available by default.
I have basically memorized a one liner for apt that I run the first time I hit the terminal.
Get the best deal on your next VPS or Shared/Reseller hosting from RacknerdTracker.com - The original aff garden.
Editor flame war? I actually remove nano, doing something like
apt-get install vim nano-
(The minus/dash doing a remove)
(I find it confusing that "vim-tiny" does not provide
vim
, but justvi
... So, if using vim-tiny or other systems with justvi
, I need an alias, asvim
is to hard imprinted in my muscle memory by now.)It depends on what you do during setup.
If you enter a root password, it does not install sudo. However, if you do not enter a root password (just leave the password field blank), it locks the root user, installs
sudo
, and adds the user account you created during installation to thesudoers
group. The latter is my preferred approach - the root user is locked down on all my systems.Daniel15 | https://d.sb/. List of all my VPSes: https://d.sb/servers
dnstools.ws - DNS lookups, pings, and traceroutes from 30 locations worldwide.