For all users, put in place some protections and conveniences.
In /etc/bash.bashrc or /etc/profile.d/safe.sh, add these alias lines:
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
After that, the removal or destructive file copies will ask the user for confirmation. This was default on training wheels Linux I used years ago, don't know why they deviated from it. Also in same spot, can add aliases to customize colorization of ls output.
Stop vi from giving weird symbols when the arrow keys are used
In /etc/vim/vimrc, put
set nocompatible
After installing emacs and ess, put my favorite .emacs file settings in. On Debian, drop the file in /etc/emacs/site-start.d. On Redhat, find site-start.d down under /usr/share/emacs...
In the ssh settings, change the default config to allow X11 forwarding and assume X11 forwarding for outgoing ssh connections.
In /etc/ssh/ssh_config, which defaults settings for outgoing ssh connections, add this at bottom:
ForwardX11 yes
ForwardX11Trusted yes
In /etc/ssh/sshd_config, for incoming connections, do this:
X11Forwarding yes
For security, forbid remote root logins
PermitRootLogin no
Or allow only if the user has put PGP keys in the proper setup.
PermitRootLogin without-password
That is horrible terminology, I did not create it. It means NO ROOT LOGIN unless the PGP keys are set to allow connections between specific machines. "without-password" should be "pgp-key-only" or something similar, in my opinion. The point here is that an attacker knows there is a "root" account and might try to log in over and over to guess a password. Stop that!
