After installing Ubuntu 18.04 server, there are some steps you should take as part of the initial setup. These steps will increase the server security and give better user experience of your server. The aim of this article is to help you get Ubuntu 18.04 initial server setup.
To log into your server, you ought to know your server’s public IP address or the domain name address. You additionally need the password or an SSH key for authentication. Thus, the private key for the root user’s account.
Log in as the root user using the following command (substitute server_ip with your server’s public IP address):
If the authenticity appears on your screen accept the warning. If you are using a password to authenticate, then enter the root password to log in. You may be prompt to enter your passphrase if you are using an SSH key passphrase for authentication. You may also be prompt to change your password if that is the first time you are logging into the server with a password.
Use the following commands to download and install the latest packages. Separate the two commands with && and the command will run in succession. When prompted to install packages, press y and ENTER.
sudo apt update && sudo apt upgrade
To remove all locally downloaded packages, run the following commands
sudo apt autoremove && sudo apt clean
By default, the root account is disabled in Ubuntu as a security measure. But once you are in the system as root, you can now create a new user that you will use to login from now on. This account will also have the root privileges for administrative tasks in the system.
Setup a strong password to protect this account if you are using password authentication. This example creates a new user called fynn, replace this username with the name you want to use. Now, follow the adduser prompt to add the user details and password.
sudo adduser fynn
You will be asked to enter a new password. A password generator will be helpful if you are confused as to what password to use. Keep the password safe. Note when entering a password in Linux, there is no * asterisk or dots. It normally appears as though nothing is being typed.
Once you are done typing your password. Other details like contact information can be added after. You don’t really need to enter the contact details, just press Enter to leave at default.
Once you are done create the new user, superuser privileges can be given using the usermod command.
sudo usermod -aG sudo fynn
The parameter -aG means append to Group and sudo is the name of the superuser group the user is being added.
After running the above command, there will be no prompt or feedback. That is if there is no error in the command. Well, you can switch to the new account created fynn using the su command.
sudo su - fynn
Enter the password created earlier if prompted for a password.
Now that you have given superuser access to the new account created. Meaning the new user can perform actions with the superuser privilege by typing sudo before commands.
You cannot set up a system without firewall to make sure only services needed are allowed. Ubuntu 18.04 comes with ufw as default firewall which allows you to create an IPv4 or IPv6 host-based firewall.
Ubuntu server ufw firewall to manage the iptables rules on the server. Use the command below to check the status of the ufw firewall on Ubuntu.
sudo systemctl status ufw sudo ufw status
Usually, ufw firewall rules are not applied by default in Ubuntu even though it is up and running. Other applications profiles are registered upon installation. These profiles allow ufw to manage the applications by name.
OpenSSH, the service that allow us to connect to the server remotely, now has its profile registered with ufw. Use the command below to list all the applications that has there profiles registered with ufw.
ufw app list
Moreover, before enabling ufw firewall policy, allow ssh traffic through the firewall via OpenSSH. That can be done by excuting the command below.
sudo ufw allow OpenSSH
Afterwards, the firewall can be enabled by the command below
sudo ufw enable
At a successful update, you should see “Rules updated”. If prompted with a warning, “Command may disrupt existing ssh connections” press y and Enter.
Now, check the status of the firewall using the following command
sudo ufw status
Listed is OpenSSH as one of the services allowed by ufw firewall.
Well, we have created a regular user for daily user, we now need to make sure the user can securely SSH into the server with the new account.
At this stage, you can logged into the server using the password associated with the new account created. Now, SSH using the new user account by opening a new terminal session. Then, type the following command.
After entering the user’s password, you will be logged in. Remember, type sudo before command when you need administrative privileges.
You will be prompt to enter the user’s password each time you use ssh to logged in to the server. Then, when using sudo before any command the first time you will have to enter the user’s password for each session.
This article is getting long for that matter I will be writing another article on how to set up SSH keys on Ubuntu 18.04.
Yet, in a situation where password authentication is no for SSH. Now, copy your local public key to the new user’s account to ~/.ssh/authorized_keys file to enable authentication without a password. You can copy your local public key to the new user’s account to ~/.ssh/authorized_keys file to be able to log in.
Finally, copy your ssh key to server using rsync. The command below uses rsync to copy the ssh key to the server.
rsync --archive --chown=fynn:fynn ~/.ssh /home/fynn
Now, you should be able to SSH with the created user account.
You will be prompt to enter the user’s password because of the SSH key. But remember, for administrative privileges add sudo before the command as shown below.
You will have to enter the user’s password when using sudo.
At this stage, your Ubuntu server is now ready for installing additional software needed for your operation.