Ubuntu 20.04 Tutorial for Initial Server Setup
In this tutorial Ubuntu 20.04 Tutorial for Initial Server Setup, we gonna learn how to secure and harden your newly installed Ubuntu 20.04 system on your VPS or Dedicated Server and keep away the attackers. We recommend you to use the LTS version of Ubuntu for your servers like Ubuntu 20.04 LTS (Focal Fossa).
In this article we used the Digitalocean VPS, you can sign up through this link and get $100 free Digitalocean credits.
1. System Upgrade
First of all, you need to upgrade all the packages on your system. You will need to login to the Ubuntu 20.04 system via the system terminal and run the following commands to update and upgrade the packages.
sudo apt update && sudo apt upgrade -y
2. Adding User Account
SCO HOSTING does not recommend you to use user root for work on Ubuntu 20.04 on our servers or any other servers. Run the following command to add a new user to the system and enable sudo access for that.
Add user called sysadmin:
sudo adduser sysadmin
You will be prompted to enter a new password. After you entered your new password (remember to keep it safe) you will be asked to enter your contact details. You don’t need to fill these in, just press enter for defaults.
After you have done that the new user is created. Now we need to give it superuser privileges by running the following command.
sudo usermod -aG sudo sysadmin
When you run the above command, you won’t get any feedback. If there is no errors returned that means the command worked with success.
Now we can switch to the new created user by using the su command.
sudo su - sysadmin
If prompted, enter the password that you just created.
Password: To run a command as administrator (user "root"), use "sudo ". See "man sudo_root" for details. [email protected]:~$
Nice, now we are logged in as sysadmin. Starting from now you should only log into Ubuntu 20.04 using this new user.
3. Secure SSH Server
Most of the attacks will be on the SSH default port which is 22. We strongly recommend changing the ssh default port to block that kind of attack. You will need to edit the OpenSSH configuration file /etc/ssh/sshd_config with your favorite editor.
Change the default port:
Disable root SSH login:
4. Set Key Based SSH Login (optional)
Is your choice if you want to login with a password or an ssh key, but is more secure to use key-based ssh login. Linux users can use ssh-keygen and Windows users can use puttygen.exe to generate an ssh key pair.
[email protected]:~$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/sco/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sco/.ssh/id_rsa Your public key has been saved in /home/sco/.ssh/id_rsa.pub The key fingerprint is: SHA256:lcgQhanDckHCU3qX0PrFpFqcwqMC0l9qU+n1JCPwGLg [email protected] The key's randomart image is: +---[RSA 3072]----+ | ..++.o=. | | +o+.++.. . | | ..=.Xo*o o | |o [email protected]@ *.. | |o = % +S= | |. . * o . | | . . . | | | | | +----[SHA256]-----+
Now you need to copy the new ssh public key .ssh/id_rsa.pub file content to the server ~/.ssh/authorized_keys file. Use the following command to copy the public key to the servers files.
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
Now you can login to the server without getting prompt for the password.
5. Setting up Firewall
We recommend you to setup some basic firewall rules like allowing connections to certain services like SSH. Let’s do that by running the following commands.
Most of the tutorials will tell you to use this command to allow SSH connection
sudo ufw allow OpenSSH but because we changed the SSH default port we gonna use the command below.
sudo ufw allow 2222/tcp
Afterwards, we need to enable the firewall by running the following command:
sudo ufw enable
To check the status of the firewall, run:
sudo ufw status
Your fresh installed Ubuntu 20.04 LTS is ready to use. Don’t forget to share this article with your friends if they plan to install a new Ubuntu 20.04 LTS system.