The first time you’re setting up an Ubuntu server, there are several steps that should be taken to ensure basic security of the server. Connecting to your server via the command line or terminal can be extremely powerful, but there are also some inherent risks if the server is not setup correctly. The configurations in this post are based on setting up an Ubuntu 14.04 server, although generally all actions should apply to older and newer versions of the Linux OS.
Logging In For The First Time
The first time you login to your server, you will use the
root user account and password, along with the public IP address for your server (unless you have already pointed a domain to the server). The basic syntax to connect to the server is:
If it is the very first time you are logging in to the server, you will also need to change the temporary root password provided to a new one.
The Root User
The root user has the highest privileges of any user account in the Linux or Unix environment. Since the root user can make changes to just about anything, it is highly recommended you do not use this user account for day-to-day work. It is very easy to make a mistake that could have very destructive results with the root user’s privileges.
To mitigate the risk of this, setting up a separate user account with a narrower range of privileges is recommended as the primary account to use, with the ability to access root privileges on an as-needed basis.
Set up a New User Account
Still connected to the server as the
root user, a new user can be created by inputting the following:
newUser is the name of the new account.
There are several optional prompts that will follow, asking for basic information such as Full Name, Phone Number, etc. You can bypass entering all of this by just hitting “ENTER”.
In order to have the ability to have temporary root privileges when needed, the new account will need to be added to the
sudo or “super user” group. An account with
sudo privileges can temporarily have
root privileges when needed, by prefacing each command with the word
This adds an extra layer of security, making sure you really intend to execute a command.
sudo privileges to an account, type the following:
gpasswd -a newUser sudo
Add SSH Keys For New User
Using public key authentication instead of a password for logging in to your server is significantly more secure and highly recommended.
To create a new SSH key pair, type the following (disconnected from your server):
Hit the “ENTER” key several times to accept the default settings and pathway for the generated keys.
Copying Public Key to Server
To add the public key to your server, you can use
ssh-copy-id to copy it directly from its default location.
After submitting your password, your SSH keys can now be used to log in to the new account without having to use your password each time.
Continuing where we left off in our last post, we’ll cover some additional recommended steps in setting up an Ubuntu 14.04 server for the first time. This post will assume you’ve gone through the initial steps in the first post, as some of the configurations, such as having non-
root user accounts and having SSH set up, will be required for these steps.
Setting up a Firewall
Having a firewall setup adds an additional layer of security to your server, helping protect it from unwanted intruders. A firewall essentially closes off every port except for ones designated for use, thus closing off access for unwanted traffic. Ubuntu comes with an application called
ufw that is used to setup firewall configurations.
In order to ensure that we can still connect to the server via SSH after the firewall is setup, we will need to create an exception in our configuration.
If you have not made any changes to which port SSH is using, you can use the following command:
sudo ufw allow ssh
If you have made modifications to which port SSH is using, you will need to specify the port number to allow (replacing
sudo ufw allow 3333/tcp
After you enter one of these commands, only connections via SSH will be allowed by the firewall.
For a typical HTTP web server, port 80 will also need to be granted access to:
sudo ufw allow 80/tcp
Web servers utilizing SSL/TSL will need to have the port utilized open:
sudo ufw allow 442/tcp
SMTP email utilizes port 25, so that will also need to be allowed access to:
sudo ufw allow 25/tcp
Once you’ve completed your configurations, you can display the changes with the following command:
sudo ufw show added
Provided all the configurations look good, you can enable the changes with the following command:
sudo ufw enable
After confirming the configuration by typing “y”, your new firewall settings will be active.
Timezones and the Network Time Protocol
Many server and application functions rely on the correct time being tracked and synchronized. The next couple steps will configure localization settings for your server to use the correct timezone, as well as synchronization to the Network Time Protocol servers for maintaining accurate time.
Configure your local timezone
To configure the timezone of your server, first run the following command:
sudo dpkg-reconfigure tzdata
A menu screen will pop-up, allowing you to select your geographic region. From here you will be able to select the major city closest to you, in order to set the correct timezone.
You will then get a confirmation of your timezone configurations, displaying similar to:
Current default time zone: 'America/Los_Angeles' Local time is now: Mon Dec 4 11:00:11 PST 2017. Universal Time is now: Mon Dec 4 19:00:11 UTC 2017.
Setting up NTP Synchronization will ensure that your server stays in sync with the Network Time Protocol servers, the servers that govern the global standard time.
To setup NTP Synchronization, all you have to do is run the following two commands:
sudo apt-get update sudo apt-get install ntp