Setting up an Ubuntu server for the first time (2018 Update)

Ubuntu Server

The first time you’re setting up an Ubuntu server, there are several steps that should be taken to ensure basic security of the server. Connecting to your server via the command line or terminal can be extremely powerful, but there are also some inherent risks if the server is not setup correctly. The configurations in this post are based on setting up an Ubuntu 14.04 server, although generally all actions should apply to older and newer versions of the Linux OS.

Logging In For The First Time

The first time you login to your server, you will use the root user account and password, along with the public IP address for your server (unless you have already pointed a domain to the server). The basic syntax to connect to the server is:

ssh root@YOUR_SERVER_IP_ADDRESS

 

If it is the very first time you are logging in to the server, you will also need to change the temporary root password provided to a new one.

The Root User

The root user has the highest privileges of any user account in the Linux or Unix environment. Since the root user can make changes to just about anything, it is highly recommended you do not use this user account for day-to-day work. It is very easy to make a mistake that could have very destructive results with the root user’s privileges.

To mitigate the risk of this, setting up a separate user account with a narrower range of privileges is recommended as the primary account to use, with the ability to access root privileges on an as-needed basis.

Set up a New User Account

Still connected to the server as the root user, a new user can be created by inputting the following:

adduser newUser

 

Where newUser is the name of the new account.

There are several optional prompts that will follow, asking for basic information such as Full Name, Phone Number, etc. You can bypass entering all of this by just hitting “ENTER”.

Root Privileges

In order to have the ability to have temporary root privileges when needed, the new account will need to be added to the sudo or “super user” group. An account with sudo privileges can temporarily have root privileges when needed, by prefacing each command with the word sudo.

This adds an extra layer of security, making sure you really intend to execute a command.

To add sudo privileges to an account, type the following:

gpasswd -a newUser sudo

 

Add SSH Keys For New User

Using public key authentication instead of a password for logging in to your server is significantly more secure and highly recommended.

To create a new SSH key pair, type the following (disconnected from your server):

local ssh-keygen

 

Hit the “ENTER” key several times to accept the default settings and pathway for the generated keys.

Copying Public Key to Server

To add the public key to your server, you can use ssh-copy-id to copy it directly from its default location.

Simply run:

ssh-copy-id newUser@YOUR_SERVER_IP_ADDRESS

 

After submitting your password, your SSH keys can now be used to log in to the new account without having to use your password each time.

setting up Ubuntu Server

Continuing where we left off in our last post, we’ll cover some additional recommended steps in setting up an Ubuntu 14.04 server for the first time. This post will assume you’ve gone through the initial steps in the first post, as some of the configurations, such as having non-root user accounts and having SSH set up, will be required for these steps.

Setting up a Firewall

Having a firewall setup adds an additional layer of security to your server, helping protect it from unwanted intruders. A firewall essentially closes off every port except for ones designated for use, thus closing off access for unwanted traffic. Ubuntu comes with an application called ufw that is used to setup firewall configurations.

In order to ensure that we can still connect to the server via SSH after the firewall is setup, we will need to create an exception in our configuration.

If you have not made any changes to which port SSH is using, you can use the following command:

sudo ufw allow ssh

 

If you have made modifications to which port SSH is using, you will need to specify the port number to allow (replacing 3333):

sudo ufw allow 3333/tcp

 

After you enter one of these commands, only connections via SSH will be allowed by the firewall.

For a typical HTTP web server, port 80 will also need to be granted access to:

sudo ufw allow 80/tcp

 

Web servers utilizing SSL/TSL will need to have the port utilized open:

sudo ufw allow 442/tcp

 

SMTP email utilizes port 25, so that will also need to be allowed access to:

sudo ufw allow 25/tcp

 

Once you’ve completed your configurations, you can display the changes with the following command:

sudo ufw show added

 

Provided all the configurations look good, you can enable the changes with the following command:

sudo ufw enable

 

After confirming the configuration by typing “y”, your new firewall settings will be active.

Timezones and the Network Time Protocol

Many server and application functions rely on the correct time being tracked and synchronized. The next couple steps will configure localization settings for your server to use the correct timezone, as well as synchronization to the Network Time Protocol servers for maintaining accurate time.

Configure your local timezone

To configure the timezone of your server, first run the following command:

sudo dpkg-reconfigure tzdata

 

A menu screen will pop-up, allowing you to select your geographic region. From here you will be able to select the major city closest to you, in order to set the correct timezone.

You will then get a confirmation of your timezone configurations, displaying similar to:

Current default time zone: 'America/Los_Angeles'
Local time is now:      Mon Dec  4 11:00:11 PST 2017.
Universal Time is now:  Mon Dec  4 19:00:11 UTC 2017.

 

NTP Synchronization

Setting up NTP Synchronization will ensure that your server stays in sync with the Network Time Protocol servers, the servers that govern the global standard time.

To setup NTP Synchronization, all you have to do is run the following two commands:

sudo apt-get update
sudo apt-get install ntp

Resources

Post a Comment

Comments are moderated. Your email is kept private. Required fields are marked *

© 2018 Sunlight Media LLC - Web Design Company