Initial Server Setup with Ubuntu 16.04

Estimated reading time: 3 min

Introduction

Our servers are setup using a default template which allows you to login and finalize the setup. While the basics allow you to remotely login with an administrative user we recommend our users to follow these instructions to increase the security and usability of their servers.

  1. Login as root
    Your server is setup without a graphical environment. You need to log in with SSH to execute commands on your server. If you’re not familiar with how to connect please have a look at our “How to connect to your server with SSH” article.
  2. Create a new user
    We will be creating a new user called johnny. If you want to use a different username please replace johnny with your preferred username.

    adduser johnny

    You will be prompted with a couple of questions, most importantly the password (twice) for the new user, answer accordingly, hit “Enter” after each answer you’ve given:

    Adding user `johnny' ...
    Adding new group `johnny' (1000) ...
    Adding new user `johnny' (1000) with group `johnny' ...
    Creating home directory `/home/johnny' ...
    Copying files from `/etc/skel' ...
    Enter new UNIX password:
    Retype new UNIX password:
    passwd: password updated successfully
    Changing the user information for johnny
    Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
    Is the information correct? [Y/n]
    
  3. Add user to the sudo group
    usermod -aG sudo johnny
    
  4. Test logging in with the new user and become root
    You need to login with the newly created user and become root before proceeding with the next steps. Replace “johnny” with your newly created username and x.x.x.x with the IP address of your server.

    ssh johnny@x.x.x.x

    The server should ask you for your password and show you the prompt once you enter your password correctly:

    johnny@x.x.x.x's password:
    ...
    ...
    ...
    johnny@hostname:~$
    

    Now become root:

    sudo -i

    The server reply should be similar to this:

    [sudo] password for johnny:
    root@hostname:~#

    Now go back to your non-elevated account:

    exit

    The server reply should be similar to:

    logout
    johnny@hostname:~$

    Great, now you can proceed with the next steps!

  5. Disable interactive root login with SSH
    Hackers and bots will try to crack the root password of your system because every Linux server has a root user. Because the username is known hackers will try brute-force attacks to hack into your server. It is wise to disable logging in with root using a password. The following configuration changes need to be done:First open the SSH server configuration with your favourite text editor. We use nano:

    sudo nano /etc/ssh/sshd_config

    If you are asked for a password fill in your password. Find (CTRL+W to open search dialog in nano) the following line:

    PermitRootLogin yes

    Change that line to:

    PermitRootLogin without-password

    Save the file and exit with CTRL+X. Afterwards restart the SSH daemon with:

    sudo service ssh restart
    
  6. Update your server
    It’s time to update your server. First update catalogs:

    sudo apt-get update && sudo apt-get -y dist-upgrade

    Sometimes you need to answer questions which are asked. It’s safe to give the default answer by just hitting “Enter”.

  7. Setting timezone
    We will use “Europe/Amsterdam” as our timezone, adjust as needed. A list of available timezones is available here.

    sudo rm -f /etc/localtime ; sudo ln -s /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
  8. Configure a firewall
    It’s advised to use a firewall to further secure your server. While an extensive firewall configuration is out of the scope of this document we advise at least the following steps:Allow SSH access:

    sudo ufw allow OpenSSH
    

    Output:

    Rules updated
    Rules updated (v6)

    Enable firewall:

    sudo ufw enable
    

    You will be asked if you want to proceed. Answer y and hit “Enter”:

    Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
    

    Output:

    Firewall is active and enabled on system startup

    You can show the status of the firewall as follows:

    sudo ufw status
    

    Output:

    Status: active
    
    To                         Action      From
    --                         ------      ----
    OpenSSH                    ALLOW       Anywhere
    OpenSSH (v6)               ALLOW       Anywhere (v6)
    

    When you install additional services remember to allow access to them by adjusting the firewall settings. You can show a list of available applications by issuing the following command:

    sudo ufw app list

    Output:

    Available applications:
      OpenSSH
    
  9. Reboot
    During updates often a kernel update is installed which will require a reboot. Reboot your server with the following command:

    sudo reboot
    
Was this article helpful?
Dislike 0
Views: 103

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *