Once you get the ubuntu server 18.04 up and running, there are few basic configurations that you should do after the installation. And we would recommend for everyone to do this basic initial setup Ubuntu Server 18.04. Because it will improve the usability of your server, and most importantly improve the security of your server.
In this tutorial, we will show you a basic initial setup for Ubuntu Server 18.04. However, this guide can be applied to old ubuntu versions such as Ubuntu 16.04 or 14.04.
Update and Upgrade the System
Firstly, we need to ensure all default packages on the system is up to date. In particular, system update related the ubuntu security.
Update repositories and upgrade all packages by running following commands.
sudo apt update
sudo apt upgrade -y
Create New Admin User
After upgrading all packages, we will create a new admin user that have a privilege to become root or sudo. Because we will disable the default ‘root’ user from accessing the server.
For this example, we will create a new user called ‘mohammad’. And of course, you can replace it with your own username.
useradd -m -s /bin/bash mohammad
Now give the user a new strong password.
After that, grant the root/sudo privileges to new user ‘mohammad’ by adding the user to ‘sudo’ group. Run the following command.
usermod -a -G sudo mohammad
Improve SSH Security
This is one of the most important things about server security. For this example, we’re going to improve the SSH security by changing the default port, disable user root login, and enable ssh key-based authentication.
By changing the default port and disable root login, we can minimalism brute-force attack on ssh service. And by enabling the ssh key-based authentication make your server more secure.
For that purpose, we need to edit the ssh configuration ‘ssh_config’ on the ‘/etc/ssh/’ directory.
Change the default port with your own.
Now disable the root login by changing the ‘PermitRootLogin’ option value to no.
Save and close configuration, then restart the ssh service.
sudo systemctl restart sshd
After that, enable the ssh key-based authentication by generating the ssh key from the local computer and upload the public key to the server.
From the local computer, generate new ssh key using the following command.
ssh-keygen -t rsa -C 'mohammad key'
- -t rsa – Key type RSA
- -C – comment for the key
The public and private key will be available at the ~/.ssh directory.
Next, upload the public key to the server.
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected] -p 2200
Type the password, and your public key will be uploaded at the ‘~/.ssh/authorized_keys’ directory on the server.
Now login to the server using the private key and the custom port.
ssh [email protected] -p 2200
As a result, you will be logged in to the with your ssh key instead of a password.
Setup UFW Firewall
If you’re on the production, it’s recommended to turn on the firewall. Because the firewall will make sure only connection to certain services is allowed. And for Ubuntu server, we can use the default firewall called ‘UFW’.
Firstly, we need to ensure all services running on the server and which ports are actually used. For this example, we only have the ssh service that runs on the custom port ‘2200’.
Add the custom ssh port to the ufw firewall.
sudo ufw allow 2200/tcp
After that, enable the ufw firewall by running the following command.
sudo ufw enable
As a result, only the ssh connection on port ‘2200’ allowed to the server.
Finally, initial setup Ubuntu Server 18.04 has been completed.