Introduction
In this tutorial, you will learn how to set up an Ubuntu server. This includes how to create a non-root user, enable SSH login, disable root login, and enable a basic firewall.
Step 1 – Log in to your new server
Log in to your new Ubuntu 20.04 server as the root user:
If you have already set up your server with an SSH key and it is not your default key, you need to tell your device where to find it:
ssh -i /path/to/ssh/key [email protected]
Step 2 – Create a new non-root user
It is recommended not to use the root user regularly. So we will create a new non-root user. In the future, we will only use this user to log in.
To create a new user, type this command:
[email protected]:~$ adduser holu
You will now be asked to enter information. First, enter a strong password. You can enter the remaining information by pressing ENTER Fill or reject.
Step 3 – Add the new user to the sudo group
Our new user only has normal account privileges. But since we are going to use it as our main user, sometimes we will need administrative privileges. To be able to run administrative commands as a non-root user, we need to add our user to the sudo group.
To do this, we still run this command as the root user:
[email protected]:~$ usermod -aG sudo holu
Step 4 – Become a new user
Now log out of the root user with the following command:
[email protected]:~$ exit
After that we can log in with our new user:
Now that we are logged in as a non-root user, we need to use sudo in front of administrative commands.
Step 5 – Enable the main firewall
After creating a non-root user, we want to enable the firewall. To do this, use ufw We use.
Step 5.1 – List all available applications
First, we want to list all the available programs that we can register with the firewall.
You can list them with the following command:
[email protected]:~$ sudo ufw app list
This will be the output:
Available applications:
OpenSSHStep 5.2 – Allow OpenSSH
As we want to use SSH to log in to future systems, we need to enable it before enabling the firewall:
[email protected]:~$ sudo ufw allow OpenSSH
Step 5.3 – Enable the firewall
Now that the firewall allows SSH connections, we can enable it:
[email protected]:~$ sudo ufw enable
Next, check the status:
[email protected]:~$ ufw status
Status: activeTo Action From -- ------ ---- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6)
The firewall now blocks all connections except SSH.
Step 6 – Add SSH keys
Create an SSH key pair on your device.
Now copy the public key from your device to your server with the following command:
cat ~/.ssh/ssh_key.pub | ssh [email protected] "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
~/.ssh/ssh_key.pubReplace with the path to your SSH public key.- Replace your new username.
helloDo - Replace 10.0.0.1 with your server IP.
Step 7 – Edit the sshd configuration
Now that from SSH We use it to log in to our system, we need to disable password-based login and root user login.
For this we file /etc/ssh/sshd_config We edit:
[email protected]:~$ sudo nano /etc/ssh/sshd_config
Step 7.1 – Disable password-based login
Inside the file, find the following line:
PasswordAuthentication yes
And change it to the line:
PasswordAuthentication no
Step 7.2 – Disable root login
Inside the file, find the following line:
PermitRootLogin yes
and change it to the following line
PermitRootLogin no
Step 7.3 – Restart the sshd service
Save and close the editor.
Now restart the sshd service:
[email protected]:~$ sudo systemctl restart ssh
Step 8 – Create an SSH configuration (optional)
Create an SSH configuration on your device. Here we tell our device where to find our SSH key so we don't have to specify it every time we log in.
Run the following command on your device:
sudo nano ~/.ssh/config
Now add the following content that corresponds to your SSH key:
HOST 10.0.0.1 IdentityFile ~/.ssh/SSH-key
Now whenever you log in to your server, your device will look for the correct SSH key.
Result
We now have a basic Ubuntu 20.04 server. We have created a non-root user and enabled SSH login. Additionally, we have disabled root login and enabled the ufw firewall.
