Initial server setup with Ubuntu

Introduction

When you first create a new Ubuntu server, you need to perform some important configuration steps as part of the initial setup. These steps will increase the security and usability of your server and give you a solid foundation for the next steps.

Step 1 – Log in as root

To log in to your server, you will need to know the public IP address of your server. You will also need the password or private key for the root user account if you installed an SSH key for authentication. If you haven’t logged into your server before, you may want to follow our guide on how to connect to your drops with SSH which covers this process in detail.

If you are not currently connected to your server, log in as root using the following command. Replace the highlighted your_server_ip part of the command with the public IP address of your server:

ssh root@your_server_ip

Accept the host credentials warning if it appears. If your server uses password authentication, enter your root password to log in. If you are using an SSH key that is protected by a passphrase, you may need to enter the passphrase the first time you use the key for each session. If this is the first time you are logging in to the server with a password, you may also need to change the root password. If prompted, follow the instructions to change your password.

About root

The root user is the administrative user in a Linux environment with high privileges. Because of the increased privileges of the root account, you are discouraged from using it regularly. The root account can make very destructive changes, even accidentally.

The next step is to set up a new account with reduced points for daily use. Later, we'll show you how to temporarily get more points for when you need them.

Step 2 – Create a new user

After logging in as root, you can add a new user account. In the future, we will log in with this new account instead of root.

This example creates a new user named Sammy, but you should replace it with the username you like:

adduser sammy

You will be asked a few questions, starting with the account password.

Enter a strong password and, if desired, enter any additional information you want. This information is not required, and you can press ENTER at any point you want to skip.

Step 3 – Granting Administrative Privileges

You now have a new user account with normal account privileges. However, sometimes you will need to perform administrative tasks as the root user.

To prevent your regular user from logging out and logging back in as the root account, you can set up what are known as superuser or root privileges for your regular user account. These privileges allow your regular user to run commands with administrative privileges by prefixing the command with the word sudo.

To add these privileges to your new user, you need to add the user to the sudo system group. By default in Ubuntu, users who are members of the sudo group are allowed to use the sudo command.

As root, run this command to add your new user to the sudo group (replace the highlighted username with your new user):

usermod -aG sudo sammy

You can now type sudo before commands to run them with superuser privileges when logged in as your normal user.

Step 4 – Set up the firewall

Ubuntu servers can use the UFW firewall to ensure that only connections to certain services are allowed. You can set up a basic firewall using this program.

Applications can register their own profiles with UFW after installation. These profiles allow UFW to manage these applications by name. OpenSSH, the service that allows you to connect to your server, has a profile registered with UFW.

You can check the list of installed UFW profiles by typing:

ufw app list

Output
Available applications:
OpenSSH

You need to make sure that the firewall allows SSH connections so that you can log in to your server the next time. Allow these connections by typing:

ufw allow OpenSSH

Now enable the firewall by typing:

ufw enable

Type y and press ENTER to continue. You can see that SSH connections are still allowed by typing:

ufw status

Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)

The firewall currently blocks all connections except SSH. If you install and configure additional services, you will need to adjust the firewall settings to allow new traffic to enter your server. You can learn some common UFW operations in our UFW Essentials guide.

Step 5 – Enable external access for your regular user

Now that you have a regular user for daily use, you need to make sure you can log in directly to the SSH account.

Configuring SSH access for your new user depends on whether your server's root account uses a password or SSH keys for authentication.

If the main account uses password authentication

If you logged in to your main account using a password, password authentication is enabled for SSH. You can SSH into your new account by opening a new terminal session and using SSH with your new username:

ssh sammy@your_server_ip

After entering your regular user password, you will be logged in. Remember, if you need to run a command with administrative privileges, type sudo before it, as follows:

sudo command_to_run

When using sudo for the first time in each session (and periodically thereafter) you will receive a prompt for your regular user password.

To increase the security of your server, we highly recommend setting up SSH keys instead of using password authentication. Follow our guide on setting up SSH keys on Ubuntu to learn how to configure key-based authentication.

If the root account uses SSH key authentication

If you are logged in to your main account using SSH keys, password authentication is disabled for SSH. To log in as your regular user with an SSH key, you need to add a copy of your local public key to your new user's ~/.ssh/authorized_keys file.

Since your public key is already in the root account's ~/.ssh/authorized_keys file on the server, you can copy that file and directory structure to your new user account using your current session.

The easiest way to copy files with the correct ownership and permissions is to use the rsync command. This command copies the root user's .ssh directory, preserves permissions, and changes the owners of the files in one command. Make sure to change the highlighted parts of the command below to match your regular username:

rsync --archive --chown=sammy:sammy ~/.ssh /home/sammy

Now, open a new terminal session on your local machine and use SSH with your new username:

ssh sammy@your_server_ip

You should be able to connect to your server with the new user account without using a password. Remember, if you need to run a command with administrative privileges, type sudo before the command below:

sudo command_to_run

When using sudo for the first time in any session (and periodically thereafter), you will be prompted to enter your regular user password.

Result

At this point, you have a solid foundation for your server. You can now install any software you need on your server.