Ubuntu 20.04 - Initial Setup

For this tutorial, I am assuming you have just set up a fresh server running Ubuntu Linux 20.04 LTS, and you are able to open a terminal and SSH into a command prompt as the root user.

Terms and Placeholders

Placeholder Description
SERVER-IP Replace this with the ip number of your server
HOSTNAME This is the hostname of your server. so, for example, if this will be www.yourdomain.com, consider using simply www
ROOTPASS Replace this with the password for your root user
MYUSER Replace this with the username you will use for normal logins to the server "Bob, Joe, Linda, etc"
MYPASS Replace this with the password you create for MYUSER

If you are looking for a good VPS server that offers more for less, have a look at Interserver VPS Servers, starting at $6.00 per month

About Passwords

For the purposes of security, please be in the habit of creating a different password for every account or login you make. I would ask that you make your passwords 32 characters long, using a mixture of uppercase, lowercase, numbers and symbols.

Example: 2oHm7Vmp*mbiaLgV6RmCbdX_qRzm4pk

Do not use this password!

Let's Get Started

If you are not already connected to your server, log in now as the root user using the following command (substitute the highlighted portion of the command with your server’s public IP address):

$ ssh root@server-ip

Now let's make sure everything is updated on your server:

$ apt update && apt upgrade -y

This may take some time, and you may see a message that says System restart required when it finishes. If so, type in reboot, followed by [ENTER]. Wait a few minutes, then log back in via SSH to continue.

Step 1: Configure Hostname

To start let's configure the hostname:

$ nano /etc/hosts

At the top of the file, you probably only see this:

127.0.0.1 localhost

Change it to:

127.0.0.1 localhost.localdomain localhost
127.0.0.1 HOSTNAME

Based on the table at the top of this page, replace HOSTNAME with whatever you wish to you. Example: www, or dev, etc Now save the file by hitting [CTRL-X] then Y, then [ENTER]

Step 2: Configure Your Timezone

Most of us want the time on our server to be the same time zone that we are in. To set it, run the following command:

$ dpkg-reconfigure tzdata

Start by picking the general geographic area, example "America" then hit [ENTER]. Now scroll until you find a city that is in your time zone. Example "New York" and hit "[ENTER]" again. Finally, run the following command:

$ timedatectl

You should see output similar to the following:

               Local time: Wed 2022-01-26 15:18:58 EST
           Universal time: Wed 2022-01-26 20:18:58 UTC
                 RTC time: Wed 2022-01-26 20:18:58
                Time zone: America/New_York (EST, -0500
System clock synchronized: yes                    
              NTP service: act

Note that in my example, it says America/New_York (EST, -0500) on the fourth line. For you, it should show the timezone you selected, and the frst line should show the correct time (in Military Time) and date for your local timezone.

We Don't Want to Use ROOT

The default root user in Linux is the administrative user. that has absolute privileges. Because of this, it is a very, very bad idea to use that account unless absolutely necessary, and we want to make it very difficult for a possible hacker to get in as the root user. So we will make a new account right away for all of the workl we will be doing. Keep in mind, you will be able to get temporarily root privileges with the account we are making when you absolutely need them.

Step 3: Make a Password for the ROOT user

Right now, let's make a very strong password for the root user. Refer to the password advice above.

$ passwd root

You will now be asked for a pasword. Enter the password you just created, hit enterm, and then enter it again to verify. Later in this tutorial, we will refer thos this password as ROOTPASS.

Now let's make sure everything on our server is up to date.

$ apt update && apt upgrade -y

Step 4: Creating a New User

As noted above, the new user we will create will be called MYUSER. You can make it whatever you want, but it is best not to make it too easy to guess. Similarly, below we will say MYPASS for the password you create for this user.

$ adduser MYUSER

Now enter the password you created and answer the questions as follows:

New password: MYPASS
        Full Name []:   (enter anything you like or leave blank and hit enter)
        Room Number []: (enter anything you like or leave blank and hit enter)
        Work Phone []: (enter anything you like or leave blank and hit enter)
        Home Phone []: (enter anything you like or leave blank and hit enter)
        Other []: (enter anything you like or leave blank and hit enter)
Is the information correct? [Y/n] Y

Step 5: Giving Admin Privileges to Your User

Our new account has very basic privileges, but we will need to do administrative tasks. Since we never want to log in as the root user, we will give root privileges (superuser) to this account. Once we have this, when we enter sudo before any command, we will be running it with administrative privileges.

So we want to add out user to the sudo group while we are still logged in as the root user.

$ usermod -aG sudo MYUSER

Step 6: Firewall Setup

We will use the UFW firewall on our Ubuntu 20.04 server. This will assure only connections to services we want available to the public are allowed. Since we are using SSH to get into our server, we need to make sure SSH is allowed.

$ ufw allow OpenSSH

Now we need to simply turn on the firewall;

$ ufw enable

You will be asked for a confirmation. Type y and then enter.

Now let's make sure it worked:

$ ufw status

You should see the following output:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                       
OpenSSH (v6)               ALLOW       Anywhere (v6)

This means that our server is now blocking all connections except SSH. later on we will add more permissions to ufw firewall as we need them.

Step 7: Making Sure Your User Account Can Log In

If when you logged into your root account, you needed a password, you should be able to open a new terminal window and login similarly with your new user. Do not close the terminal window your root user is logged in with yet!

$ ssh MYUSER@SERVER-IP

If you were asked for a password, and you entered what you selected for MYPASS, and got in, you are set for now. However, this is not a very secure way to log in, and you should consider learning how to login using SSH keys.

A tutorial for that can be found here: Ubuntu 20.04 How to Set Up SSH Keys

If you were able to login as root without a password, you are probably already setup with SSH Key Authentication. That's great, but we need to make sure your new user can get in that way as well, because in our Ubuntu 20.04 - Hardening tutorial, we will set up your server so that people cannot login with a password.

Copying Your Root Key to Your New User

Again, if you logged into root without a password, your public key is in the root user's ~/.ssh/authorized_keys file. We will copy that to our new account.

rsync --archive --chown=MYUSER:MYUSER ~/.ssh /home/MYUSER

Don't forget to replace MYUSER with the username you created.

now open a new terminal window and try to login with your new user account.

$ ssh MYUSER@SERVER-IP

That's It For Now

OK, you now have a basic setup. Assuming you are able to login with your new account, you can log out of your root account and proceed to the next tutorial: Ubuntu 20.04 - Hardening In this tutorial, we will change many settings to make it extremely difficult for a hacker to breach your server.




Blog Comments powered by Disqus.