After installing a new Ubuntu 18.04 server, you should perform several configuration actions as part of the initial server setup to improve security and management later on.
This article will lead you through a few steps that you should perform early on to lay the groundwork for your new server before installing and configuring any software or services.
A root account is often set up on newly installed servers, and this is the account you’ll use to log into your server for the first time.
The root user is an administrator user with extensive privileges. Because of the root account’s elevated privileges, you should avoid utilising it on a frequent basis. This is due to the root account’s intrinsic potential to make extremely harmful modifications, even by accident. As a result, it is advisable to create a regular system user and grant this user sudo capabilities so that it can run administrative commands with specific restrictions. In the following step, you will create such a user.
To begin, you must first log into your server. Ascertain that you are aware of your server’s public IP address. To authenticate, you’ll need either the account’s password or the SSH private key for the root user’s account, if you’ve configured an SSH key for server authentication.
If you are not already connected to your server, use the following command to log in as the root user. Make sure to change the highlighted piece of the command with the public IP address of your server:
Accept the warning regarding the authenticity of the host if it appears. Log in with your root password if you’re using password authentication. However, if you are using a pass-protected SSH key, you may be requested to input the pass the first time you use the key each session. Furthermore, if this is your first time logging in with a password, you may be required to update the root password.
In the following step, you will create a new system user account with limited capabilities and configure it to run administrative commands using sudo.
Once logged in as root, you can create a new user who will serve as your regular system user from now on.
The following example creates a new user named hostzop, but you should change it with your preferred username:
You will be prompted with a series of questions, beginning with the account password.
Enter a secure password and, if desired, fill in any of the additional information. This is optional, and you can just enter ENTER in any field you want to skip.
The next step is to grant this user sudo capabilities. This enables the user to do administrative activities as the root user using the sudo software.
You now have a new user account with standard privileges. However, you will occasionally be required to undertake administrative duties such as managing servers, altering configuration files, or restarting a server.
To avoid having to log out of your regular user account and back in as the root account, you can grant your regular account “superuser” or root capabilities. By prefixing each command with the term sudo, your regular user will be able to perform commands with administrator rights.
To give these permissions to your new user, add them to the sudo group. Users in the sudo group are granted access to the sudo command by default in Ubuntu 18.04.
The following command will change the default user settings, including adding the sudo group to the list of groups to which the user already belongs. Take note of the -a parameter, which stands for append. Without this option, the user’s current groups would be substituted by sudo, resulting in unexpected results. The -G option instructs usermod to modify a user’s group settings.
Run the following command as root to add your new user to the sudo group (change the highlighted word with the name of your new user):
Your system user has now been created. The following step will configure a rudimentary firewall for your server.
The firewall setup tool UFW (Uncomplicated Firewall) is included with Ubuntu systems. You can use the UFW firewall to restrict connections to specific services on your server.
When an application is installed, it can register its profile with UFW. These profiles enable UFW to manage per-application parameters by name. OpenSSH, the service that allows you to connect to your server right now, has a profile registered with UFW.
To obtain a list of all currently available profiles, use the following command:
Output :
Available applications:
OpenSSH
You must ensure that the firewall accepts SSH connections in order to log back in the following time. These connections can be enabled by typing:
Following that, you may enable the firewall with:
To proceed, type “y” and hit ENTER. By typing: you can see that SSH connections are still permitted.
Output :
Status: active
To Action From
— —— —-
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Because the firewall is presently denying all connections except SSH, you will need to alter the firewall settings to allow appropriate traffic in if you install and setup other services.
You must ensure that you can SSH into the account directly now that you have a normal user for daily use.
Note: We recommend staying logged in as root until you can log in and use sudo as your new user. If you encounter issues, you can troubleshoot and make any necessary modifications as root.
The procedure for configuring SSH access for your new user is dependent on whether your server’s root account uses a password or SSH keys for verification.
If you signed in to your root account with a password, SSH password authentication is enabled. Open a new terminal session and use SSH with your new username to connect to your new user account:
You will be logged in after entering your usual user password. Remember to put sudo before any command that requires administrative privileges:
When you use sudo for the first time in a session, you will be prompted for your regular user password (and periodically afterwards).
You learnt about Initial Setup with Ubuntu 18.04 in this tutorial, and you now have a good basis for your server