Serverspace Black Friday
DF
February 27, 2023
Updated July 26, 2023

Initial setup of Ubuntu Server 22.04

Linux Ubuntu

Using another OS?

Select the desired version or distribution.

Introduction

A few mouse clicks and several minutes are enough to get Ubuntu server in Serverspace cloud.
After server installation:

  • root account is only existing;
  • standard port 22 is in use for SSH server;
  • no firewall in the OS;
  • time zone is UTC.

It is recommended to perform several actions to increase security:

  • there is no need to use root account for regular tasks because of chances to damage OS when running wrong command (either typo or some configuration misunderstanding). Instead, new regular user should be created and granted administrative permissions. Also, many attackers are searching servers in internet for opened port 22 and try to brute root password – common recommendation is disabling connection for root in SSH config and connect with regular user;
  • change SSH port from 22 to unused one – it will decrease amount of connection attempts from outside;
  • install UFW (Uncomplicated FireWall) to restrict unwanted connections to your server;
  • set proper time zone to get correct time of events when analyzing system logs.



Creating new user and granting permissions

Connect to the server with root account:

ssh root@server_ip

Run this command to create new regular user:

useradd -m -s /bin/bash myuser

It will add user with name myuser to the system (option "-m" is used to create home directory).

Set a complex password:

passwd myuser

Characters entered will not be visible (security reason) and it must be entered twice to ensure new password is set correctly.
Using utility “sudo” is a way to provide administrative privileges for a regular user. Ubuntu has the user group named “sudo” by default and user from this group can run any command (typing sudo prior desired command). It is enough to add new user to this group:

usermod -aG sudo myuser

Disconnect from the server and connect again with new user:

ssh myuser@server_ip

Check if sudo is available:

sudo less /etc/sudoers

Content of the file /etc/sudoers should be shown on the screen. It means myuser has needed permissions. root user can be disabled – next paragraph shows modifying SSH server config file.

Making changes in SSH server config file

Edit file /etc/ssh/sshd_config in your preferable text editor, e.g. in nano:

sudo nano /etc/ssh/sshd_config

Find the commented string with port assignment "#Port 22":

SSH server default port

Uncomment it and set another port number (the one which is not used in the system), e.g., 4680:

SSH server custom port

Next, in section "Authentication" find the string "PermitRootLogin prohibit-password" and replace it with "PermitRootLogin no":

Deny root over SSH

Save the changes and close the file. Restart SSH server to apply changes:

systemctl restart sshd.service

Try to login with root account and port 4680:

ssh root@server_ip -p 4680

You will get error message because root is not allowed to connect anymore. Connect with myuser:

ssh myuser@server_ip -p 4680

The connection should be allowed.

Installing UFW

New installed Ubuntu server has no firewall rules by default and connections from outside are not restricted. UFW is used to create the rules, installation is simple:

sudo apt update && sudo apt install ufw

After installation UFW is not enabled:

UFW status

Create new rule to allow port 4680 for SSH connections (replace with your port if differs):

sudo ufw allow 4680/tcp comment 'Allow SSH connections'

Enable UFW:

sudo ufw enable

Check the status – it will show current status and created rule also:

UFW enabled

Other services and ports can be added in the same way, e.g., to add port 443 for NGINX:

sudo ufw allow 443/tcp comment 'Allow HTTPS'

There is additional our publication where is described how to use UFW – Common UFW commands

Setting time zone

Check current time settings:

timedatectl

current time settings

Currently it is UTC. Available time zones are shown with the command:

timedatectl list-timezones

Chose desire one to set. For example, you need to set time zone for Chicago then run:

sudo timedatectl set-timezone "America/Chicago"

Check current time zone once again:

Chicago time zone

Now events in system logs have proper time registration.

Vote:
4 out of 5
Аverage rating : 4.8
Rated by: 6
1101 CT Amsterdam The Netherlands, Herikerbergweg 292
+31 20 262-58-98
700 300
ITGLOBAL.COM NL
700 300
We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.