news
Serverspace launched CDN
DW
February 27, 2023
Updated March 22, 2023

Initial setup of Ubuntu Server 22.04

Linux Ubuntu

Introduction

After installation Ubuntu Server 22.04 distribution kit, you have to do some steps to configure system security and for ease of use.

Stage 1 - Authorization with a Root account

We are going to deploy a clean server in the cloud server and "root" will be only available account. When you are going to create a server, there are two options of connection:

  1. By SSH-key;
  2. By login and password.

The “root” user has more privileges than regular users. When using some commands as root, they can lead to malfunctions. Usually a change in the configuration file, restarting services, opening ports, and others. For this reason, it is necessary to create a new user and execute commands using sudo. The risk will definitely decrease. Privileges and restrictions on the user are issued from the root side, using the usermod command.

If you are connecting via SSH-key you should use instructions on this topic. During the creation of the server use the login and password, a password for the root user will be generated, this connection method is considered less secure.

The connection to the server is as follows:

ssh root@ip_address

After that, you need to specify either a password, or there must be a corresponding key file in the .ssh directory. We agree with the authenticity of the server. Connecting with an SSH key may require a passphrase and must be entered.

In the next step, we will create a system user for use with certain privileges and restrictions on use.

Stage 2 – Adding a new system user

When you first log in as root, you should add a new user to the system using the command:

useradd -m test_user

You can replace test_user at your discretion. The -m switch creates a folder in the home directory for the test_user user and makes the user the owner.

You must set a password for the user:

passwd test_user

We enter a new password and confirm, you must use a complex password and write it down in your notes. The password will be required when using the sudo command.

Stage 3 – Granting administrative privileges

After creating a user, you need to add it to the sudo group. We use the command:

usermod -aG sudo test_server

The "a" key indicates the addition, the "G" key indicates the group, followed by the name of the group and the user to be added.

When creating a user, there are no access rights and privileges. At normal times, you should restart the server, make changes to the configuration file of a particular or several services.

Stage 4 – Initial Basic Firewall Setup

Ufw is a firewall utility, each installed package is added to the ufw rule. Our SSH connection also goes through the corresponding ufw rule. Checking the status of applications is done as follows:

ufw status

In the output, we get data about open ports and about applications that have been added to ufw.

The following command allows you to list applications that are currently running continuously with ufw

ufw app list
#Output
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH

To make sure there are no problems connecting, let's allow OpenSSH connection by running the following command:

ufw allow OpenSSH

Turn on the firewall and agree:

ufw enable

Let's check the status of the application and the SSH connection is still up to date:

ufw status
#Output
Status: active
To  Action From
__ ________ _________
OpenSSH ALLOW Anywhere

Now ufw blocks all external connections except OpenSSH.

Stage 5 – Permission to connect remotely to a user

Open a command prompt and enter the command:

ssh test_server@ip_address

You must enter a password when creating an account. Let's execute the command using sudo (see Screen 1), for example:

sudo apt install neovim
Installing neovim text editor
Figure 1 - Installing neovim text editor

After a user has been created, the default shell is the shell. If you need to change to bash, you can run the command:

sudo chsh -s /bin/bash test_server

You should re-authorize as user test_user and check the command interpreter:

echo $0
#Output -bash

When connecting via SSH key to root

The .ssh directory is stored in the user's root directory, the authorized_keys file in the directory is responsible for the SSH keys, you should copy and paste the file in the user's /home/test_server/.ssh/ directory.

It is more convenient to use rsync to change the path of the directory, the owner of the file while maintaining permissions:

rsync --archive --chown=test_server:test_server ~/.ssh /home/test_server

Let's connect:

ssh test_server@ip_addres

The connection will be successful, it remains only to work in the system for your own benefit!

Conclusions

  • Ufw - helper for secure connections to the server.
  • The SSH key does not allow connection to the server without a unique key.
  • A user with sudo rights reduces the risk of errors in the operation of the server, compared to commands executed on behalf of root.
Vote:
5 out of 5
Аverage rating : 5
Rated by: 1
1101 CT Amsterdam The Netherlands, Herikerbergweg 292
+31 20 262-33-82
700 300
ITGLOBAL.COM NL
700 300
We use cookies to make your experience on the Serverspace better. By continuing to browse our website, you agree to our
Use of Cookies and Privacy Policy.