Introduction
A few mouse clicks and several minutes are enough to get Ubuntu server in Serverspace cloud.
After server installation:
- root account is only existing;
- standard port 22 is in use for SSH server;
- no firewall in the OS;
- time zone is UTC.
It is recommended to perform several actions to increase security:
- there is no need to use root account for regular tasks because of chances to damage OS when running wrong command (either typo or some configuration misunderstanding). Instead, new regular user should be created and granted administrative permissions. Also, many attackers are searching servers in internet for opened port 22 and try to brute root password – common recommendation is disabling connection for root in SSH config and connect with regular user;
- change SSH port from 22 to unused one – it will decrease amount of connection attempts from outside;
- install UFW (Uncomplicated FireWall) to restrict unwanted connections to your server;
- set proper time zone to get correct time of events when analyzing system logs.
Creating new user and granting permissions
Connect to the server with root account:
Run this command to create new regular user:
It will add user with name myuser to the system (option "-m" is used to create home directory).
Set a complex password:
Characters entered will not be visible (security reason) and it must be entered twice to ensure new password is set correctly.
Using utility “sudo” is a way to provide administrative privileges for a regular user. Ubuntu has the user group named “sudo” by default and user from this group can run any command (typing sudo prior desired command). It is enough to add new user to this group:
Disconnect from the server and connect again with new user:
Check if sudo is available:
Content of the file /etc/sudoers should be shown on the screen. It means myuser has needed permissions. root user can be disabled – next paragraph shows modifying SSH server config file.
Making changes in SSH server config file
Edit file /etc/ssh/sshd_config in your preferable text editor, e.g. in nano:
Find the commented string with port assignment "#Port 22":
Uncomment it and set another port number (the one which is not used in the system), e.g., 4680:
Next, in section "Authentication" find the string "PermitRootLogin prohibit-password" and replace it with "PermitRootLogin no":
Save the changes and close the file. Restart SSH server to apply changes:
Try to login with root account and port 4680:
You will get error message because root is not allowed to connect anymore. Connect with myuser:
The connection should be allowed.
Installing UFW
New installed Ubuntu server has no firewall rules by default and connections from outside are not restricted. UFW is used to create the rules, installation is simple:
After installation UFW is not enabled:
Create new rule to allow port 4680 for SSH connections (replace with your port if differs):
Enable UFW:
Check the status – it will show current status and created rule also:
Other services and ports can be added in the same way, e.g., to add port 443 for NGINX:
There is additional our publication where is described how to use UFW – Common UFW commands
Setting time zone
Check current time settings:
Currently it is UTC. Available time zones are shown with the command:
Chose desire one to set. For example, you need to set time zone for Chicago then run:
Check current time zone once again:
Now events in system logs have proper time registration.