Thumbnail image

Setup Ubuntu 20.04

Introduction

In this tutorial you will learn how to setup an Ubuntu server. This includes how to create a non-root user, enable SSH login, disable root login and enable a rudimentary firewall.

This article was first published at Hetzner Community: https://community.hetzner.com/tutorials/setup-ubuntu-20-04

Step 1 - Login to your new serverLogin as the root user to your new Ubuntu 20.04 server:

ssh root@10.0.0.1

If you already set up your server with an SSH key and it isn’t your default key you need to tell your machine where to find it:

ssh -i /path/to/ssh/key root@10.0.0.1

Step 2 - Create a new non-root user

It is recommended not to use a root user on a regular basis. Thus we will create a new non-root user.In the future we will only use this user to log in.Type this command to create a new user:

root@10.0.0.1:~$ adduser holu

Now you will be prompted to enter some information.First, enter a strong password. The remaining information you can fill out or skip by pressing ENTER.

Step 3 - Add new user to sudo group

Our new user has only regular account privileges. But as we are going to use it as our main user, we will sometimes need administrative privileges. To be able to run administrative commands as a non-root user we need to add our user to the sudo group.

For this still as the root user we will run this command:

root@10.0.0.1:~$ usermod -aG sudo holu

Step 4 - Switch to the new user

Now log out of the root user with the following command:

root@10.0.0.1:~$ exit

Afterwards we can log in with our new user:

ssh holu@10.0.0.1

Now that we are logged in as a non-root user we need to use sudo in front of administrative commands.

Step 5 - Enable a basic firewall

After creating a non-root user we want to enable the firewall. For this we will use ufw.

Step 5.1 - List all available applications

First, we want to list all available applications which we can register with the firewall.

You can list them with the following command:

holu@10.0.0.1:~$ sudo ufw app list

This will be the output:

Available applications: OpenSSH

Step 5.2 - Allow OpenSSH

As we want to use SSH for future logins we need to enable it before we activate the firewall:

holu@10.0.0.1:~$ sudo ufw allow OpenSSH

Step 5.3 - Enable the firewall

Now, that the firewall allows SSH connections we can activate it:

holu@10.0.0.1:~$ sudo ufw enable

Next, check the status:

holu@10.0.0.1:~$ ufw status
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)

The firewall now blocks all connections except SSH.

If we install new applications we need to activate them. Otherwise their connection will be blocked by the firewall.

Step 6 - Add SSH keys

Create an SSH key pair on your local machine.

Now, copy the public key from your local machine to your server with the following command:

cat ~/.ssh/ssh_key.pub | ssh holu@10.0.0.1 "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
  • Replace ~/.ssh/ssh_key.pub with the path to your public SSH key.
  • Replace holu with your new username
  • Replace 10.0.0.1 with the IP of your server.

Step 7 - Edit the sshd config

Now, that we use SSH for our login we need to deactivate password based login and the login for the root user.

For this we will edit the file /etc/ssh/sshd_config:

holu@10.0.0.1:~$ sudo nano /etc/ssh/sshd_config

Step 7.1 - Deactivate password based login

Within the file locate the following line:

PasswordAuthentication yes

And change it to:

PasswordAuthentication no

Step 7.2 - Disable root login

Within the file locate the following line:

PermitRootLogin yes

And change it to:

PermitRootLogin no

Step 7.3 - Restart sshd service

Save and close the editor.

Now restart the sshd service:

holu@10.0.0.1:~$ sudo systemctl restart ssh

Step 8 - Create an SSH config (Optional)

For Mac/Linux:

Create an SSH config on your local machine. Here we will tell our machine where to find our SSH key, so we don’t have to specify it each time we login.

Run the following command on your local machine:

sudo nano ~/.ssh/config

Add now the following content adapted to your SSH key:

HOST 10.0.0.1
IdentityFile ~/.ssh/SSH-key

Now whenever you login to your server your machine looks up the correct SSH key.

Conclusion

We have now a basic Ubuntu 20.04 server. We have created a non-root user, and enabled SSH login. Futhermore we disabled root login and activated the ufw firewall.