Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse

NodeBB
  1. Home
  2. VPS Tutorial
  3. Ubuntu Server Initial Setup Guide

Ubuntu Server Initial Setup Guide

Scheduled Pinned Locked Moved VPS Tutorial
1 Posts 1 Posters 23 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C Offline
    C Offline
    cuong
    wrote last edited by
    #1

    Initial Server Setup on Ubuntu

    When you first spin up a new Ubuntu server, getting right to work is tempting. However, before you jump into deploying web applications, hosting a NodeBB forum, or installing Nginx, it is crucial to establish a secure foundation.

    Relying on the default root account for day-to-day operations is a security risk. This guide will walk you through the essential first steps for any newly provisioned Ubuntu server: creating a dedicated user, granting the right privileges, and configuring a basic firewall.

    Step 1: Log In as Root

    To begin, you will need your server's public IP address and the password (or SSH private key if you installed an SSH key for authentication) for the root account. Open your terminal and connect to your server as the root user using the following command, replacing your_server_ip with your actual IP address:

    ssh root@your_server_ip

    If a warning about host authenticity appears, accept it. If your server uses password authentication, provide your root password to log in. If your server uses an SSH key for authentication, you may need to enter SSH key passphrase the first time you use the key each session.

    Note: The root user has absolute power over the system. Because of the heightened privileges of the root account, you are discouraged from using it regularly. The root account can make very destructive changes, even by accident.

    Step 2: Create a New User

    Now that you are logged in as root, let's create a standard user account. We will use this account moving forward. You can name this user whatever you like; for this example, we'll use adminuser.

    adduser adminuser

    The system will prompt you to create and confirm a strong password. You will also see prompts for additional information (like Full Name or Room Number). These are entirely optional—feel free to just press ENTER to skip them.

    Step 3: Grant Administrative Privileges

    Our new user needs the ability to perform administrative tasks when necessary, like updating packages or managing server blocks later on. Instead of logging back in as root, we can grant this user superuser capabilities.

    On Ubuntu, users in the sudo group are automatically allowed to run administrative commands. Add your new user to this group:

    usermod -aG sudo adminuser

    From now on, whenever you need to execute a command with elevated privileges, you can simply type sudo before it.

    Step 4: Set Up a Basic Firewall

    Ubuntu ships with a firewall configuration tool called UFW (Uncomplicated Firewall). Setting it up ensures that only authorized traffic can reach your server.

    When software is installed, it often registers its profile with UFW. Because we need to maintain our connection to the server, we must ensure SSH traffic is allowed before turning the firewall on.

    First, check the available application profiles:

    ufw app list

    You should see OpenSSH in the output, it will probably look like this:

    Available applications:
  OpenSSH

    Allow connections for OpenSSH by running:

    ufw allow OpenSSH

    Now, it is safe to enable the firewall:

    ufw enable

    Type y and press ENTER to confirm. You can verify that your firewall is active and that SSH connections are allowed by checking its status:

    ufw status

    And in the output, it will probably look like this:

    Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)

    The firewall is currently blocking all connections except for SSH. As you continue building your server environment—such as opening ports 80 and 443 for web traffic later—you will adjust these UFW rules to allow the new services:

    ufw allow 80/tcp
ufw allow 443/tcp

    Step 5: Verify External Access for Your Regular User

    Before closing your active root session, it is critical to verify that you can successfully log in and use sudo with your new user. If you have problems connecting, you can troubleshoot and make any necessary changes as root.

    Configuring SSH access for your new user depends on whether your server’s root account uses a password or SSH keys for authentication.

    If the root account uses password authentication

    Open a new terminal window on your local machine and try connecting as your new user:

    ssh adminuser@your_server_ip

    When the terminal prompts for password of your new user, enter it then you will be logged in.

    Remember, if you need to run a command with administrative privileges, type sudo before it like this:

    sudo command_to_run

    You will receive a prompt for your user's password when using sudo for the first time each session (and periodically afterward).

    If the root account uses SSH key authentication

    If you logged in to your root account using SSH keys, then password authentication is disabled for SSH. To log in as your regular user with an SSH key, you must add a copy of your local public key to your new user’s ~/.ssh/authorized_keys file.

    Since your public key is already in the root account’s ~/.ssh/authorized_keys file on the server, you can copy that file and directory structure to your new user account using your current session.

    The simplest way to copy the files with the correct ownership and permissions is with the rsync command. This command will copy the root user’s .ssh directory, preserve the permissions, and modify the file owners, all in a single command. Make sure to change adminuser of the command below to match your regular user’s name:

    rsync --archive --chown=adminuser:adminuser ~/.ssh /home/adminuser

    Now, open up a new terminal session on your local machine, and use SSH with your new username:

    ssh adminuser@your_server_ip

    You should be connected to your server with the new user account without using a password. Remember, if you need to run a command with administrative privileges, type sudo before the command like this:

    sudo command_to_run

    You will be prompted for your regular user’s password when using sudo for the first time each session (and periodically afterward).

    1 Reply Last reply
    0

    Hello! It looks like you're interested in this conversation, but you don't have an account yet.

    Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

    With your input, this post could be even better 💗

    Register Login
    Reply
    • Reply as topic
    Log in to reply
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes

    • Login
    • Don't have an account? Register
    • Login or register to search.
    Powered by NodeBB Contributors
    • First post
      Last post
    0
    • Categories
    • Recent
    • Tags
    • Popular
    • World
    • Users
    • Groups