Semir Teskeredzic
Posted on May 25, 2021
Probably all server related work will require you to have properly configured server as a prerequisite. Servers that run Ubuntu are widely used so I will go through several necessary steps needed when you spin up new Ubuntu server.
First you will need to have a root access, whether through Password login or using previously configured SSH key.
1 - Log in
In order to do any kind of operations on the server, you will have to log in using SSH tunnel which is basically an encrypted SSH connection with the remote host. You will need to know your server's public ip address so you could use this command in your terminal:
$ ssh root@server_public_ip
If you are using password authentication, enter your root password in the prompt (in terminal passwords don't appear while you type so just press enter after you are done because it is there even if it seems that it is not).
If you are using SSH key authentication, the server will log you in automatically if everything is ok (if you entered a passphrase for your SSH key while creating it, you will have to enter it again here).
Since the root user has literally all the privileges, it is not a wise idea from a security and usability perspective to use it as a main user on a day-to-day basis. This is why we will create a new user that will have many administrative privileges that enable you to perform tasks while reducing the security or accidental issues.
2 - New non Root User
You will have to perform these steps while you are logged in as root user. Creating user is simple with a adduser
command, we will create a new user named jenny:
# adduser jenny
You will be asked to enter additional information including account password, use a strong one and fill in other prompts as you prefer (or just skip them by pressing enter).
3 - Jenny becomes Administrator
Currently, Jenny is a regular user on our server and that means that it is quite limited in terms of Server administration. We need to give Jenny privileges so she can install, update, and manage packages, access restricted files etc. We will add Jenny to sudo
group, this means that Jenny will be able to use sudo command whenever elevated privileges are required. While still logged in as a root enter a following command:
# usermod -aG sudo jenny
4 - Set up a basic firewall (Optional)
If you require restricted access to certain services on your server, you can use UFW firewall to manage that access. You will have to set up access for each service upon installation so it can be accessed. Now, we will set up OpenSSH as allowed in our firewall (OpenSSH is the service we are currently using in order to access our server).
Use this command to see which services have their profile registered with UFW:
# ufw app list
Output:
Available applications:
OpenSSH
In order to tell the firewall to allow SSH connections, we use allow command:
# ufw allow OpenSSH
After we allowed OpenSSH, we can enable the firewall by using enable command:
# ufw enable
When prompted, enter y
to finish enabling the firewall. You can see the current status with the following command:
# ufw status
5 - Configure external access for the new user
You can now log out from root account and log in with your newly created account. Type exit
to close the SSH connection with the remote host. Depending on the type of authentication root user uses, you will configure the external access differently.
Root account uses password authentication
This means that the password authentication is enabled so you can simply ssh to your remote server by using following command:
$ ssh jenny@server_public_ip
You will be prompted for password after which you will be logged in as a new user. For any action that requires elevated privileges you will use sudo
command before the desired action. This will again prompt you for the user password so you can type it in and press enter.
$ sudo command
Root account uses SSH key authentication
When root user uses SSH key authentication it means that the password authentication is disabled. We have to make a copy of local public key (which is already in the root account's file on server) to the new user's authorized_keys
file.
Make sure you are logged in as root user to perform this action.
We will use rsync
command to copy the files while maintaining proper permissions and ownership.
boldImportant:bold
When you use rsync
you need to make sure that the source directory ~/.ssh
boldis not*bold* with trailing slash.
# rsync --archive --chown=jenny:jenny ~/.ssh /home/jenny
6 - Server is configured
Congrats! You have initially configured your server and now you can continue with installing services you need to make it work.
Thank you for reading.
Posted on May 25, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.