There are few necessary steps to take on a new Ubuntu 16.04 server to cover the basics and secure your server. This tutorial will take you through the Ubuntu 16.04 server setup process and will give you a solid start.
- Login to Your Server
- Change Root Password
- Create and Add a New User and give sudo Privileges
- Disable root Login
- Enable Basic Firewall
Login to Your Server
First, you need to log in to your server via ssh either using your password or private key file. Use
root as user and your server ip address. I use PuTTY in Windows and either terminal or Remmina from Ubuntu.
Change Root Password
Root user has the most power of your server, it is the account with all administrative privileges. If you are using a VPS, you should already have a
root password which was automatically generated, unless you are using a private key. If you haven’t changed the
root password yet, now is the time to do it. Though you can disable root login to make your server more secure, still changing the default password wouldn’t do any harm except strengthening your server’s security. Enter the following in your terminal window.
It will ask your current password. After you enter your current password, you have to enter a new password and confirm it by typing it again. Entering a strong password with uppercase, lowercase, number & symbols recommended.
Create and Add a New User and give
It is not recommended to run your server only with
root user. You can create a new user and give it sudo privileges so it can run commands as
The following command will create a new user
panda. You can change it with your desired user name. You need to enter a strong password and confirm it. Rest of the steps you can skip using the
Now, you have to add the user
panda to the group
sudo which will give this user root privileges to run admin tasks. The following command will take care of that.
usermod -aG sudo panda
Your user should now have super user permissions and can run any command as
root by adding
sudo in the beginning of any command.
Disable root Login
Open a new terminal or Putty window and log in into your server using the new user, not as root. You need to change the SSH configuration to disable root login. Enter the following command in your terminal:
sudo nano /etc/ssh/sshd_config
Find the line
PermitRootLogin and change its value to
no. After the edit he file should look like this:
... # Authentication: LoginGraceTime 120 PermitRootLogin no StrictModes yes ...
Save the file and exit by pressing
CTRL + X, then
The change has been done, reload the SSH daemon for the changes to take effect. Enter the following in terminal:
sudo systemctl reload sshd
Now you can try to log in to your server as
root just to test. If your server doesn’t allow that means it is a success. Remember, you can always use the root user by typing
sudo su in your terminal and entering the user password.
Enable Basic Firewall
UFW (Uncomplicated Firewall) package comes as default firewall with every Ubuntu release, very basic, powerful and easy to use. Enter the following in your terminal window to enable
sudo ufw enable
This will enable basic firewall on your Ubuntu 16.04 and start monitoring incoming and outgoing connections. You can use
ufw to enable/disable certain ports, apps or services. To check the status you can use the following command:
sudo ufw status
If the list doesn’t say anything about ssh connections or OpenSSH, enable it so that
ufw will allow port for SSH connection. Otherwise, you may lock yourself out. Enter the following:
sudo ufw allow OpenSSH
sudo ufw disable
For detailed syntax and usage examples check Ubuntu Community Help Wiki – UFW.
The above steps will give you a starting point for your server and very basic setup. Once these parts are done, before installing anything I like to reboot the server (
sudo reboot) and start fresh.