TechLoverHD

There are few necessary steps to take on a new Ubuntu 16.04 server to cover the basics and secure your server. This tutorial will take you through the Ubuntu 16.04 server setup process and will give you a solid start.

Overview

• Login to Your Server
• Change Root Password
• Create and Add New User and give sudo Privileges
• Disable root Login
• Enable Basic Firewall

Login to Your Server

First, you need to log in to your server via ssh either using your password or private key file. Use root as user and your server ip address. I use PuTTY in Windows and either terminal or Remmina from Ubuntu.

Change Root Password

Root user has the most power of your server, it is the account with all administrative privileges. If you are using a VPS, you should already have a root password which was automatically generated, unless you are using a private key. If you haven’t changed the root password yet, now is the time to do it. Though you can disable root login to make your server more secure, still changing the default password wouldn’t do any harm except strengthening your server’s security. Enter the following in your terminal window.

passwd

It will ask your current password. After you enter your current password, you have to enter a new password and confirm it by typing it again. Entering a strong password with uppercase, lowercase, number & symbols recommended.

Create and Add a New User and give sudo Privileges

It is not recommended to run your server only with root user. You can create a new user and give it sudo privileges so it can run commands as root.

The following command will create a new user panda. You can change it with your desired user name. You need to enter a strong password and confirm it. Rest of the steps you can skip using the Enter key.

adduser panda

Now, you have to add the user panda to the group sudo which will give this user root privileges to run admin tasks. The following command will take care of that.

usermod -aG sudo panda

Your user should now have super user permissions and can run any command as root by adding sudo in the beginning of any command.

Disable root Login

Open a new terminal or Putty window and log in into your server using the new user, not as root. You need to change the SSH configuration to disable root login. Enter the following command in your terminal:

sudo nano /etc/ssh/sshd_config

Find the line PermitRootLogin and change its value to no. After the edit he file should look like this:

...
 # Authentication:
 LoginGraceTime 120
 PermitRootLogin no
 StrictModes yes
 ...

Save the file and exit by pressing CTRL + X, then Y, then Enter.

The change has been done, reload the SSH daemon for the changes to take effect. Enter the following in terminal:

sudo systemctl reload sshd

Now you can try to log in to your server as root just to test. If your server doesn’t allow that means it is a success. Remember, you can always use the root user by typing sudo su in your terminal and entering the user password.

Enable Basic Firewall

UFW (Uncomplicated Firewall) package comes as default firewall with every Ubuntu release, very basic, powerful and easy to use. Enter the following in your terminal window to enable ufw.

sudo ufw enable

This will enable basic firewall on your Ubuntu 16.04 and start monitoring incoming and outgoing connections. You can use ufw to enable/disable certain ports, apps or services. To check the status you can use the following command:

sudo ufw status

If the list doesn’t say anything about ssh connections or OpenSSH, enable it so that ufw will allow port for SSH connection. Otherwise, you may lock yourself out. Enter the following:

sudo ufw allow OpenSSH

Disable ufw firewall:

sudo ufw disable

For detailed syntax and usage examples check Ubuntu Community Help Wiki – UFW.

The above steps will give you a starting point for your server and very basic setup. Once these parts are done, before installing anything I like to reboot the server (sudo reboot) and start fresh.