Good content takes time and effort to come up with.

Please consider supporting us by just disabling your AD BLOCKER and reloading this page again.

Basic Server Security Setup For Ubuntu or Linux | StackCoder

Basic Server Security Setup For Ubuntu / Linux

Share On     Share On WhatsApp     Share On LinkedIn

Setup up Ubuntu server in Digital Ocean, Linode or any other cloud platform. If you don't have an account then click on the link and get the free credits to play around :)

If you have installed fresh server setup but still using password logins or root user SSH logins. Then your at right place, in this tutorials I will explain you how to secure your UBUNTU/LINUX server.

Step 1 - Login to server with ROOT user access

If your not logged in to server then login to server with root user as follows

ssh root@ip_address_of_server

While creating the server you might have created SSH login or with a password login.

  1. If via SSH then for the first time you will be asked to enter the pass phrase.
  2. If via password for first time when you login then you will be asked to change password, then every subsequent times you have to add this password before logging into your server.
Issue being root user - Since your logged in as root user, there are changes of security miss configurations. All the software that your will be running will have highest privileges and if any error or issues in those software might corrupt your operating system.

Step 2 - Create new user

Creating a new user in unix is very simple by using the following command. Make sure to change the name of user from testuser to the one you need.

adduser testuser

Set the new password and confirm the password.

Step 3 - Add admin privileges to the new user

Now you have successfully created new user called testuser, but he don’t have any administrative privileges ie sudo. To do any admin tasks you have to login as root user which is totally a bad idea. So its better to add testuser to root user privileges.

To add user to root user group which we call sudo group use the following command

usermod -aG sudo testuser

Now when you login with testuser you can perform root user actions with sudo prefixed to it.

NOTE: At this point you have just created new user which acts alternative to root user. But I highly encourage not to logout from root user till we finish some other configurations

Step 4 - Enabling SSH for testuser

If the Root Account Uses Password Authentication

While creating your server if you have selected Password login then SSH login needs to be activated. But before that you will be performing few things.

First copy your local computer key using cat ~/.ssh/ command and then paste it to your server root user in the ~/.ssh/authorized_keys. Use the following command to create if file not exists and if exists then it will open.

sudo nano ~/.ssh/authorized_keys

Once you paste your local computer SSH key to your server then follow the SSH steps below.

If the Root Account Uses SSH Key Authentication

While creating your server if you have selected SSH key then by default your password login will be disabled. If not then don't worry I will be showing you how to disable it.

Since we want to switch from root user to testuser we must make sure to copy the root user ~/.ssh/authorized_keys to testuser user ~/.ssh/authorize_keys . We can copy manually but the problem is to retain the file permissions and other things. So better to use rsyn, use the following command to copy with rsync.

NOTE: Make sure that your still logged in as root user. Don't login as testuser for time being. And run the following command

rsync --archive --chown=testuser:testuser ~/.ssh /home/testuser

The rsync command copies the root user ~/.ssh/authorize_keys to testuser user ~/.ssh/authorize_keys and retains the file permissions.

Now test if testuser can ssh to our server.

Open new command prompt or terminal and SSH as testuser with the following command as follows

ssh testuser@ip_address_of_server

If you have configured everything correctly then you must be able to login now. But remember if you need to do any administrative stuff then add sudo prefixed to the commands. For example

sudo apt-get update

Step 5 - Disable server root user login, password login (Very Imp*)

Open the sshd_config file which basically resides in /etc/ssh folder

sudo nano /etc/ssh/sshd_config

In this file look for the following texts PermitRootLogin, PasswordAuthentication, ChallengeResponseAuthentication and set the permission as follows. Once done save and exit from the file.

#This is used to disable server root  user login
PermitRootLogin no

#This is used to disable server password login
PasswordAuthentication no

#There are chances that some may login as root with challenge response so disable that also
ChallengeResponseAuthentication no

Don't forget to restart SSH service else the changes you made wont take into affect. To restart SSH service use the following command

sudo service ssh restart

Step 6 - Testing

Closed all the terminal or command prompts and open new one. Try to login to server with new user ie testuser

ssh testuser@ip_address_of_server

You will be logged in if you have followed all the steps properly.


Next steps you can look out for ufw firewall. Basically with ufw you will control which ports need to be open and which will be closed, thus increasing the security.

If you want to learn about more on setting up SSH then follow this article How To Generate SSH Key with ssh-keygen In Linux / Unix

Author Image

Channaveer Hakari

I am a full-stack developer working at WifiDabba India Pvt Ltd. I started this blog so that I can share my knowledge and enhance my skills with constant learning.

Never stop learning. If you stop learning, you stop growing