Good content takes time and effort to come up with.

Please consider supporting us by just disabling your AD BLOCKER and reloading this page again.







Basic Server Security Setup For Ubuntu or Linux | StackCoder


How To Do Basic Server Security Setup For Ubuntu / Linux


Share On     Share On WhatsApp     Share On LinkedIn


Setup up Ubuntu server in Digital Ocean, Linode or any other cloud platform. If you don't have an account then click on the link and get the free credits to play around :)


If you have installed fresh server setup but still using password logins or root user SSH logins. Then your at right place, in this tutorials I will explain you how to secure your UBUNTU/LINUX server.


Step 1 - Login to server with ROOT user access


If your not logged in to server then login to server with root user as follows


ssh root@ip_address_of_server


While creating the server you might have created SSH login or with a password login.

  1. If via SSH then for the first time you will be asked to enter the pass phrase.
  2. If via password for first time when you login then you will be asked to change password, then every subsequent times you have to add this password before logging into your server.
Issue being root user - Since your logged in as root user, there are changes of security miss configurations. All the software that your will be running will have highest privileges and if any error or issues in those software might corrupt your operating system.

Step 2 - Create new user


Creating a new user in unix is very simple by using the following command. Make sure to change the name of user from testuser to the one you need.

adduser testuser


Set the new password and confirm the password.


Step 3 - Add admin privileges to the new user


Now you have successfully created new user called testuser, but he don’t have any administrative privileges ie sudo. To do any admin tasks you have to login as root user which is totally a bad idea. So its better to add testuser to root user privileges.

To add user to root user group which we call sudo group use the following command


usermod -aG sudo testuser

Now when you login with testuser you can perform root user actions with sudo prefixed to it.


NOTE: At this point you have just created new user which acts alternative to root user. But I highly encourage not to logout from root user till we finish some other configurations

Step 4 - Enabling SSH for testuser


If the Root Account Uses Password Authentication


While creating your server if you have selected Password login then SSH login needs to be activated. But before that you will be performing few things.

First copy your local computer id_rsa.pub key using cat ~/.ssh/id_rsa.pub command and then paste it to your server root user in the ~/.ssh/authorized_keys. Use the following command to create if file not exists and if exists then it will open.


sudo nano ~/.ssh/authorized_keys


Once you paste your local computer SSH key to your server then follow the SSH steps below.



If the Root Account Uses SSH Key Authentication


While creating your server if you have selected SSH key then by default your password login will be disabled. If not then don't worry I will be showing you how to disable it.

Since we want to switch from root user to testuser we must make sure to copy the root user ~/.ssh/authorized_keys to testuser user ~/.ssh/authorize_keys . We can copy manually but the problem is to retain the file permissions and other things. So better to use rsyn, use the following command to copy with rsync.


NOTE: Make sure that your still logged in as root user. Don't login as testuser for time being. And run the following command


rsync --archive --chown=testuser:testuser ~/.ssh /home/testuser


The rsync command copies the root user ~/.ssh/authorize_keys to testuser user ~/.ssh/authorize_keys and retains the file permissions.


Now test if testuser can ssh to our server.

Open new command prompt or terminal and SSH as testuser with the following command as follows


ssh testuser@ip_address_of_server


If you have configured everything correctly then you must be able to login now. But remember if you need to do any administrative stuff then add sudo prefixed to the commands. For example


sudo apt-get update

Step 5 - Disable server root user login, password login (Very Imp*)


Open the sshd_config file which basically resides in /etc/ssh folder


sudo nano /etc/ssh/sshd_config


In this file look for the following texts PermitRootLogin, PasswordAuthentication, ChallengeResponseAuthentication and set the permission as follows. Once done save and exit from the file.


#This is used to disable server root  user login
PermitRootLogin no

#This is used to disable server password login
PasswordAuthentication no

#There are chances that some may login as root with challenge response so disable that also
ChallengeResponseAuthentication no


Don't forget to restart SSH service else the changes you made wont take into affect. To restart SSH service use the following command


sudo service ssh restart

Step 6 - Testing


Closed all the terminal or command prompts and open new one. Try to login to server with new user ie testuser


ssh testuser@ip_address_of_server


You will be logged in if you have followed all the steps properly.


Conclusion


Next steps you can look out for ufw firewall. Basically with ufw you will control which ports need to be open and which will be closed, thus increasing the security.

If you want to learn about more on setting up SSH then follow this article How To Generate SSH Key with ssh-keygen In Linux / Unix


Hope it helped you. Happy Coding :)








Author Image
AUTHOR

Channaveer Hakari

I am a full-stack developer working at WifiDabba India Pvt Ltd. I started this blog so that I can share my knowledge and enhance my skills with constant learning.

Never stop learning. If you stop learning, you stop growing