Good content takes time and effort to come up with.
Please consider supporting us by just disabling your AD BLOCKER and reloading this page again.
Basic Server Security Setup For Ubuntu / Linux
16th April 2020
4 mins read
Share On
Setup up Ubuntu server in Digital Ocean, Linode or any other cloud platform. If you don't have an account then click on the link and get the free credits to play around :)
If you have installed fresh server setup but still using password logins or root user SSH logins. Then your at right place, in this tutorials I will explain you how to secure your UBUNTU/LINUX server.
Step 1 - Login to server with ROOT user access
If your not logged in to server then login to server with root user as follows
ssh root@ip_address_of_server
While creating the server you might have created SSH login or with a password login.
- If via
SSHthen for the first time you will be asked to enter the pass phrase. - If via password for first time when you login then you will be asked to change password, then every subsequent times you have to add this password before logging into your server.
Issue beingrootuser - Since your logged in asrootuser, there are changes of security miss configurations. All the software that your will be running will have highest privileges and if any error or issues in those software might corrupt your operating system.
Step 2 - Create new user
Creating a new user in unix is very simple by using the following command. Make sure to change the name of user from testuser to the one you need.
adduser testuser
Set the new password and confirm the password.
Step 3 - Add admin privileges to the new user
Now you have successfully created new user called testuser, but he don’t have any administrative privileges ie sudo. To do any admin tasks you have to login as root user which is totally a bad idea. So its better to add testuser to root user privileges.
To add user to root user group which we call sudo group use the following command
usermod -aG sudo testuser
Now when you login with testuser you can perform root user actions with sudo prefixed to it.
NOTE: At this point you have just created new user which acts alternative to root user. But I highly encourage not to logout from root user till we finish some other configurations
Step 4 - Enabling SSH for testuser
If the Root Account Uses Password Authentication
While creating your server if you have selected Password login then SSH login needs to be activated. But before that you will be performing few things.
First copy your local computer id_rsa.pub key using cat ~/.ssh/id_rsa.pub command and then paste it to your server root user in the ~/.ssh/authorized_keys. Use the following command to create if file not exists and if exists then it will open.
sudo nano ~/.ssh/authorized_keys
Once you paste your local computer SSH key to your server then follow the SSH steps below.
If the Root Account Uses SSH Key Authentication
While creating your server if you have selected SSH key then by default your password login will be disabled. If not then don't worry I will be showing you how to disable it.
Since we want to switch from root user to testuser we must make sure to copy the root user ~/.ssh/authorized_keys to testuser user ~/.ssh/authorize_keys . We can copy manually but the problem is to retain the file permissions and other things. So better to use rsyn, use the following command to copy with rsync.
NOTE: Make sure that your still logged in asrootuser. Don't login astestuserfor time being. And run the following command
rsync --archive --chown=testuser:testuser ~/.ssh /home/testuser
The rsync command copies the root user ~/.ssh/authorize_keys to testuser user ~/.ssh/authorize_keys and retains the file permissions.
Now test if testuser can ssh to our server.
Open new command prompt or terminal and SSH as testuser with the following command as follows
ssh testuser@ip_address_of_server
If you have configured everything correctly then you must be able to login now. But remember if you need to do any administrative stuff then add sudo prefixed to the commands. For example
sudo apt-get update
Step 5 - Disable server root user login, password login (Very Imp*)
Open the sshd_config file which basically resides in /etc/ssh folder
sudo nano /etc/ssh/sshd_config
In this file look for the following texts PermitRootLogin, PasswordAuthentication, ChallengeResponseAuthentication and set the permission as follows. Once done save and exit from the file.
#This is used to disable server root user login
PermitRootLogin no
#This is used to disable server password login
PasswordAuthentication no
#There are chances that some may login as root with challenge response so disable that also
ChallengeResponseAuthentication no
Don't forget to restart SSH service else the changes you made wont take into affect. To restart SSH service use the following command
sudo service ssh restart
Step 6 - Testing
Closed all the terminal or command prompts and open new one. Try to login to server with new user ie testuser
ssh testuser@ip_address_of_server
You will be logged in if you have followed all the steps properly.
Conclusion
Next steps you can look out for ufw firewall. Basically with ufw you will control which ports need to be open and which will be closed, thus increasing the security.
If you want to learn about more on setting up SSH then follow this article How To Generate SSH Key with ssh-keygen In Linux / Unix
Articles For You
Firebase Cloud Messaging (FCM) Browser Web Push Notifications Using Javascript And PHP
Laravel Clear Cache Of Route, View, Config Command
Add Analytics To AMP (Accelerated Mobile Pages) HTML Pages
Laravel Last Executed Query In Plain SQL Statement For Debugging
Sass or SCSS @function vs @mixin
Create Zip File On The Fly With Streaming Download In PHP Laravel
Simple Way To Create Resourceful API Controller In Laravel
Resolve 404 Not Found In NGINX
Client-Side DataTable, Adding Super Powers To HTML Table
Accessors And Mutators In PHP Laravel
Multiple GIT Key Pairs Or Account In The Same Computer
Generate Sitemap in PHP Laravel
