29.10.2020

Initial Server Setup with Ubuntu 20.04

In this tutorial, we will do the initial server setup with Ubuntu 20.04. Cloud server Serverspace.io used as a base. The network is configured for them automatically during creation, so you don’t need to worry about it.

System update

The system must be updated after it is installed.

apt update
apt upgrade

Restart the system when the process is complete.

reboot

Creating users and SSH configuration

By default, only the root user is created in the system. To use a server with multiple people, it’s best to give each person a separate account. To create a new user, use the following command. Replace the username with the login. Enter your account password and other information.

adduser username

If you selected SSH key authorization while creating the server, you can enable password authorization. To do this, open the SSH configuration file:

nano /etc/ssh/sshd_config

Uncomment the line:

PasswordAuthentication yes

Or if you need to add the ability to authorize using an SSH key, then uncomment this line:

PubkeyAuthentication yes

It’s a good idea to change the default SSH port if you enable password authentication. This reduces the likelihood of server hacking by automatically cracking the password using the brute force method.
To do this, uncomment the Port string and set it to a different value. 3355, for example.

Port 3355

Save and close this file. Restart the service for the port settings to take effect.

systemctl restart sshd

Now, to connect to the server, add the port number to the command:

ssh user@host -p 3355

Another good thing to improve server security is to use Fail2Ban.

If you want to create an SSH key, use the following command on a local Linux machine. Enter the path to place the key and the password for it, which may be empty. However, for security reasons, it is highly discouraged to use keys without a password.

ssh-keygen

To install this key on the server use the following command on a local Linux computer. Enter the correct key path, user name, and host.

ssh-copy-id -i /path/to/key user@host

Use this command to access the server:

ssh user@host

UFW configuration

UFW is a firewall. By default, it is disabled on the server. Before enabling it, you need to configure it to allow SSH connections.

ufw allow OpenSSH

If the standard SSH port has been changed, then you need to open this port.

ufw allow 3355/tcp

Now, enable UFW.

ufw enable

All ports are now closed to incoming connections, except those that were allowed. To see the UFW status:

ufw status

Time settings

Another thing that needs to be configured is the time in the system. To see the current time, enter the command:

date

The default time in the system is UTC. To change this, you must specify the correct time zone. To view all of them, use the command:

timedatectl list-timezones

To set one of them:

timedatectl set-timezone Europe/Prague

To enable automatic time synchronization, install this package.

apt install ntp

It will be launched immediately after installation and your server will have the correct time.