Ubuntu is the Open Source operating system and mainly it is free.
The operating system is more user friendly and loved by many programmers including me.
Ubuntu is the Linux distribution and has all the functionality as Linux have. many People around the globe are contributing are Ubuntu Operating System Improvement.
So, every year, you can expect an update and new version of Ubuntu.
The even number versions are the stable one and you will get long time support for them.
Example 16.04, 14.04, 12.04 and now 18.04.
There are two main versions available on Ubuntu.
One is desktop and other is server. The desktop environment comes with GUI. But, the Server one does not have GUI.
If you want to install GUI, there are many available for that. You can install one on your server and operate from GUI.
For more information and to download Ubuntu, check the official site.
Lets dive into Ubuntu Server Setup guide.
Ubuntu Server Requirements
Ubuntu Server Requirements varies based on the functions and programs you want the server to run.
However a 512 MB RAM and single core processor is enough to run Ubuntu for basic requirements.
If you have downloaded and installed Ubuntu 16.04 Server on your own machine or deployed it on a cloud provider for the first time, then you have to do Server Setup as per the given instruction.
This Ubuntu Server Tutorial for beginners will solve all the confusions regarding the operating system setup for a new Ubuntu server.
The setup has to be done in order to prevent unnecessary loss, improve security and reduce the attacks. Ubuntu Server Commands are very complicated and it may confuse you while executing.
Not many people are doing the initial server setup, so that the chance of losing the data in near future is very high.
Here is the small case about it.
If you are using everything directly on root server, then if you execute some commands unknowingly, you may lose that data at that time.
If you have configured the secondary user with root permissions, then you can recover from the loss.
Let us see How it is possible.
- All you need is just the Ubuntu 16.04 server that’s all.
Here in this article you are going to see the following
- Creating the new user
- Granting Sudo privileges to the new user
- Disabling the root access
- Enabling public key authentication
- Disabling Password authentication
- Setting up the firewall for the Ubuntu Server
Let us dive into the article.
1. Log into the Server via Root
To Log into the root, you will need to have the password and Public IP address of your server.
If you have them, execute the below command in your local system terminal.
This command will help you to access the Ubuntu Server from your local command prompt.
If you are windows user, download putty software from their official site.
Install Putty, and it is easy to operate. Open it and enter the public IP address of your server and port number 22(By default, it would be 22).
Then, select SSH in connection type and click open.
A warning window will open. Just click on Yes.
Then prompt will open saying Login as, there enter root. It will ask you the password.
If you got the server from your cloud service provider, then it will ask you to change the password when you login for the first time.
Enter the password once again and you will be asked new password. Re enter the new password to setup the password.
Now you are in root user and ready to go with further steps on setup.
What is Root in Ubuntu?
Root in Ubuntu is the default admin user of the operating system. It is most powerful and when you make any changes, it will reflect in system kernel.
You are not recommended to work in root directly. Instead of that, you can use the create a new user like the secondary user in windows operating system.
You can allocate root permissions and execute all commands like root user from that second user.
2. Create New User
You can create a new user in the terminal by typing the following command.
$ adduser roy
The above command will add a new user called Roy to the system.
This is the normal user and it won’t have any root permission by default.
You have to be a super user to get administrator privileges. If you want to do any administrator level tasks, you have to log into the root again and do everything there.
Even though, it is not a tedious task, it is better to do everything from normal user.
For that, you have to add this new user to the sudo user group. The sudo user can execute all the administrative level command, just by adding sudo in front of each command.
To add user roy to sudo group, use the below command.
$ usermod -aG sudo roy
3. Adding Public Key Authentication
You can always loginto your server by the password.
But, it is not secure way. If you only want to access the server from your local machine, then you can follow this step.
If you are frequently logging into your server from multiple systems, then this method is not recommended as it will cause inconvenience.
Let us see how to generate public and private keys.
You can generate both public key and private key from your local terminal. To do that, use the below command.
$ ssh keygen
If you are windows user, then you can generate Public and Private key Pair by opening PuttyGen.
Type PuttyGen in windows search, it will return the program. From there you can easily generate Public and Private Key.
In Your local terminal, you will get the following output.
Generating public/private rsa key pair. Enter file in which to save the key (/Users/localuser/.ssh/id_rsa):
just, press enter to continue.
You will be asked for passphrase. you can either give a passphrase, or just skip it. Using passphrase is more secure.
This method itself enough for as of now.
Once the process is done, the private key id_rsa, and public key id_rsa.pub will be saved in the .ssh directory.
The public key will be stored on your server in a special folder.
Don’t share your private key with anyone unless they are authorized and need to access the server.
Once you have done with the above process, then it’s time to copy the public to the server.
There are methods for that. We will see both of them.
This method is very simple. For this you should have ssh-copy-id script installed on your server. If not, follow the second procedure.
Execute the below command in your machine.
$ ssh-copy-id roy@your_server_ip
You have to mention the user name and server ip address in the ssh-copy-id command.
After executing the command, you will be prompted to enter the server password. once you enter the password, the public key will be stored on your server at the following location .ssh/authorized_keys.
If you don’t have the ssh-copy-id script installed on your server, just copy paste the public key to your server.
The public key generated on your local machine will be stored on the local machine at .ssh folder.
To print the public key, use the below command.
$ cat ~/.ssh/id_rsa.pub
Now, the public ssh key will be displayed and it will look like the below one.
id_rsa.pub contents ssh-rsa ADJWSD7DHEBAHSJK9SHATHE4SGB2BDGTQABAAABAQDBGTO0tsVejssuaYR5R3Y/A2dgtahbejduplucmnATW2c47d4gOqB4izP0+fRLfvbz/tnXFz4iOP/H6eCV05hqUhF+KYRxt9Y8tVMrpDZR2l75o6+xSbUOMu6xN+uVF0T9XzKcxmzTmnV7Na5up3QM3DoSRYX/EP3utr2+zAqpJIfKPLdA74w7g56oYWI9blpnpzxkEd3edVJOivUkpZ4JoenWManvIaSdMTJXMy3MtlQhva+j9CgguyVbUkdzK9KKEuah+pFZvaugtebsU+bllPTB0nlXGIJk98Ie9ZtxuY3nCKneB+KjKiXrAvXUPCI9mWkYS/1rggpFmu3HbXBnWSUdf email@example.com
Now select and copy the public key to the clip board. You have to add the public key to the specified folder in the user’s directory.
First, in your root server, switch to the new user which you have created.
use the below command in the server to switch the user.
$ su - roy
Now, you will be logged into the new user’s home directory. there, you have to create the .ssh directory. Along with that, add restriction to the folder.
$ mkdir ~/.ssh $ chmod 700 ~/.ssh
Then, Open a authorized_keys file inside the .ssh directory using the nano editor. here is the command for that.
$ nano ~/.ssh/authorized_keys
Now, paste the public in the editor. then save close the file by hitting the Ctrl-x and Y. Then press enter.
After that, you have to change the permission of authorized_keys file in the command.
$ chmod 600 ~/.ssh/authorized_keys
Now, you have finished your task in the new user. it is time to switch back to the root. use the blow command to switch to root user.
That’s all. Now you are done with the process. Hereafter, you can use the SSH keys to log into your server.
The next task in ubuntu server setup is disabling the password authentication.
Let us see how to disable the password authentication for your server.
5. Disable Password Authentication
Even though you have created and enabled SSH key login, still you can login to your server using password.
by disabling the password authentication, there will be only one way to login. that is ssh login.
For that, you have to posses the private ssh key which pairs with the public key. There will be no other way to login.
This will increase your server security.
For that you have to make changes in your server daemon configuration.
Follow the below steps to disable password authentication.
Login to the user and execute the below command as super user in the server (i.e sudo infront of command as mentioned below)
$ sudo nano /etc/ssh/sshd_config
The above command will open the SSH daemon configuration file. In that, find the line with “PasswordAuthentication”.
Remove the # infront of the command and change the value yes to no.
Once you made changes, the line will look like below.
Leave the other settings as it is. After that, save and exit the file by hitting Ctrl+X and Y then Enter.
Now, restart the SSH daemon.
$ sudo systemctl reload sshd
The password authentication is disabled now and you can only login through SSH.
Open a new terminal without exiting the current terminal in order test the server.
$ ssh roy@your_server_ip
If you have followed all the steps, your private key will be used to loginto your server, otherwise, your will be asked for password to login.
The 6 th step in Ubuntu server setup is firewall configuration.
6. Setting up the Firewall for your Server
In Ubuntu you will have the UFW firewall.
The firewall has to allow each and every applications through the connection.
When you install a new software and if they need connections from outside the server, it will automatically register with the firewall.
We are using the OpenSSH to connect with the server. You can see open SSH registration with firewall by typing the below command.
$ sudo ufw app list
The output will look like below.
Output Available applications: OpenSSH
Firewall has to allow the Open SSH so that we can login at anytime. Otherwise, we will unable to access the server.
To allow SSH, use the below command.
$ sudo ufw allow OpenSSH
Then, enable the firewall by typing the below command.
$ sudo ufw enable
Type y to proceed further. Use the below command to check the ufw status.
$ sudo ufw status
You will get the following output.
Output Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6)
In future, if you are installing any software and firewall is blocking it, then you have to follow the above step to enable the applications.
Now, you have configured the server. Make sure you always use sudo infront of the commands which required administrator privileges in the normal user.
With cloud deployment server setup for small business won’t be costly anymore. You can get a optimal server running around 5$ a month cost.
If you want to know how to use your ubuntu server for hosting your site, then follow our guide about installing wordpress on ubuntu server.
I hope this Ubuntu Server Setup Guide helped you setup your server today.
Subscribe for our tutorial news letter to get the notification for our upcoming tutorials.