In this tutorial, we are assuming that you already have fresh installed Ubuntu Ubuntu 20.04 LTS (Focal Fossa) server. We recommend using the LTS version of Ubuntu for your servers like Ubuntu 20.04 LTS (Focal Fossa). Now after installing the Ubuntu server 20.04 server, proceed for the post-installation steps on your server. This tutorial includes steps that are useful for configuring for a server to apply basic security to the server.
Follow the below steps.
1. Upgrade Your System
First of all, log in to the Ubuntu 20.04 system via the system terminal. Now, execute the following commands to update apt cache and upgrade all packages on your system.
sudo apt update sudo apt upgrade
2. Create User Account
We never recommend using root user to work on Ubuntu 20.04. Let’s create an account for system administration and enable sudo access for that.
sudo adduser sysadmin
Now add the newly created user to the sudo group, So that it can get all sudo privileges.
ssudo usermod -aG sudo sysadmin
3. Secure SSH Server
We recommended changing the default SSH port, it helps you to secure your system from hack attempts. To change default port edit OpenSSH configuration file /etc/ssh/sshd_config and do the following changes.
- Change Default Port – It will be good to change default ssh port as default ports are always on attackers.
- Disable Root SSH Login – Also you would like to disable root login via ssh.
4. Setup Key-Based SSH
This is strongly recommended to use key-based ssh login instead of password login. To configure this, create an ssh key pair on your local system.
Linux users can use the following command, and Windows users use puttygen.exe to generate ssh key pair.
Generating public/private rsa key pair. Enter file in which to save the key (/home/sysadmin/.ssh/id_rsa): Created directory '/home/sysadmin/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sysadmin/.ssh/id_rsa Your public key has been saved in /home/sysadmin/.ssh/id_rsa.pub The key fingerprint is: SHA256:Wewuzm5MjMkiTQA4zFKPpGWpOcEE7TGRlFSgYGpsWHE [email protected] The key's randomart image is: +---[RSA 3072]----+ |@O%OE | |@@O+ . | |*X.+. o | |* . . + | | . o . +S . | | . o + o. | | . . o. . | | oo. | | o+ | +----[SHA256]-----+
Now copy the newly created public key .ssh/id_rsa.pub file content to the servers ~/.ssh/authorized_keys file. You can directly copy public key to the servers file or use the following command.
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
Now login to the server with SSH, It will not prompt for the password again.
5. Configure Firewall with FirewallD
The Default Ubuntu 20.04 server edition, does not have firewalld installed on it. You can simply run the following command to install required packages from default repositories.
sudo apt install firewalld
After installation, start firewall service and enable it to auto-start on system boot.
systemctl start firewalld systemctl enable firewalld
By default firewall allowed SSH access to remote users. You may also need to allow other services through the firewall to remote users.
You can directly provide a service name like “http” or “https” to allow. The firewalld uses /etc/services file to determine the corresponding port of the service.
firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https
If any of the service name is not defined in /etc/services file. You can firewall rule using the port number directly. For example to allow TCP port 8080 or 10000 (default Webmin) to your firewall.
firewall-cmd --permanent --add-port=8080/tcp firewall-cmd --permanent --add-port=10000/tcp
After making any changes to your firewall, make sure to reload changes using the following command.
To view, all the allowed ports and services use the following command.
firewall-cmd --permanent --list-all
public target: default icmp-block-inversion: no interfaces: sources: services: cockpit dhcpv6-client http https ssh ports: 8080/tcp 10000/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Your Ubuntu 20.04 LTS (Focal Fossa) system is ready to use. Please do not forget to share your ideas about the initial server setup, that will help others.