Close Menu
    Facebook X (Twitter) Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook X (Twitter) Instagram
    TecAdmin
    You are at:Home»Linux Distributions»Ubuntu»Initial Server Setup with Ubuntu 20.04 LTS (Focal Fossa)

    Initial Server Setup with Ubuntu 20.04 LTS (Focal Fossa)

    By RahulJune 5, 20214 Mins Read

    In this tutorial, we are assuming that you already have fresh installed Ubuntu Ubuntu 20.04 LTS (Focal Fossa) server. We recommend using the LTS version of Ubuntu for your servers like Ubuntu 20.04 LTS (Focal Fossa). Now after installing the Ubuntu server 20.04 server, proceed for the post-installation steps on your server. This tutorial includes steps that are useful for configuring for a server to apply basic security to the server.

    Follow the below steps.

    1. Upgrade Your System

    First of all, log in to the Ubuntu 20.04 system via the system terminal. Now, execute the following commands to update apt cache and upgrade all packages on your system.

    sudo apt update
    sudo apt upgrade
    

    2. Create User Account

    We never recommend using root user to work on Ubuntu 20.04. Let’s create an account for system administration and enable sudo access for that.

    sudo adduser sysadmin
    

    Now add the newly created user to the sudo group, So that it can get all sudo privileges.

    ssudo usermod -aG sudo sysadmin
    

    3. Secure SSH Server

    We recommended changing the default SSH port, it helps you to secure your system from hack attempts. To change default port edit OpenSSH configuration file /etc/ssh/sshd_config and do the following changes.

    • Change Default Port – It will be good to change default ssh port as default ports are always on attackers.
       Port 2222
      
    • Disable Root SSH Login – Also you would like to disable root login via ssh.
       PermitRootLogin no
      

    4. Setup Key-Based SSH

    This is strongly recommended to use key-based ssh login instead of password login. To configure this, create an ssh key pair on your local system.

    Linux users can use the following command, and Windows users use puttygen.exe to generate ssh key pair.

    ssh-keygen
    

    Sample output:

    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/sysadmin/.ssh/id_rsa):
    Created directory '/home/sysadmin/.ssh'.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/sysadmin/.ssh/id_rsa
    Your public key has been saved in /home/sysadmin/.ssh/id_rsa.pub
    The key fingerprint is:
    SHA256:Wewuzm5MjMkiTQA4zFKPpGWpOcEE7TGRlFSgYGpsWHE sysadmin@tecadmin
    The key's randomart image is:
    +---[RSA 3072]----+
    |@O%OE            |
    |@@O+     .       |
    |*X.+.     o      |
    |* . .    +       |
    | . o . +S .      |
    |  . o + o.       |
    |   . . o. .      |
    |       oo.       |
    |       o+        |
    +----[SHA256]-----+
    

    Now copy the newly created public key .ssh/id_rsa.pub file content to the servers ~/.ssh/authorized_keys file. You can directly copy public key to the servers file or use the following command.

    ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
    

    Now login to the server with SSH, It will not prompt for the password again.

    ssh [email protected]
    

    5. Configure Firewall with FirewallD

    The Default Ubuntu 20.04 server edition, does not have firewalld installed on it. You can simply run the following command to install required packages from default repositories.

    sudo apt install firewalld
    

    After installation, start firewall service and enable it to auto-start on system boot.

    systemctl start firewalld
    systemctl enable firewalld
    

    By default firewall allowed SSH access to remote users. You may also need to allow other services through the firewall to remote users.

    You can directly provide a service name like “http” or “https” to allow. The firewalld uses /etc/services file to determine the corresponding port of the service.

    firewall-cmd --permanent --add-service=http
    firewall-cmd --permanent --add-service=https
    

    If any of the service name is not defined in /etc/services file. You can firewall rule using the port number directly. For example to allow TCP port 8080 or 10000 (default Webmin) to your firewall.

    firewall-cmd --permanent --add-port=8080/tcp
    firewall-cmd --permanent --add-port=10000/tcp
    

    After making any changes to your firewall, make sure to reload changes using the following command.

    firewall-cmd --reload
    

    To view, all the allowed ports and services use the following command.

    firewall-cmd --permanent --list-all
    

    Output:

    public
      target: default
      icmp-block-inversion: no
      interfaces:
      sources:
      services: cockpit dhcpv6-client http https ssh
      ports: 8080/tcp 10000/tcp
      protocols:
      masquerade: no
      forward-ports:
      source-ports:
      icmp-blocks:
      rich rules:
    

    Conclusion

    Your Ubuntu 20.04 LTS (Focal Fossa) system is ready to use. Please do not forget to share your ideas about the initial server setup, that will help others.

    Focal Fossa Initial Server Setup Ubuntu Ubuntu 20.04
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    How to Install Google Chrome on Ubuntu 22.04

    Setting up an SFTP Server on Ubuntu

    The Ultimate Guide to Backing Up and Restoring Your Ubuntu System

    View 1 Comment

    1 Comment

    1. Didier Misson on April 26, 2020 1:22 pm

      Hello
      “ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]”

      Better to user id_ed25519 key.
      Faster and stronger.

      https://medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54

      😉
      Have a nice day

      Reply

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • How to Execute Linux Commands in Python
    • Creating MySQL User with GRANT OPTION
    • Where to find crontab (cron) logs in Ubuntu & Debian
    • Backing Up Docker Volumes and Upload to S3
    • Difference Between Full Virtualization vs Paravirtualization
    Facebook X (Twitter) Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.