In this tutorial, we are assuming that you already have fresh installed Ubuntu Server. We recommend using LTS version of Ubuntu for your servers like Ubuntu 18.04 LTS, 16.04 LTS. Now after installing Ubuntu server 18.04, 16.04 proceed for post-installation setup of your server. This guide includes steps which are useful for configuring for a server, increase the security of the server.
1. Upgrade Your System
First login to your Ubuntu server with root access and execute the following command to upgrade all packages.
sudo apt-get update sudo apt-get upgrade
2. Create Admin Account
Create a user account for system administration and configure it with sudo access. From now you will use this account to log in to the server and perform an operation. We don’t recommend to use root user for each time login.
sudo adduser sysadmin
Now add this user to sudo group, So that it can get all sudo privileges.
ssudo usermod -aG sudo sysadmin
3. Secure SSH Server
Now edit OpenSSH configuration file /etc/ssh/sshd_config and do the following changes.
- Change Default Port – It will be good to change default ssh port as default ports are always on attackers.
Port 2222
- Disable Root SSH Login – Also you would like to disable root login via ssh.
PermitRootLogin no
4. Setup Key-Based SSH
This is good to configure your server to login with key based only and disable password login. Generate a key pair on your client system.
ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/sysadmin/.ssh/id_rsa): /home/sysadmin/.ssh/id_rsa_10 Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sysadmin/.ssh/id_rsa_10. Your public key has been saved in /home/sysadmin/.ssh/id_rsa_10.pub. The key fingerprint is: b8:78:02:69:a7:4a:92:e8:97:35:02:7e:ce:02:28:fc sysadmin@media60 The key's randomart image is: +--[ RSA 2048]----+ | | | | | | | . . . | |+ = . . S | |== * + . | |*.* * + | |+o E o | |..o | +-----------------+
Now copy generated public key .ssh/id_rsa.pub file content on servers ~/.ssh/authorized_keys directory. You can copy content directory on servers file or use the following command.
ssh-copy-id -i ~/.ssh/id_rsa.pub sysadmin@remote.server.net
Now login to the server with SSH, It will not prompt for the password again.
ssh sysadmin@remote.server.net
5. Setup CSF Firewall (Optional)
Now if you want, you can use CSF for managing your firewall. Follow the below steps to install it.
Download CSF latest source code using following commands on your system
sudo cd /opt sudo wget https://download.configserver.com/csf.tgz sudo tar xzf csf.tgz
Install CSF firewall using given install.sh script in the source code. it will automatically do everything.
sudo cd /opt/csf sudo sh install.sh
Enable CSF to work as production. By default, it installed in test mode.
sudo vim /etc/csf/csf.conf TESTING=0
Finally restart CSF service using following command.
sudo cd /etc/csf sudo csf -r