Initial Server Setup for Ubuntu 20.04
Not using Ubuntu 20.04? Choose a different version.
Initial Server Setup for Ubuntu 18.04
Initial Server Setup for Ubuntu 22.04
Not quite sure? Check your Linux version.
Table of Contents
Introduction
After creating a new Ubuntu 20.04 server, there are some important configuration steps you should perform. This will ensure that your server is properly configured and running smoothly. In this guide we will cover some basic configurations that will increase security and usability of the server and lay the foundation for additional setups in the future. Let's get started with your ubuntu server setup.
Prerequisites
This guide assumes you have created a new Ubuntu 20.04 server and can authenticate either using password or the private key for the root user (if you installed SSH key).
Note: We advise you to manage your servers using SSH keys. Password authentication is less secure and not recommended.
Log in as root
To log in to your server, you need to have following information:
- Server's public IP address
- Default username on the server
- Default password for that username (if not using SSH key pair)
The default username on Ubuntu server is root. If you are not already logged in to your server, log in as the root user using the following command.
ssh root@your_server_ip
Replace your_server_ip with your server's public IP address and accept the host authenticity warning if it appears.
If you are using password authentication, provide the root password to log in. If this is your first time logging in server using password, you may need to set or change the root password. Follow the instructions if you get a prompt to do so. If your server is using SSH key, you may need to provide the passphrase each time you start a new session.
What is root User Account?
The root user is the superuser account. It enjoys administrative privileges and can perform any tasks on the server. Because of these elevated privileges, using root account is often discouraged as there is a possibility to make destructive changes on the server.
So you have to create a new user account with limited privileges for daily use. Later in this guide, we'll show you how to get those elevated privileges when those are required.
Create a New User
Once you're logged in as root, you can add new user accounts. Let's create a new account that you'll use to log in instead of root.
Following command creates a new user. Replace your_username with a username you like.
adduser your_username
You will be asked to create the account password. Enter a strong password and answer the further questions when prompted. You can also skip these prompts by pressing ENTER as that information is not required.
Get Administrative Privileges
Your new user account has limited privileges. But sometimes you may need to perform administrative tasks as the root user. To perform those tasks, you'll have to log out of your regular account and log back in as root user. But this is tedious.
Instead you can set up root or superuser privileges for your regular account. These privileges will allow you to run commands with elevated privileges by putting sudo before the command.
To set up these privileges to the new user, you need to add the user to the sudo group. As a member of the sudo system group you will be allowed to use the sudo command.
Now run following command to add the new user to the sudo group:
usermod -aG sudo your_usernameNote: Here, -a argument stands for append. If you don't provide this option, the user's current groups would be replaced by sudo (user will be removed from groups they were already a member of). And the -G argument is used to modify a user's group settings.
Now you can type sudo before commands as a regular user and those commands will run with administrative privileges.
Set Up a Firewall
Ubuntu 20.04 servers can use the UFW firewall to restrict connections to specific services. This application allows you to configure a basic firewall.
Upon installation, applications can register their profiles with UFW (Uncomplicated Firewall). UFW can manage these applications by name thanks to these profiles. UFW has a profile for OpenSSH, the service that allows you to connect to your server.
You can list the installed ufw profiles by typing:
sudo ufw app listAvailable applications:
OpenSSH
To log into your server next time, you must ensure that the firewall allows SSH connections. To allow these connections, enter:
ufw allow OpenSSHThen enable the firewall using this command:
ufw enableType y and hit ENTER to proceed.
Warning: If you enable firewall without allowing SSH connections and you log out from server, you'll not be able to SSH into the server again.
To verify that SSH connections are allowed, type:
ufw statusStatus: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
The firewall is now blocking all connections except SSH. If you install and configure more services, you'll need to change your firewall settings to allow the new traffic into your server. To learn more about UFW use our UFW Essentials guide.
Enabling External Access for Regular User
Now that you have a regular user for day-to-day use, you need to ensure that you can SSH directly into the account.
Note: We recommend staying logged in as root until confirming that you can log in and use sudo with the new user. If you're having problems in connecting, you can troubleshoot and apply any necessary adjustments as root.
Configuring SSH access for regular user depends on how your server's root account authenticates, whether with a password or SSH keys.
If root Account Uses Password to Authenticate
If you logged into your root account with a password then password authentication is enabled for SSH. You can SSH to the regular user account by starting a new terminal session and use SSH with the new username:
ssh your_username@your_server_ipNow enter your regular user's password to log in. When you need to run any command with superuser privileges, type sudo before it:
sudo some_command_to_runWhenever you use sudo for the first time in each session, you'll have to provide your regular user's password.
If root Account Uses SSH Key to Authenticate
If you logged into your root account with SSH keys, password authentication is disabled for SSH. To use an SSH key to log in as your regular user, add a copy of your local public key to the new user's ~/.ssh/authorized_keys file.
Because your public key is already stored in the root account's ~/.ssh/authorized_keys file on the server, you can use your current session to copy that file and directory structure to the regular user account.
The rsync command is the easiest way to copy files with the correct ownership and permissions. This command will copy the root user's .ssh directory, keep the permissions as they are, and change the file owners.
Note: The rsync command handles source differently with trailing slash than without a trailing slash. Without a slash means copy the source directory and the contents while adding a trailing slash means only copy the contents of the source directory.
When using rsync, make sure the source directory (~/.ssh) does not have a trailing slash (you must not use ~/.ssh/). If you do this by mistake, rsync will copy only the contents from root account's ~/.ssh directory instead of the entire directory structure. And the files will be copied to the regular user's home directory and SSH will be unable to locate and use them.
rsync --archive --chown=your_username:your_username ~/.ssh /home/your_usernameNow, start a new terminal session locally and SSH into server with your regular user:
ssh your_username@your_server_ipYou should be able to connect to the server with regular user account without a password. When you need to run any command with superuser privileges, type sudo before it:
sudo some_command_to_runWhenever you use sudo for the first time in each session, you'll have to provide your regular user's password.
Conclusion
You now have a good foundation for your Ubuntu 20.04 server. You can now install any apps and services you need on your server.
Comments