First Steps After Installing Ubuntu Server 24.04
Hey folks! Congratulations on setting up your Ubuntu Server 24.04 virtual private server (VPS)! To ensure a secure and efficient server environment, let's perform some essential initial configurations.
1. Initial SSH Login and System Updates
- Connect via SSH: Use an SSH client (e.g., Terminal on macOS/Linux, PuTTY on Windows) to log into your VPS. Replace
<your_server_ip>with the actual IP address or hostname of your server.
ssh root@<your_server_ip>
You'll be prompted for the root password you set during the installation.
- Update and Upgrade: Keep your system up-to-date with the latest security patches and features:
sudo apt update
sudo apt upgrade
2. Create a Non-Root Sudo User
- Add a new user: Replace
<your_username>with your preferred username.
adduser <your_username>
- Grant sudo privileges:
usermod -aG sudo <your_username>
- Exit and Reconnect: Close your current SSH session and reconnect using the new user credentials:
ssh <your_username>@<your_server_ip>
From now on, use this user for daily tasks and avoid using the 'root' account directly.
3. Secure SSH Access with Key-Based Authentication
- Generate SSH Key Pair: On your local machine (where you'll connect from):
ssh-keygen
Follow the prompts, providing a strong passphrase if desired.
- Copy Public Key to Server: Use the following command, replacing
<your_username>and<your_server_ip>accordingly:
ssh-copy-id <your_username>@<your_server_ip>
- Test SSH Key Login: Try logging in using only the SSH key:
ssh <your_username>@<your_server_ip>
If you can log in successfully without being prompted for a password, your SSH key setup is working correctly.
- Disable Password Authentication: Once you've verified that the SSH key works, proceed to edit the SSH configuration on your server:
sudo nano /etc/ssh/sshd_config
Find and change the following:
PasswordAuthentication no
ChallengeResponseAuthentication no
4. Disable Root SSH Login
Important Security Step: To further enhance security, prevent the root user from logging in directly via SSH. In the same sshd_config file, find and change:
PermitRootLogin no
Check for Overrides: In Ubuntu Server 24.04, a file named /etc/ssh/sshd_config.d/50-cloud-init.conf may override these settings. If it exists, open it with sudo nano /etc/ssh/sshd_config.d/50-cloud-init.conf and comment out (add a # at the beginning) or change the line related to PasswordAuthentication and PermitRootLoginif they are present.
- Restart SSH Service:
sudo systemctl restart sshd
5. Set Up a Firewall with UFW
- Deny Incoming, Allow Outgoing by Default:
sudo ufw default deny incoming
sudo ufw default allow outgoing
- Allow SSH Connections:
sudo ufw allow ssh
- Enable UFW:
sudo ufw enable
- Check UFW Status: Use the following command to see the current UFW rules and status:
sudo ufw status
This will typically display output similar to the following:
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
Anywhere ALLOW Anywhere (v6)
This output indicates that the firewall is active, allowing incoming SSH connections on port 22 (both IPv4 and IPv6),while denying all other incoming traffic. If you've added other rules, they will also be listed here.
6. Install and Configure NTP for Time Synchronization
sudo apt install ntp
- Check NTP Status: To ensure NTP is running and synchronizing time correctly, you can use the following commands:
timedatectl status
ntpq -p
Next Steps
You've laid a solid foundation for a secure Ubuntu Server environment. Consider these additional steps:
- Install Essential Software: Tailor your server to your needs with web servers (Apache, Nginx), databases (MySQL, PostgreSQL), or other tools.
- Configure Backups: Implement regular backups to safeguard your data.
- Hardening Security: Explore tools like
fail2banand keep your software updated.
Let me know if you have any other questions!