Ubuntu Server initial configuration: a step-by-step guide
Setting up an Ubuntu server for the first time can be overwhelming, especially if you want to cover the basic security and optimize it for development or production environments. This guide will walk you through the initial configuration steps to set up your Ubuntu server with a fundamental layer of security and efficiency. Whether you’re preparing a server for personal projects or a client’s website, following these steps will help you create a solid starting point.
By the end of this guide, you will have created a new user with administrative privileges, changed the default SSH port, configured a firewall, set up SSH keys for secure access, installed a basic security measure with Fail2ban, and taken a server snapshot for future replication.
Getting started with a VPS
Before diving into the setup, you’ll need a Virtual Private Server (VPS) to host your Ubuntu server. There are several providers to choose from, and here are two great options:
- DigitalOcean: Get started with $200 in free credits over 60 days. DigitalOcean offers a user-friendly platform with various tutorials to help you get up and running quickly.
- Lunanode: A flexible VPS provider that allows payments with Bitcoin, providing an alternative for those who prefer privacy-focused payment options.
Once you’ve set up your VPS, follow the steps below to configure your Ubuntu server.
Value 4 value⚡️
If the content has been useful to you, please consider supporting me so that I can create more articles like this.
Why these steps matter
Configuring an Ubuntu server involves several essential steps to ensure that it is prepared for deployment and has a baseline level of security. Implementing these measures from the start can help prevent common vulnerabilities and establish a reliable foundation. Each step we’ll cover is designed to provide basic protection against unauthorized access, simplify server management, and enhance overall performance.
1. Log in as root
When you first connect to your server, you will need to log in as the root
user. The root user has complete control over the system, which is necessary to perform the initial configuration.
To log in as the root user, you will need to use the following command from your local machine:
ssh root@yourserverIP
Replace yourserverIP
with the IP address of your server.
Once you have logged in for the first time, update the packages:
apt update && apt upgrade -y
2. Create a new user
Using the root
user for regular tasks is not recommended due to security concerns. Instead, you should create a new user with limited privileges to perform most tasks.
Replace yournewuser
with your preferred username:
adduser yournewuser
Follow the prompts to set up a password and fill in optional information.
3. Grant administrative privileges
To allow the new user to perform administrative tasks, you need to add it to the sudo
group, which provides elevated privileges.
Add the new user to the sudo
group:
usermod -aG sudo yournewuser
4. Log in as the new user
Now that you have created a new user and granted it administrative privileges, log out from the root user and log back in as the new user:
ssh yournewuser@yourserverIP
From this point forward, use this new user account for all administrative tasks, using sudo
before commands that require root privileges.
5. Change default SSH port
To enhance your server’s security, change the default SSH port from 22 to a non-standard port. This step helps reduce automated attacks that target default ports.
Check the current SSH port
To verify the port currently used by SSH (default is 22), run:
sudo systemctl status ssh
Change the port to 62539 (or any number you prefer)
Edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config
Find the line that reads #Port 22
and change it to Port 62539
. Remember to delete the “#” character.
Update systemd SSH socket configuration
Change the ListenStream
setting to match your new port:
sudo nano /etc/systemd/system/sockets.target.wants/ssh.socket
Reload and restart SSH service
sudo systemctl daemon-reload
sudo systemctl restart ssh
Connect to your server with the new port
ssh -p 62539 yournewuser@yourserverIP
6. Set up a basic firewall
Configuring a firewall helps to control incoming and outgoing traffic on your server, allowing only the necessary services. In this case, we will configure ufw
(Uncomplicated Firewall) to allow traffic only on the SSH port you configured earlier.
Allow SSH connections on the new port
sudo ufw allow 62539/tcp
Allow HTTP and HTTPS traffic
sudo ufw allow http
sudo ufw allow https
Enable the firewall
sudo ufw enable
Check the firewall status
sudo ufw status
7. Install Fail2ban
Fail2ban is a tool that protects your server from brute-force attacks by banning IP addresses that show malicious signs.
Install Fail2ban
sudo apt install fail2ban -y
Enable and start Fail2ban service
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
sudo systemctl status fail2ban
Default settings overview
Fail2ban bans an IP for 10 minutes (bantime
) if it fails to authenticate 5 times (maxretry
) within 10 minutes (findtime
).
8. Connect using SSH keys and disable password authentication
SSH keys provide a more secure way to log into your server than using a password alone.
Generate SSH keys on the client machine
If you haven’t created SSH keys yet, run:
ssh-keygen -t rsa -b 4096
Follow the prompts to save the key and set a passphrase.
Copy the public key to the server
ssh-copy-id -p 62539 yournewuser@yourserverIP
Test the SSH connection
Open a new terminal and run:
ssh -p 62539 yournewuser@yourserverIP
Disable password authentication
Edit the SSH configuration file to disable password authentication:
sudo nano /etc/ssh/sshd_config
Change PasswordAuthentication yes
to PasswordAuthentication no
Restart SSH service
sudo systemctl restart ssh
9. Take a server snapshot
Once your server is configured correctly and securely, it’s a good idea to take a snapshot. This allows you to replicate the server setup quickly in the future.
Most VPS providers offer an option to create a snapshot in their management console.
Additional resources and documentation
To further secure and manage your Ubuntu server, refer to these additional guides:
- Initial Server Setup with Ubuntu 20.04
- How to Harden OpenSSH on Ubuntu 20.04
- How to Set Up SSH Keys on Ubuntu 20.04
Start your own VPS with free credits
If you want to try setting up your Ubuntu server, you can get free $200 credit over 60 days from DigitalOcean.
Join the conversation
If you have any suggestions or additional steps that could strengthen this article, feel free to share them in the comments or get in touch directly. I’d love to hear your ideas and incorporate them to make this guide even more comprehensive!