Ubuntu Server initial configuration: a step-by-step guide

Setting up an Ubuntu server for the first time can be overwhelming, especially if you want to cover the basic security and optimize it for development or production environments. This guide will walk you through the initial configuration steps to set up your Ubuntu server with a fundamental layer of security and efficiency. Whether you’re preparing a server for personal projects or a client’s website, following these steps will help you create a solid starting point.

By the end of this guide, you will have created a new user with administrative privileges, changed the default SSH port, configured a firewall, set up SSH keys for secure access, installed a basic security measure with Fail2ban, and taken a server snapshot for future replication.

Getting started with a VPS

Before diving into the setup, you’ll need a Virtual Private Server (VPS) to host your Ubuntu server. There are several providers to choose from, and here are two great options:

  • DigitalOcean: Get started with $200 in free credits over 60 days. DigitalOcean offers a user-friendly platform with various tutorials to help you get up and running quickly.
  • Lunanode: A flexible VPS provider that allows payments with Bitcoin, providing an alternative for those who prefer privacy-focused payment options.

Once you’ve set up your VPS, follow the steps below to configure your Ubuntu server.

Value 4 value⚡️

If the content has been useful to you, please consider supporting me so that I can create more articles like this.

Why these steps matter

Configuring an Ubuntu server involves several essential steps to ensure that it is prepared for deployment and has a baseline level of security. Implementing these measures from the start can help prevent common vulnerabilities and establish a reliable foundation. Each step we’ll cover is designed to provide basic protection against unauthorized access, simplify server management, and enhance overall performance.

1. Log in as root

When you first connect to your server, you will need to log in as the root user. The root user has complete control over the system, which is necessary to perform the initial configuration.

To log in as the root user, you will need to use the following command from your local machine:

ssh root@yourserverIP

Replace yourserverIP with the IP address of your server.

Once you have logged in for the first time, update the packages:

apt update && apt upgrade -y

2. Create a new user

Using the root user for regular tasks is not recommended due to security concerns. Instead, you should create a new user with limited privileges to perform most tasks.

Replace yournewuser with your preferred username:

adduser yournewuser

Follow the prompts to set up a password and fill in optional information.

3. Grant administrative privileges

To allow the new user to perform administrative tasks, you need to add it to the sudo group, which provides elevated privileges.

Add the new user to the sudo group:

usermod -aG sudo yournewuser

4. Log in as the new user

Now that you have created a new user and granted it administrative privileges, log out from the root user and log back in as the new user:

ssh yournewuser@yourserverIP

From this point forward, use this new user account for all administrative tasks, using sudo before commands that require root privileges.

5. Change default SSH port

To enhance your server’s security, change the default SSH port from 22 to a non-standard port. This step helps reduce automated attacks that target default ports.

Check the current SSH port
To verify the port currently used by SSH (default is 22), run:

sudo systemctl status ssh

Change the port to 62539 (or any number you prefer)
Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find the line that reads #Port 22 and change it to Port 62539. Remember to delete the “#” character.

Update systemd SSH socket configuration
Change the ListenStream setting to match your new port:

sudo nano /etc/systemd/system/sockets.target.wants/ssh.socket

Reload and restart SSH service

sudo systemctl daemon-reload  
sudo systemctl restart ssh

Connect to your server with the new port

ssh -p 62539 yournewuser@yourserverIP

6. Set up a basic firewall

Configuring a firewall helps to control incoming and outgoing traffic on your server, allowing only the necessary services. In this case, we will configure ufw (Uncomplicated Firewall) to allow traffic only on the SSH port you configured earlier.

Allow SSH connections on the new port

sudo ufw allow 62539/tcp

Allow HTTP and HTTPS traffic

sudo ufw allow http  
sudo ufw allow https

Enable the firewall

sudo ufw enable

Check the firewall status

sudo ufw status

7. Install Fail2ban

Fail2ban is a tool that protects your server from brute-force attacks by banning IP addresses that show malicious signs.

Install Fail2ban

sudo apt install fail2ban -y

Enable and start Fail2ban service

sudo systemctl enable fail2ban  
sudo systemctl start fail2ban  
sudo systemctl status fail2ban

Default settings overview
Fail2ban bans an IP for 10 minutes (bantime) if it fails to authenticate 5 times (maxretry) within 10 minutes (findtime).

8. Connect using SSH keys and disable password authentication

SSH keys provide a more secure way to log into your server than using a password alone.

Generate SSH keys on the client machine
If you haven’t created SSH keys yet, run:

ssh-keygen -t rsa -b 4096

Follow the prompts to save the key and set a passphrase.

Copy the public key to the server

ssh-copy-id -p 62539 yournewuser@yourserverIP

Test the SSH connection
Open a new terminal and run:

ssh -p 62539 yournewuser@yourserverIP

Disable password authentication
Edit the SSH configuration file to disable password authentication:

sudo nano /etc/ssh/sshd_config

Change PasswordAuthentication yes to PasswordAuthentication no

Restart SSH service

sudo systemctl restart ssh

9. Take a server snapshot

Once your server is configured correctly and securely, it’s a good idea to take a snapshot. This allows you to replicate the server setup quickly in the future.

Most VPS providers offer an option to create a snapshot in their management console.

Additional resources and documentation

To further secure and manage your Ubuntu server, refer to these additional guides:

Start your own VPS with free credits

If you want to try setting up your Ubuntu server, you can get free $200 credit over 60 days from DigitalOcean.

Join the conversation

If you have any suggestions or additional steps that could strengthen this article, feel free to share them in the comments or get in touch directly. I’d love to hear your ideas and incorporate them to make this guide even more comprehensive!

Leave a Reply

Your email address will not be published. Required fields are marked *