How to configure Ubuntu 16.04 after installation.
After the initial installation of the Ubuntu 16.04 server, it is highly recommended to carry out some basic steps to configure ubuntu to finalize the installation. These steps are essential as they improve the overall security and utility of the server while providing a solid base for future. This guide covers all the necessary steps to finalize your server’s setup in detail. The following step by step guide would take you through all the steps needed to finalize your Ubuntu 16.04 Server.
- Step 1 – Root Log in
- Step 2 – Create New User
- Step 3 – Set Root Privileges
- Step 4 – Add Authentication Key
- Step 5 – Disabling Password only Authentication
- Step 6 – Test Log In
- Step 7 – Create a Firewall
Root Log in[sta_anchor id=”root-log-in”]
You need to have your server’s IP Address and your SSH authentication key if you have set one to Log in if you don’t have any SSH authentication key you just need to use your password to configure Ubuntu. Use your IP address and SSH key to Log in as a root user by entering the command below.
$ ssh [email protected]_server_ip
Finish the login by accepting the host authenticity warning and entering your password. If you are logging in your server for the first time then you would be asked to change your root password.
Step 2 – Create New User[sta_anchor id=”create-new-user”]
After the Login, you need to create a new user account that would be used for accessing the server from now on. The command given below can be used to create a new user:
# adduser Username
You would be asked for a strong password and additional information for the new user. If you wish to skip this simply press enter but it is usually recommended to enter the information as it can improve the security and accessibility of your server. Let’s continue to the next step to configure Ubuntu.
Step 3 – Set Root Privileges[sta_anchor id=”set-root-privileges”]
Root is basically the admin user which is entitled to make the major changes over the server. The new user that we created has regular account privileges that need to be changed to a root user. To award root user privileges you need to add the normal user to the Sudo group. The Sudo group users can run administrative commands by simply adding “Sudo” before each code. Use the following command to add your newly created user into the Sudo Group:
# User Mod –aG Sudo YourUserName
Step 4 – Add Authentication Key[sta_anchor id=”add-authentication-key”]
One usually basic step when you configure ubuntu is to create an authentication key. So now you need to setup an authentication for the new user you just created. This step is extremely important as it ensures that only you or verified users can gain access to the server. This step would help you set a unique password and without it, the server cannot be accessed.
- Key Pair: This step creates a combination of public and private key that you can use to secure your server. Enter the following command to create a new Key Pair, if you already have created a key pair then you can skip this step:
$ ssh – Keygen
- The above command would create an output in the following form:
- Ssh-Keygen Output
- Generating public/private RSA key pair.
- Enter file in which to save the key
- Simply press enter to accept the file name and location.
- Passphrase: You would be also prompted to enter the passphrase. You can leave the passphrase blank you can access the server using the private key, it is usually a good idea to enter a passphrase as it enhances the overall security.
- Finally, it would generate a Private and Public Key in the ssh folder of your local user. The private key should not be shared with anyone you do not want to have access to the server.
Now that you have generated the SSH Key pair, your public key needs to be copied to your server. There 2 basic methods that you can use to accomplish this. The manual method would work for nearly all setups but some server companies may not allow it.
- Method 1- SSH-Copy-id
- If you are using DigitalOcean and have chosen SSH key during droplet creation then this method would not work for you. In this case, you need to follow method 2.
- The following script would install the public key to the user you wish to allow on the server
Ssh-copy-id [email protected]_Server_ip
- You would be prompted to enter the password and the key can now be used to access the server.
- Method 2 – Manual Install
- Once you have generated the SSH Key pair it can be added to a specific user to provide it access
- Use the
$ cat ~/ .ssh/id_rsa.pubto print out the key
- Copy the key to the clipboard and Log in to the server as the root user
- The key would be added to a new directory called .ssh and its permission protocol can be defined with the following commands.
$ mkdir ~/ .ssh
$ Chmod 700 ~/ .ssh
- Now that the directory is created, access the “Authorized_Keys” file in the .ssh directory with a text editor. In this guide, we are using Nano
$ nano ~/ .ssh/authorized_keys
- Finally paste, your public key that you copied initially and save the document
- The key is almost ready all that is left to do is to use the following command to restrict the privileges of the authorized keys
$ chmod 600 ~/ .ssh/authorized_Keys
- Exit the root user with
- The manual key install is completed and the new key can be used to access the user.
In the next step, we would be enhancing the security of the server even further by disabling password only access.
Step 5 – Disabling Password only Authentication[sta_anchor id=”disable-password-only-auth”]
Like the previous steps, this step is also intended to enhance the overall security of your server. This step is necessary to incorporate two-level security for your server. Disabling the password only authentication would make sure that only those users can access the server which possess the private and public key that was installed in previous steps. This step is highly recommended when you configure Ubuntu.
Note: Password only authentication should only be disabled if you have already installed the password key as directed in step 4. Disabling the password only authentication without installing the password key for the user can lock you out of your server. Once the Password only authentication is disabled the server can be only accessed through the private key or the console.
- Run the SSH Daemon Configuration as the root or newly created Sudo user using the following command:
$ Sudo nano /etc/ssh/sshd_config
- Once the file is opened find “Password Authentication” line, delete the # symbol and change the value to “No”. The command should look as below after the change:
sshd_config- Disable Password Authentication PasswordAuthentication no
- Save and close the file and you are done with disabling password only authentication. The server now can only be accessed through the SSH key.
Step 6 – Test Log In[sta_anchor id=”test-log-in”]
Before logging out of your server you need to test the new configuration. It is important to test whether you can Log in through SSH using your keys. This step is a security check that checks whether everything is in order or not.
- Log in using your new account using the following command:
$ ssh [email protected]_Server_ip
If you have followed all steps correctly then you should be able to log in using the private key authentication. If you are asked for User’s password then something is not quite right, redo the previous steps to set it properly.
You should be able to Log in to your newly created user. The administrator level commands can be run by using “Sudo” before the command.
Step 7 – Create a Firewall[sta_anchor id=”create-a-firewall”]
The Ubuntu 16.04 also provides the users with the feature to only allow certain connection or services through the server. When you configure Ubuntu you should install the UFW firewall which can be easily setup with the following steps:
- First, you need to allow SSH application through the firewall, which is essential for logging in as well as determining different settings for the server. Run the following command
$ sudo ufw app list
- It would provide you with the SSH application profile registered with ufw
- It would provide the output as : Available application OpenSSH
$ sudo ufw allow OpenSSH
- Next, enable the firewall so that the future application or connections can be regulated through firewall using the following command
$ sudo ufw enable
- Type “Y” and press enter to enable the firewall
- You can check the status of different applications in firewall through the following command
$ sudo ufw status
- Your firewall is ready and in operation.
In future, you would need to add permission in the firewall for newly installed application to allow them through the firewall. If you have followed all the above steps correctly then the basic setup of your Ubuntu server is completed and you are ready to use it.
This simple guide lets you lay a solid foundation for your Ubuntu server and what you need to do to configure Ubuntu after a fresh install. You have laid the basic framework for your server and can now go forth setting different applications that you may need in the future. This guide also covers the basic security aspects that you need to cover right after the setup.