Grid Guides

Explore How System On Grid Can Work For You

Grid GuideGrid Guide Topics


How to Setup Ubuntu Server on 17.04 64-bit


Table of Contents

Upon successful installation of Ubuntu 17.04 server, a few more steps are essential to fortify your server’s security and enhance its usability. In this article, we will focus on the crucial configuration steps that every system administrator needs to keep in mind when setting up the server.

Login as Root User

The initial step in setting up your server is to log in as the root user. But first, you need to have your server's IP address and the Password or a private SSH key for authentication. To log in, open your Linux terminal and run the command below

# ssh [email protected]

If it’s your first time connecting to the server, you will get the following prompt requiring you to confirm the server’s authenticity. Type ‘Yes’ to continue.

After that, you’ll be required to provide a password that you specified during the installation process after which you’ll be required to change it.

Creating a New User

Working as root is generally not advised unless you are performing administrative tasks. This is because the root user has very heightened privileges and using it on a regular basis can lead to accidental changes in the system which can prove disastrous. It’s a good practice, therefore, to create a regular user account which you can use whenever you are not making any system changes. To achieve this run the ‘adduser’ command followed by the desired username. when prompted, provide a strong password and the necessary information where applicable.

# adduser winnie

Granting Administrative Privileges to the New User

Occasionally, you may be required to perform some administrative tasks in the server. With the newly created user. it’s going to be impossible to accomplish this since it’s only the root user that has all the superuser privileges. It’s for this reason that we need to assign administrative privileges to the regular user to avoid constantly logging out and logging back again as the root user. To achieve this, we need to add the regular user to the sudo group. As the root user, run the command as shown

# usermod -aG sudo username

Every time the regular user needs to perform an administrative task, the command will be preceded by sudo followed the username password

# sudo apt-get update

Configuring the Firewall

By default, Ubuntu Server 17.04 comes with ufw firewall. You can specify some rules to control inbound and outbound connections.

To view the status of the firewall run

# ufw status

Output

To view the current rules run

# ufw app list

Output

To allow a service, run

# ufw allow service-name

For instance

 # ufw allow http

Output

You can also allow either a TCP or UDP port by running

# ufw allow 443/tcp

After you are done, run the following command to enable the firewall

# ufw enable

Output

To verify the firewall status and view all the firewall rules in place run

# ufw status

Configuring Public Key Authentication

The final step in securing the server is to configure public key authentication for added security when logging in. This will require a private SSH key to login into the server which will be stored in the local machine.

Generating Public and Private key pair

To generate a Public and Private key pair, log out of the server and run the command below in your local machine

# ssh-keygen

You will get the output as shown

Press enter to accept

This is going to generate both the public key and private key (id_rsa and id_rsa.pub respectively) in the local user’s .ssh directory.

Next, you’ll be prompted for a passphrase for securing your key with. You can opt to provide the passphrase or leave it blank. Note that providing the passphrase will require you to provide both the private key as well as the passphrase when logging in. This in effect adds an added layer of security during authentication. It’s therefore highly recommended for system administrators to provide a passphrase to the key.

Note

The private key should be kept confidential as this is what will grant you access to the server.

Copying the Public Key to the Server

After generating the key pair, now it’s time to copy the public key to the server. To achieve this, we are going to use the ssh-copy-id command as shown below

# ssh-copy-id  [email protected]

Output

The key will be saved in the server’s .ssh/authorized_keys file.

At this point, you can now login back to your server

# ssh [email protected]

You’ll be prompted for the public key’s passphrase and upon providing it, you’ll be notified that the public key has been successfully added.

NOTE

You can further enhance your server’s security by disallowing password authentication such that one can only log in using the public key. Using your text editor of choice, open the /etc/ssh/sshd_config file and navigate to the line that reads

PasswordAuthentication yes

Edit the value to no and save the changes. This should allow you to log into the server using the public SSH key authentication ONLY and disallow password authentication.

At this point, we have wrapped up setting up the server according to best System administration practices. You can now proceed to update & upgrade the system and install your preferred software packages.