Grid Guide Topics
Table of Contents
- Login as Root User
- Creating a New User
- Granting Administrative Privileges to the New User
- Configuring the Firewall
- Configuring Public Key Authentication
- Copying the public Key to the Server
Upon successful installation of Ubuntu 17.04 server, a few more steps are essential to fortify your server’s security and enhance its usability. In this article, we will focus on the crucial configuration steps that every system administrator needs to keep in mind when setting up the server.
Login as Root User
The initial step in setting up your server is to log in as the root user. But first, you need to have your server's IP address and the Password or a private SSH key for authentication. To log in, open your Linux terminal and run the command below
# ssh [email protected]
If it’s your first time connecting to the server, you will get the following prompt requiring you to confirm the server’s authenticity. Type ‘Yes’ to continue.
After that, you’ll be required to provide a password that you specified during the installation process after which you’ll be required to change it.
Creating a New User
Working as root is generally not advised unless you are performing administrative tasks. This is because the root user has very heightened privileges and using it on a regular basis can lead to accidental changes in the system which can prove disastrous. It’s a good practice, therefore, to create a regular user account which you can use whenever you are not making any system changes. To achieve this run the ‘adduser’ command followed by the desired username. when prompted, provide a strong password and the necessary information where applicable.
# adduser winnie
Granting Administrative Privileges to the New User
Occasionally, you may be required to perform some administrative tasks in the server. With the newly created user. it’s going to be impossible to accomplish this since it’s only the root user that has all the superuser privileges. It’s for this reason that we need to assign administrative privileges to the regular user to avoid constantly logging out and logging back again as the root user. To achieve this, we need to add the regular user to the sudo group. As the root user, run the command as shown
# usermod -aG sudo username
Every time the regular user needs to perform an administrative task, the command will be preceded by sudo followed the username password
# sudo apt-get update
Configuring the Firewall
By default, Ubuntu Server 17.04 comes with ufw firewall. You can specify some rules to control inbound and outbound connections.
To view the status of the firewall run
# ufw status
To view the current rules run
# ufw app list
To allow a service, run
# ufw allow service-name
# ufw allow http
You can also allow either a TCP or UDP port by running
# ufw allow 443/tcp
After you are done, run the following command to enable the firewall
# ufw enable
To verify the firewall status and view all the firewall rules in place run
# ufw status
Configuring Public Key Authentication
The final step in securing the server is to configure public key authentication for added security when logging in. This will require a private SSH key to login into the server which will be stored in the local machine.
Generating Public and Private key pair
To generate a Public and Private key pair, log out of the server and run the command below in your local machine
You will get the output as shown
Press enter to accept
This is going to generate both the public key and private key (id_rsa and id_rsa.pub respectively) in the local user’s .ssh directory.
Next, you’ll be prompted for a passphrase for securing your key with. You can opt to provide the passphrase or leave it blank. Note that providing the passphrase will require you to provide both the private key as well as the passphrase when logging in. This in effect adds an added layer of security during authentication. It’s therefore highly recommended for system administrators to provide a passphrase to the key.
The private key should be kept confidential as this is what will grant you access to the server.
Copying the Public Key to the Server
After generating the key pair, now it’s time to copy the public key to the server. To achieve this, we are going to use the ssh-copy-id command as shown below
# ssh-copy-id [email protected]
The key will be saved in the server’s .ssh/authorized_keys file.
At this point, you can now login back to your server
# ssh [email protected]
You’ll be prompted for the public key’s passphrase and upon providing it, you’ll be notified that the public key has been successfully added.
You can further enhance your server’s security by disallowing password authentication such that one can only log in using the public key. Using your text editor of choice, open the /etc/ssh/sshd_config file and navigate to the line that reads
Edit the value to no and save the changes. This should allow you to log into the server using the public SSH key authentication ONLY and disallow password authentication.
At this point, we have wrapped up setting up the server according to best System administration practices. You can now proceed to update & upgrade the system and install your preferred software packages.