6 C
Texas

Guide To Initial Server Setup on Ubuntu 20.04

Today we are going to learn that how you can take initial steps to secure and harden your freshly installed Ubuntu 20.04 system in order to stay secure. Just follow the below guide to initial server setup on Ubuntu 20.04 to keep you away from attackers.

Step 1: Upgrade Your System

Make sure that you’ve the fresh updates and all packages are upgraded successfully. Run the below command to update and upgrade your Ubuntu 20.4.

sudo apt update && sudo apt upgrade -y

Step 2: Add User Account for Ubuntu 20.04

Make sure you’ve created a system user. Root user is not recommended for work on Ubuntu 20.04. Type the below command to add a user to the Server.

- Advertisement -
sudo adduser sysadmin

Then add this user to the sudo group by hitting the following command to attain sudo privileges.

sudo usermod -aG sudo sysadmin

Step 3: Enable Secure SSH Server

To enable secure SSH access, first of all change the default SSH port and also make sure to disable the remote root SSH login. Because default ports are open to attackers and they can easily try to get into your system. To do this edit the file /etc/ssh/ssh_config with your favorite editor.

Port 2222
PermitRootLogin no

Step 4: Set Key Based SSH On Ubuntu 20.04

We recommend you to prefer the key-base SSH login instead of using a password. Run the below command to generate the SSH key on Ubuntu 20.4.

ssh-keygen
sabi@Ubuntu:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sabi/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sabi/.ssh/id_rsa
Your public key has been saved in /home/sabi/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:lcgQhanDckHCU3qX0PrFpFqcwqMC0l9qU+n1JCPwGLg sabi@Ubuntu
The key's randomart image is:
+---[RSA 3072]----+
| ..++.o=. |
| +o+.++.. . |
| ..=.Xo*o o |
|o E.@.@ *.. |
|o = % +S= |
|. . * o . |
| . . . |
| |
| |
+----[SHA256]-----+

Then copy the new public key .ssh/id_rsa.pub file data to server ~/.ssh/authorized_keys file. For convenience, you can also run the following command.

ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]

And login without any password.

ssh [email protected]

Step 5: Configuring Firewall with FirewallD on Ubuntu 20.04

As firewalld is not installed on the Ubuntu 20.04 so install it by the following command.

sudo apt install firewalld

Then start and enable the firewalld services to take effect.

systemctl start firewalld
systemctl enable firewalld

As firewall only allow SSH access to remote users you may add other services as you needed. Here I’m going to add http and https the command will be like

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https

Note: Firewall uses the /etc/services file to check the ports of the services. If some ports are not included in /etc/services, you can add like below.

firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --permanent --add-port=10000/tcp

You can reload the changes by typing

firewall-cmd --reload

To see a list of all the allowed services run

firewall-cmd --permanent --list-all

So, this is how you can take initial server setup to harden your system Ubuntu 20.04.

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"

LEAVE A REPLY

Please enter your comment!
Please enter your name here



Latest article