Written by Rahul, Updated on April 26, 2020
In this tutorial, we are assuming that you already have fresh installed Ubuntu Ubuntu 20.04 LTS (Focal Fossa) server. We recommend using LTS version of Ubuntu for your servers like Ubuntu 20.04 LTS (Focal Fossa). Now after installing Ubuntu server 20.04 server, proceed for the post-installation steps on your server. This tutorial includes steps which are useful for configuring for a server to apply basic security of the server.
Follow the below steps.
1. Upgrade Your System
First of all, login to the Ubuntu 20.04 system via the system terminal. Now, execute the following commands to update apt cache and upgrade all packages on your system.
sudo apt update sudo apt upgrade
2. Create User Account
We don’t recommend to use root user to work on Ubuntu 20.04. Let’s create an account for system administration and enable sudo access for that.
sudo adduser sysadmin
Now add the newly created user to the sudo group, So that it can get all sudo privileges.
ssudo usermod -aG sudo sysadmin
3. Secure SSH Server
We recommended to change default SSH port, it helps you to secure your system from hack attempts. To change default port edit OpenSSH configuration file /etc/ssh/sshd_config and do the following changes.
- Change Default Port – It will be good to change default ssh port as default ports are always on attackers.
Port 2222
- Disable Root SSH Login – Also you would like to disable root login via ssh.
PermitRootLogin no
4. Setup Key-Based SSH
This is strongly recommended to use key based ssh login instead of password login. To configure this, create a ssh key pair on your local system.
Linux users can use the collowing command, and Windows user use puttygen.exe to generate ssh key pair.
ssh-keygen
Sample output:
Generating public/private rsa key pair. Enter file in which to save the key (/home/sysadmin/.ssh/id_rsa): Created directory '/home/sysadmin/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sysadmin/.ssh/id_rsa Your public key has been saved in /home/sysadmin/.ssh/id_rsa.pub The key fingerprint is: SHA256:Wewuzm5MjMkiTQA4zFKPpGWpOcEE7TGRlFSgYGpsWHE [email protected] The key's randomart image is: ---[RSA 3072]---- |@O%OE | |@@O . | |*X. . o | |* . . | | . o . S . | | . o o. | | . . o. . | | oo. | | o | ----[SHA256]-----
Now copy the newly created public key .ssh/id_rsa.pub file content to the servers ~/.ssh/authorized_keys file. You can directly copy public key to the servers file or use the following command.
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
Now login to the server with SSH, It will not prompt for the password again.
ssh [email protected]
5. Configure Firewall with FirewallD
The Default Ubuntu 20.04 server edition, do not have firewalld installed on it. You can simply run the following command to install required packages from default repositories.
sudo apt install firewalld
After installation, start firewall service and enable it to auto-start on system boot.
systemctl start firewalld systemctl enable firewalld
By default firewall allowed SSH access to remote users. You may also need to allow other services through the firewall to remote users.
You can directly provide a service name like “http” or “https” to allow. The firewalld uses /etc/services file to determine the corresponding port of the service.
firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https
If any of the service name is not defined in /etc/services file. You can firewall rule using the port number directly. For example to allow TCP port 8080 or 10000 (default Webmin) to your firewall.
firewall-cmd --permanent --add-port=8080/tcp firewall-cmd --permanent --add-port=10000/tcp
After making any changes to your firewall, make sure to reload changes using the following command.
firewall-cmd --reload
To view, all the allowed port and services use the following command.
firewall-cmd --permanent --list-all
Output:
public target: default icmp-block-inversion: no interfaces: sources: services: cockpit dhcpv6-client http https ssh ports: 8080/tcp 10000/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Conclusion
Your Ubuntu 20.04 LTS (Focal Fossa) system is ready to use. Please do not forgot to share your ideas about initial server setup, that will help others. Hope this tutorial help you ,Thank you.
