Introduction:
This article assumes you have a freshly installed Ubuntu Server 16.04 instance and that your require some secure configurations and set up. In this article, you will increase the security and usability of your server and help give you a more solid foundation for subsequent actions.
Step 1: Install Openssh-Server
To login to your server (remotely via putty or some other ssh terminal client), you would need to have installed openssh server – if not, you can login directly to the console of the server, run the following command:
$ sudo apt-get install openssh-server
Once this has been done, you should be able to ssh to the server using putty. IF you get prompted for a security warning about your hosts authenticity, just accept it. This is normal behaviour and is expected if this is your first time logging in to the server.
Currently the only user account on this server is the root account. We would need to create a new users as we don’t want to use the root account to perform any tasks.
What is root?
root is the username or account, that by default has access to all commands and files on a linux or unix-like operating system. Think of it as a godmode account. It is also referred to as root account, root user and or superuser.
Step 2: Configure a new user
Once we have logged in with our root account, you will want to create another user account.
This example user we are going to create is going to be called “almostaninja” but you you could use any username you like.
$ adduser almostaninja
You will be asked a couple of questions, for example, what you want your password to be. Remember to use something strong and record it somewhere securely, in case you forget it. Everything else is optional, so you can just press “ENTER” in any field you wish to skip.
Step 3: Assign a user to the sudo group
Now that we have created a user, we need to be able to give that user administrative (root) privileges, as they might need to do administrative tasks. To avoid having to log out of the normal user account and back in as a root account, we can set up what is known as a “superuser” account. This will allow a normal user to run various commands with administrative privileges. In order to run those commands, you would either need to prefix “sudo” to each command, or assume a sudo role by typing: “sudo su”, entering the password and continuing from there.
To add these privileges, we would need to add the new user too a group called “sudo”. By default, users who belong to “sudo” group are allowed to use the “sudo” command.
$ usermod -aG sudo almostaninja
Substitute “almostaninja” with the username you used in Step 2.
Once this has been done, the user can run commands with elevate privileges.
Step 4: Set up a basic firewall
Ubuntu can use the UFW (Uncomplicated FireWall) to make sure that the connection inbound or outbound are limited to only certain services. Different applications can utilise the UFW by registering their profiles upon installation.
OpenSSH, the service we added previously, has a profile registered. You can see this by typing:
$ sudo ufw app list
Output
Available applications:
OpenSSH
We meed to ensure that our firewall allows SSH connections, so we can log back in again. We can add the allow rule by executing the following:
$ sudo ufw allow OpenSSH
We now need to enable the firewall, so it can actually protect your systems.
$ sudo ufw enable
Press “Y” to confirm and the press “ENTER” to proceed. To check the rule status, you can execute the following command:
$ sudo ufw status
Output Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6)
For any additional service you install and configure, you would just need to ensure that you enable the relevant firewall rules.