This tutorial is one of basic guide series. In this page you’ll see first things you have to do on Ubuntu server before you really build and setup a working web server to host your files and databases in it. Shortly, these steps are initial setup you should apply on Ubuntu even before you install Apache, Nginx, MySQL, PHP5 and any stack you wish.
In this post I assume you’ve just purchased a fresh either VPS or Dedicated server with Ubuntu OS running on it. It means you have already had your server’s IP and root password.
You may not follow steps below as your server will still work without applying these steps but I believe if you follow all of these, your server will at least has a basic security setup.
1. Login to Server as Root
You can either use Terminal on your Linux or Mac computer. But if you are like me running Windows, read my previous guide about how to use Putty to login to a server via SSH connection.
2. Change Default Root Password
My playground server is created with automatically generated root password emailed to me once the server was created. If your server is just similar as mine, then you should do this step: changing default root password. You may not do this if you’ve defined the root password during OS install.
Q: How to change default root password?
A: use following command:
p.s: Then you have to enter the new password twice. Upon typing your new password you may not see it on screen.
3. Create New User To Login To Your Server
root is default user with all admin privileges. All new servers have the same default admin username which is “root” so hackers can simply force to crack the password since they already knew there is always a user called “root” there. Hence, it is very recommended for each server admin to add additional users to login and to disable root login as well. Here’s how to add new user:
you’ll then have to define new password for that user. After that simply hit Enter several times leaving the questions blank.
4. Add Root Privileges To That New User
Now you’ve added new user. The next step to do is adding root privileges to that user. And here’s how to make it done.
The Nano editor screen will appear. Now find / locate “#user privilege specification” then add following line:
newusername ALL=(ALL:ALL) ALL
which in this example is:
sawiyati ALL=(ALL:ALL) ALL
Once done, hit Control+O to save then Control+X to exit Nano editor.
5. Change SSH Default Port
Normally and commonly, new server created should use port 22 for its SSH connection. That’s making your servers vulnerable to get hacked via brute-force mechanism since the attackers already knew that there is a user called “root” and the port used for accessing SSH is 22. Hence, it is strongly recommended for you to change that default port. And here’s how..
then find this section
# What ports, IPs and protocols we listen for
you can change Port 22 to any number between 1025 and 65536. In this example I will use port 22000. Please note down or remember the new port you defined as if you forget it, you’ll not be able to login to your server.
also find and change “PermitRootLogin” from Yes to No.
Once done, scroll down the screen and navigate to the very bottom then add following to allow login using your new username:
That’s it. Now hit Cntrl+O to save then Cntrl+X on your keyboard to exit Nano editor screen.
6. That’s all. Now reload SSH
You’ve made several changes as above. Now it is time to apply your changes by reloading SSH. To do that, simply use this command:
7. Give It A Test
To make sure all things you set up correctly, lets give it a test. Remember, do not close current SSH client or Terminal window. Launch another Terminal window or open another instance of Putty. I recommend you to use Multi-Tabbed Putty. Then login with new credentials; new port number, new username and new password but still the same IP or Host name.
That’s all and congratulation. You’ve set all basic requirements to setup a working server. Now you can proceed to install any stack you wish like LAMP. However, once you’ve already created a working live server to host your sites, you may still need to add other protection mechanism. We’ll discuss that ahead one I finished posting all articles about basic guides. Cheers..