Basic Ubuntu Setup Before Building A Working Server
This tutorial is one of basic guide series. In this page you’ll see first things you have to do on Ubuntu server before you really build and setup a working web server to host your files and databases in it. Shortly, these steps are initial setup you should apply on Ubuntu even before you install Apache, Nginx, MySQL, PHP5 and any stack you wish.
In this post I assume you’ve just purchased a fresh either VPS or Dedicated server with Ubuntu OS running on it. It means you have already had your server’s IP and root password.
You may not follow steps below as your server will still work without applying these steps but I believe if you follow all of these, your server will at least has a basic security setup.
1. Login to Server as Root
You can either use Terminal on your Linux or Mac computer. But if you are like me running Windows, read my previous guide about how to use Putty to login to a server via SSH connection.
2. Change Default Root Password
My playground server is created with automatically generated root password emailed to me once the server was created. If your server is just similar as mine, then you should do this step: changing default root password. You may not do this if you’ve defined the root password during OS install.
Q: How to change default root password?
A: use following command:
passwd
p.s: Then you have to enter the new password twice. Upon typing your new password you may not see it on screen.
3. Create New User To Login To Your Server
root is default user with all admin privileges. All new servers have the same default admin username which is “root” so hackers can simply force to crack the password since they already knew there is always a user called “root” there. Hence, it is very recommended for each server admin to add additional users to login and to disable root login as well. Here’s how to add new user:
adduser newusername
you’ll then have to define new password for that user. After that simply hit Enter several times leaving the questions blank.
example:
adduser sawiyati
4. Add Root Privileges To That New User
Now you’ve added new user. The next step to do is adding root privileges to that user. And here’s how to make it done.
visudo
The Nano editor screen will appear. Now find / locate “#user privilege specification” then add following line:
newusername ALL=(ALL:ALL) ALL
which in this example is:
sawiyati ALL=(ALL:ALL) ALL
Once done, hit Control+O to save then Control+X to exit Nano editor.
5. Change SSH Default Port
Normally and commonly, new server created should use port 22 for its SSH connection. That’s making your servers vulnerable to get hacked via brute-force mechanism since the attackers already knew that there is a user called “root” and the port used for accessing SSH is 22. Hence, it is strongly recommended for you to change that default port. And here’s how..
nano /etc/ssh/sshd_config
then find this section
# What ports, IPs and protocols we listen for Port 22
you can change Port 22 to any number between 1025 and 65536. In this example I will use port 22000. Please note down or remember the new port you defined as if you forget it, you’ll not be able to login to your server.
Port 22000
also find and change “PermitRootLogin” from Yes to No.
Once done, scroll down the screen and navigate to the very bottom then add following to allow login using your new username:
UseDNS no AllowUsers newusername
example:
UseDNS no AllowUsers sawiyati
That’s it. Now hit Cntrl+O to save then Cntrl+X on your keyboard to exit Nano editor screen.
6. That’s all. Now reload SSH
You’ve made several changes as above. Now it is time to apply your changes by reloading SSH. To do that, simply use this command:
reload SSH
7. Give It A Test
To make sure all things you set up correctly, lets give it a test. Remember, do not close current SSH client or Terminal window. Launch another Terminal window or open another instance of Putty. I recommend you to use Multi-Tabbed Putty. Then login with new credentials; new port number, new username and new password but still the same IP or Host name.
That’s all and congratulation. You’ve set all basic requirements to setup a working server. Now you can proceed to install any stack you wish like LAMP. However, once you’ve already created a working live server to host your sites, you may still need to add other protection mechanism. We’ll discuss that ahead one I finished posting all articles about basic guides. Cheers..
Hi again!
Love your tutorials!!
I’ve created a new user but he does not have permission to do anything over sftp or without sudo su first.
even in its own dir
please help!
thanks 🙂
You can simply install and setup dedicated FTP server like vsFTPd.
Thank you for this tutorial. Very much appreciated for a beginner like me configuring my VPS.
By this, the default root user will not be able to login in to my vps.
Hi I love your tutorial however I am unable to write to the sshd_config file it says permission denied, any suggenstions. Everything else up to that point following your tutorial has worked.
you should login as root
I think we should write reload ssh not t reload SSH.
Anyway thanks, It is very clear explanation, helpfuuly.
Yes, good tutorial. I used it to add a new user and change log in port and it worked, BUT I found that some of the applications/folders/file are not possible to read/write/change for the the new user. Could you tell how to give this new user priviliges of the ‘root’ so the access to all the folders and files was available again. Thanks, Nik
simply chown and chmod the folders/files to that users
Awesome tutorial thank you!
Thanks for all your tutorials – Have just setup my first VPS using them.
I have a problem with setting the new user permissions. I deliberately did not install sudo and am running a LEMP stack. Where do I find the permissions please?
Thanks
you can simply set the permission to root but if you are using WordPress, its auto update feature will not work (usually). You can set the permission to your webserver (nginx)
Thanks for your prompt reply, seems I didn’t explain myself properly. In this article you talk of making a user with the privileges of Root. Then remove Root user to prevent hacking. I can make the user but can’t find the file to set the new user permissions (Step 4 above). Because I do not have sudo installed, so there is no visudo.
Thanks again.
Salam pa khb, saya nk belajar basic installation Linux Ubuntu server
Boleh you provide me tutorial for Ubuntu server. Can I pay you
No you don’t have to pay me coz you can simply read it on my blog. It’s free 🙂
Thanks. should I hosting server from your.
Why disable the UseDNS?