Setting Up and Securing Your Ubuntu Server
Introduction
DigitalOcean provides the option to configure your own VPS server. Now that your server is set up, it’s time to connect and secure it. Follow these steps to get started:
Step 1: Connect to Your Server
First, get the IP address of your new server. Then, open a terminal and type the following command:
ssh root@{ip_address_of_the_server}
Press Enter.
The first time you connect, you’ll see a prompt asking if you want to continue. Type yes
and press Enter.
Step 2: Update Your System
Once connected, update your server to ensure it’s secure by running the following commands:
apt update && apt upgrade -y
This will apply all updates to your server. You should run this command regularly (weekly or monthly). If the updates include a kernel update, reboot the server with:
reboot
Wait a minute or two for the server to restart, then reconnect using the same ssh
command as before.
Step 3: Create a New User
For security, avoid logging in as the root user. Create a new user with the following command:
adduser chris
Replace chris
with your desired username. Follow the prompts to set a password and skip additional questions by pressing Enter multiple times. Confirm the information at the end by pressing Enter again.
Next, add the new user to the sudo
group:
usermod -aG sudo chris
Replace chris
with your username.
Step 4: Configure SSH Keys
Copy your SSH public key to the new user’s home directory:
cp -r ~/.ssh /home/chris/.ssh
Update the ownership of the .ssh
directory:
sudo chown -R chris:chris /home/chris/.ssh
Test logging in as the new user:
ssh chris@{ip_address_of_the_server}
Step 5: Disable Root SSH Login
Open the SSH configuration file:
sudo vim /etc/ssh/sshd_config
Find the line PermitRootLogin yes
and change it to PermitRootLogin no
. Press i to edit, make the change, then press ESC and type :wq
to save and exit.
Restart the SSH service to apply the changes:
sudo systemctl restart sshd
Step 6: Set Up a Firewall
To block unwanted traffic, configure the Uncomplicated Firewall (UFW):
Deny all incoming traffic:
sudo ufw default deny incoming
Allow all outgoing traffic:
sudo ufw default allow outgoing
Allow SSH connections:
sudo ufw allow OpenSSH
Verify the rules:
sudo ufw show added
Enable the firewall:
sudo ufw enable
Press y to confirm.
Conclusion
Your server is now secure and configured to allow only SSH connections. Regularly update your server and monitor firewall settings to maintain security.