Setting Up and Securing Your Ubuntu Server

Introduction

DigitalOcean provides the option to configure your own VPS server. Now that your server is set up, it’s time to connect and secure it. Follow these steps to get started:

Step 1: Connect to Your Server

First, get the IP address of your new server. Then, open a terminal and type the following command:

ssh root@{ip_address_of_the_server}

Press Enter.

Connecting to SSH Connecting to SSH

The first time you connect, you’ll see a prompt asking if you want to continue. Type yes and press Enter.

SSH Fingerprint SSH Fingerprint

Step 2: Update Your System

Once connected, update your server to ensure it’s secure by running the following commands:

apt update && apt upgrade -y

This will apply all updates to your server. You should run this command regularly (weekly or monthly). If the updates include a kernel update, reboot the server with:

reboot

Wait a minute or two for the server to restart, then reconnect using the same ssh command as before.

Step 3: Create a New User

For security, avoid logging in as the root user. Create a new user with the following command:

adduser chris

Replace chris with your desired username. Follow the prompts to set a password and skip additional questions by pressing Enter multiple times. Confirm the information at the end by pressing Enter again.

Adding a User Adding a User

Next, add the new user to the sudo group:

usermod -aG sudo chris

Replace chris with your username.

Step 4: Configure SSH Keys

Copy your SSH public key to the new user’s home directory:

cp -r ~/.ssh /home/chris/.ssh

Update the ownership of the .ssh directory:

sudo chown -R chris:chris /home/chris/.ssh

Test logging in as the new user:

ssh chris@{ip_address_of_the_server}

Login as New User Login as New User

Step 5: Disable Root SSH Login

Open the SSH configuration file:

sudo vim /etc/ssh/sshd_config

Find the line PermitRootLogin yes and change it to PermitRootLogin no. Press i to edit, make the change, then press ESC and type :wq to save and exit.

Editing SSH Config Editing SSH Config

Restart the SSH service to apply the changes:

sudo systemctl restart sshd

Step 6: Set Up a Firewall

To block unwanted traffic, configure the Uncomplicated Firewall (UFW):

  1. Deny all incoming traffic:

    sudo ufw default deny incoming

    Deny Incoming Traffic Deny Incoming Traffic

  2. Allow all outgoing traffic:

    sudo ufw default allow outgoing

    Allow Outgoing Traffic Allow Outgoing Traffic

  3. Allow SSH connections:

    sudo ufw allow OpenSSH

    Allow SSH Allow SSH

  4. Verify the rules:

    sudo ufw show added

    Check Firewall Rules Check Firewall Rules

  5. Enable the firewall:

    sudo ufw enable

    Press y to confirm.

    Enable Firewall Enable Firewall

Conclusion

Your server is now secure and configured to allow only SSH connections. Regularly update your server and monitor firewall settings to maintain security.