When you first create a new Ubuntu server, you should perform some important configuration steps that will increase the security and usability of your server and give you a good foundation usage of your system. In this tutorial we will focus on initial server setup for Ubuntu 22.04.
Initial Server Setup for Ubuntu 22.04
Step 1 — Creating a New User
When you first access your Ubuntu 22.04 server after installation, you will do so as root user. The root user is the administrative user in a Linux environment with elevated privileges. Because of that, users are discouraged from using it regularly.
To avoid destroying your Ubuntu system intentionally or worse, by accident we will be setting up a new user account with reduced privileges for every-day use, and increased privileges on a need-be basis.
Once you log in as
root, you can add the new user account. In our examples going forward we will create a new user called ben. You can use a username that is more appropriate to you:
# adduser ben
Follow the prompts presented to your and remember to set a strong password. The information requested in the prompts are optional and can be skipped by simply pressing Enter.
Step 2 — Grant Administrative Privileges
The new user account (ben) is now available with regular account privileges. More often than not you will sometimes need to perform administrative tasks as the root user. It will be cumbersome to keep logging out of the current user to log in as root when the situation arises.
Ubuntu provides a more elegant way with superuser or root privileges for your user’s regular account. These privileges will allow your normal user to run commands with administrative privileges by prepending the word
sudo before the command.
There is a sudo system group that facilitates this feature. By default on Ubuntu 22.04, users who are members of the sudo group are allowed to use the sudo command.
As root, run this command to add your new user to the
# usermod -aG sudo ben
From now on, When logged in as ben you can execute commands that require superuser privileges using the word sudo.
Step 3 — Set up a Firewall
In Ubuntu 22.04 servers you can use the UFW firewall to restrict connections to certain services through specific ports and IPs. UFW is ideal for setting up a basic firewall rules.
Some applications installed via apt register their profiles with UFW. These profiles allow UFW to manage these applications by name rather than specifying the default ports.
You can examine the list of installed UFW profiles by typing:
# ufw app list
Output Available applications: OpenSSH
Here you can see that OpenSSH, the service that allows you to connect to your server using
ssh has a profile registered with UFW. You will need to make sure that the firewall allows SSH connections so that you can log into your server next time from a remote terminal. Allow these connections by typing:
# ufw allow OpenSSH
Now, you can enable the firewall:
# ufw enable
You can now view which connections are allowed through your firewall by typing:
# ufw status
Output Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6)
The output shows that the firewall is currently blocking all connections except for SSH through IPv4 and IPv6 addresses. When you install and configure other applications and services, you will need to repeat the same to adjust the firewall settings to allow the required traffic to your server targeting those services.
Step 4 — Confirm External Access for Your Regular User
You may want to open a new terminal before signing out of root in case there is some misconfiguration you can fix things before proceeding.
SSH access for your new user depends on whether your server’s root account uses a password or SSH keys for authentication. This would have been set up during server installation.
When root Account Uses Password Authentication
If you logged in to your root account using a password then password authentication is already enabled for SSH. With your new regular user, you can SSH to your new user account in the new terminal session using this command:
$ ssh ben@your_server_ip
Once logged in you can test the elevated administrative privileges using the following syntax,
$ sudo command for example:
$ sudo apt update
You will be prompted for your regular user’s password when using
sudo for the first time each session and periodically afterward when you have been idle for some time.
To enhance your server’s security, we strongly recommend setting up SSH keys instead of using password authentication.
When root Account Uses SSH Key Authentication
If you logged in to your root account using SSH keys, then password authentication is disabled for SSH. In that case the regular user will have to log in with an SSH key. You can do this by adding a copy of your local public key to your new user’s
This public key can be found in the root account’s
~/.ssh/authorized_keys file on the server. All you need to do is copy that file to the regular user’s home directory maintaining the directory structure, ownership, and permissions with one command using
# rsync --archive --chown=ben:ben ~/.ssh /home/ben
You may now open a new terminal session and log in using without a password:
$ ssh ben@your_server_ip
Keep in mind that you will be prompted for the regular user’s password when escalating privilges using sudo.
This is the initial server setup for Ubuntu 22.04 to lay as a foundation for making the best out of your server.
sudo privileges allows you to install other services and application as well as update and upgrade your system from the regular user account.