Ubuntu – initial setup

Initial setup Linux web server on the base Ubuntu

Below we set up Ubuntu server under version 20.04… The same will be true for most of the other versions. How to upgrade Ubuntu from 18.04 to 20.04.

We assume that we have installed a new Ubuntu 20.04 and there were no other actions and settings in it yet.

1. Create a user

General procedure for creating and deleting users in Ubuntu.

Add a new user:

Add to the group of administrators:

usermod -aG sudo ploshadka

Now we can log into the server through a new user. And execute commands on behalf of the administrator using:

sudo some team

2. Configuring SSH access

To work securely with the server, you need to configure a secure logon without a password, but with a public computer key. We configure access to your server via SSH.

After configuration, we will check the login to the server without a password. To do this, we go in the standard way:

If the password is no longer requested when the command is run, then access is configured correctly.

3. Copy login via SSH for the new user

rsync –archive –chown= ploshadka: ploshadka ~/.ssh /home/ploshadka

The rsync utility copies directories with all permissions. For correct operation, it is important to indicate at the end of the first path without a slash.

Let’s check that we can log in without a password:

ssh ploshadka@111.111.111.111

Do not forget the user password, it will still come in handy when you need to execute something from a user with administrator rights:

sudo some team

4. Setting up a basic firewall

Base Firewall in Linux Ubuntu is called UFW

Let’s allow him access via SSH:

We activate the firewall:

Check the status of allowed connections:

Should be:

Status: active

To Action From
– —— —-
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)

The firewall will now block all connections except SSH. In order not to make life difficult for yourself, you must remember that the Firewall was enabled and if some ports do not work, this may be due to the blocking of our firewall.

5. Disable password authentication on the server

Before disabling authentication, a passwordless login to the server must be configured, as described earlier in the article.

Opening the file:

nano /etc/ssh/sshd_config

We indicate:

# Authentication:
PasswordAuthentication no

Let’s save the file and reload the service:

sudo systemctl restart ssh

6. Add public DNS from Google

This is necessary in order not to have problems with updating packages, if suddenly there are some problems with the default DNS address (127.0.0.53).

Install the package resolvconf:

sudo apt install resolvconf

Then open the file:

/etc/resolvconf/resolv.conf.d/tail

And add there:

nameserver 8.8.8.8
nameserver 8.8.4.4

This data will be added to the file that is responsible for DNS:

If we entered data directly into this file without the resolvconf utility, then after restarting the server, the data will be overwritten with those that are by default.

Conclusion

The server is configured to log in via SSH using a public key without a password. It is recommended to carry out all further configuration through a new user.

Similar Posts

Leave a Reply