Ubuntu – initial setup
Initial setup Linux web server on the base Ubuntu…
Below we set up Ubuntu server under version 20.04… The same will be true for most of the other versions. How to upgrade Ubuntu from 18.04 to 20.04.
We assume that we have installed a new Ubuntu 20.04 and there were no other actions and settings in it yet.
1. Create a user
General procedure for creating and deleting users in Ubuntu.
Add a new user:
Add to the group of administrators:
usermod -aG sudo ploshadka
Now we can log into the server through a new user. And execute commands on behalf of the administrator using:
sudo some team
2. Configuring SSH access
To work securely with the server, you need to configure a secure logon without a password, but with a public computer key. We configure access to your server via SSH.
After configuration, we will check the login to the server without a password. To do this, we go in the standard way:
If the password is no longer requested when the command is run, then access is configured correctly.
3. Copy login via SSH for the new user
rsync –archive –chown= ploshadka: ploshadka ~/.ssh /home/ploshadka
The rsync utility copies directories with all permissions. For correct operation, it is important to indicate at the end of the first path without a slash.
Let’s check that we can log in without a password:
ssh ploshadka@111.111.111.111
Do not forget the user password, it will still come in handy when you need to execute something from a user with administrator rights:
sudo some team
4. Setting up a basic firewall
Base Firewall in Linux Ubuntu is called UFW…
Let’s allow him access via SSH:
We activate the firewall:
Check the status of allowed connections:
Should be:
To Action From
– —— —-
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
The firewall will now block all connections except SSH. In order not to make life difficult for yourself, you must remember that the Firewall was enabled and if some ports do not work, this may be due to the blocking of our firewall.
5. Disable password authentication on the server
Before disabling authentication, a passwordless login to the server must be configured, as described earlier in the article.
Opening the file:
nano /etc/ssh/sshd_config
We indicate:
# Authentication:
PasswordAuthentication no
Let’s save the file and reload the service:
sudo systemctl restart ssh
6. Add public DNS from Google
This is necessary in order not to have problems with updating packages, if suddenly there are some problems with the default DNS address (127.0.0.53).
Install the package resolvconf:
sudo apt install resolvconf
Then open the file:
/etc/resolvconf/resolv.conf.d/tail
And add there:
nameserver 8.8.8.8
nameserver 8.8.4.4
This data will be added to the file that is responsible for DNS:
If we entered data directly into this file without the resolvconf utility, then after restarting the server, the data will be overwritten with those that are by default.
Conclusion
The server is configured to log in via SSH using a public key without a password. It is recommended to carry out all further configuration through a new user.