When you need to setup a new Linux server on one of the popular VPS providers, the first steps are often similar. A big reason I have a blog is so I can copy/paste common tasks I need to do more than once. So, below are the first few steps I take when setting up a new Ubuntu 18.04 server on Digital Ocean.
Step 1: Create new server, add ssh key
While the directions will vary between VPS providers, the first step is to provision a new server and then configure it to accept SSH keys. This is superior to having the root password sent to you over email however if that does happen, as long as you login quickly and change the password, I think the risk is fairly low.
Step 2: Setup a standard user
The first step is to login to your server as root, change the password if it was sent over email, configure a standard user with
sudo access and then remove the ability for the root user to login over the network. Make sure you know the IP address of your newly created server which you can do from the VPS providers website. Then, ssh into the server with
ssh root@ip and do the following:
Add a new user (as root)
$ adduser hideo
Add the user to the superuser (sudo) group
$ usermod -aG sudo hideo
Switch to the new user
$ su - hideo
Create directory to hold ssh file
$ mkdir ~/.ssh && chmod 700 ~/.ssh
Create the authorized keys file and set permissions:
$ touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys
Then with your preferred editor, add your public key to your authorized_keys file, e.g.
While you are still logged in as root, open a new terminal session and try to ssh to your server with your standard user, e.g.
ssh hideo@ip. Then make sure you can access root privileges with
sudo -s. If all is working as expected, go ahead and log out of your original root session.
Step 3: Enable a firewall, allow ssh
Next, it’s time to setup a firewall with a default deny policy and only allow ssh (until you need other services):
See what ufw application profiles are avaiable
$ sudo ufw app list Available applications: OpenSSH
$ sudo ufw allow OpenSSH Rules updated Rules updated (v6)
Enable the firewall
$ sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup
Check status to make sure active and enforcing
$ sudo ufw status Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6)
Step 4: Apply Ubuntu updates
Finally, it’s time to apply any server updates so everything is at the latest version and mostly importantly you have have the latest security patches.
Update your package source
$ sudo apt update
Upgrade with available updates
$ sudo apt upgrade -u
And finally reboot (for good measure, esp if kernel was updated)
$ sudo reboot
You should now be ready to use your VPS or add more security layers such at fail2ban, log monitoring and more!
adduser hideo usermod -aG sudo hideo su - hideo mkdir ~/.ssh && chmod 700 ~/.ssh touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys vim ~/.ssh/authorized_keys (and add your ssh key) sudo ufw app list sudo ufw allow OpenSSH sudo ufw enable sudo ufw status sudo apt update sudo apt upgrade -u sudo reboot