Introduction
As part of the initial setup of a new Ubuntu 20.04 server, you need to conduct several key configuration actions. These measures will improve the security and usability of your server and lay the groundwork for further activities.
Step 1 - Logging in as root
Log in as the root user using the following command (replace the highlighted portion of the command with your server's public IP address).
$ ssh root@your_server_ip
Accept the warning regarding the authenticity of the host if it appears. Log in with your root password if you are using password authentication.
Step 2 - Creating a New User
You can add the new user account once logged in as root. We will use this new account instead of root in the future.
This example creates a new user named demo, but you should replace it with a suitable username:
Output:
You will see several questions, beginning with the account password.
Enter a strong password and, if desired, fill in the additional information such as Full name, Room Number, Work Phone, Home Phone, Other. It is optional; you can enter ENTER in any field you want to skip.
Step 3 - Granting Administrative Privileges
We now have a new user account with full account rights. However, we may be required to perform administrative activities on occasion.
To avoid having to log out of our usual user account and log back in as the root account, you can provide normal account superuser or root rights. By using the term "sudo" before the command, you can run commands with administrative capabilities.
To grant these capabilities to our new user, we must first add him to the sudo group. The member users of the sudo group are granted access to the sudo command by default in Ubuntu 20.04.
Run this command as root to add your new user to the sudo list.
When logged in as your regular user, you can type sudo before commands to run them as a superuser.
Step 4 - Setting Up a Basic Firewall
Ubuntu 20.04 servers can use the UFW firewall to restrict connections to specific services. Using this application, we may configure a rudimentary firewall.
Upon installation, applications can register their profiles with UFW. UFW can control these applications by name because of their profiles. OpenSSH, the service that currently allows us to connect to our server, has a UFW profile.
Output:
We must ensure that the firewall accepts SSH connections so that we can log in again the following time. We can enable these connections by entering -
Output:
Rule added
Rule added (v6)
After that, we can enable the firewall by typing:
To proceed, type y and hit ENTER.
Now, you can see that SSH connections are still permitted.
Output:
The firewall is active and enabled on the system startup.
Output:
As the firewall is now restricting all connections except SSH, alter the firewall settings to allow traffic in if you install and set up new services.
Step 5 - Enabling External Access for Your Regular User
We need to ensure that we can SSH into the account directly now that we have a normal user for daily use.
The technique for configuring SSH access for your new user depends on your server's root account authentication with a password.
Password authentication is enabled for SSH if you log in to your root account with a password. Open a new terminal session and use SSH with your new username to connect to your new user account:
# ssh demo@your_server_ip
You will be logged in after entering your usual user password. Remember to put sudo before any command that requires administrative privileges:
When you use sudo for the first time (and on subsequent occasions), you will be prompted to enter your regular user password.
Conclusion
You now have a solid foundation for your server, and you can install any software you require on your server.