First Server Setup with Ubuntu
Login
When you set up a new Ubuntu server, there are some basic settings you need to make before you get started. These steps increase both security and ease of use. In short, by making a solid start, you will lay a smooth foundation for subsequent transactions.
Contents
- Step 1 — Login with Root User
- Step 2 — Creating a New User
- Step 3 — Granting Administrator Privileges
- Step 4 — Setting Firewall
- Step 5 — Opening External Access to Normal User
- What Can You Do From Here?
Step 1 — Login with Root User
To log in to your server, you first need to know the server's public IP address. You will also need the password for your root account or that private key if you have set up an SSH key.
If you are not currently connected to your server, you can use the command below to log in as the root user. Just replace your_server_ip with your own server's public IP address:
ssh root@your_server_ip
If you see a warning about the server ID when connecting, confirm and continue.
If you are logging in with a password, you must enter the root password. If you are using an SSH key and it is password protected, you will be asked to enter this password the first time you log in.
If you are logging in with a password for the first time, the system may also ask you to change the root password. If you receive such a warning, set your new password by following the steps on the screen.
About Root
Root is the most authorized user in Linux systems. So it can do anything, so even one wrong command can break the system. For this reason, it is not recommended to choose the root account for daily use.
In the next step, we will create a new user with limited privileges to work more securely. When you need it, you will be able to temporarily gain administrator rights.
Step 2 — Creating a New User
After logging in with root, you can add a new user. From now on we will use this account instead of root.
In the example below, a user named sammy is created. You can change this to the username you want:
adduser sammy
When creating a user, it will first ask you for a password. It is important to set a strong password.
Afterwards, it may ask for some additional information (name, phone number, etc.), but you do not have to fill it in. If you want, you can skip it by pressing ENTER.
Step 3 — Granting Administrator Privileges
The user you just created is now a normal account. However, sometimes you will need to perform administrative operations that require root privileges.
To avoid having to constantly log in and out of the root account, you can give administrator (sudo) privilege to the normal user. This way, you can run the necessary operations as root by typing sudo at the beginning of the commands.
To grant these powers to the new user, you need to add them to the sudo group. In Ubuntu, users in the sudo group can use the sudo command.
Run the following command as root and replace sammy with your own username:
usermod -aG sudo sammy
Now, when you log in as a regular user, you can run commands with administrator privileges, that is, with higher permissions, by typing sudo in front of them.
Step 4 — Setting Up a Firewall
You can control which services will be open to the outside by using UFW (Uncomplicated Firewall) on Ubuntu servers. It is possible to install a simple firewall with this tool.
Note:
Using more than one firewall at the same time. Problems can be difficult to resolve due to conflicting rules.
Some applications add their own UFW profiles when installing. So you can manage these services by their names. For example, there is already a profile for OpenSSH, which allows us to connect to the server.
To see installed profiles, you can type this command:
ufw app list
Output
Available applications:
OpenSSH
You need to make sure that your firewall allows SSH connections, otherwise you will not be able to reach the server the next time you log in. To grant permission, type the following command:
ufw allow OpenSSH
You can now activate the firewall. To do this, you must write the following command mentioned below:
ufw enable
After the command, the system will ask for confirmation. You must continue by typing Y and pressing ENTER.
Then to see if SSH connections are still open, you can type:
ufw status
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Currently the firewall is blocking all connections except SSH. When you install new services in the future, you will need to update your UFW settings to allow this traffic.
When you add a new service, do not forget to define rules, otherwise it cannot be accessed from the outside.
Step 5 — Opening External Access to Normal User
You now have a regular user account for daily use. Now you need to make sure that you can connect directly to this account via SSH.
Notes:
You should not log out of root until you log in with the new user and see that the
sudocommand is running. If you have problems connecting, you can make the necessary corrections via root.
The way you set up SSH access for the new user depends on whether they use a password or SSH key to log in to the root account.
If Logging In to Root Account with Password
If you logged in to root with a password, it means that password authentication for SSH is turned on.
To connect to the new user account, open a new terminal and log in via SSH by typing your username:
ssh yeni_kullanici@sunucu-ip
After entering your password, you will be logged in with your regular user account.
Remember, if you need to run a command that requires administrator privileges, just prefix it with sudo:
sudo komut
When you first use sudo or occasionally, you will be asked for your normal user password.
To increase the security of the server, we strongly recommend that you log in with SSH keys instead of passwords. This method is both safer and makes the job easier in the long run.
If Logging In to Root Account with SSH Key
If you logged in to root with an SSH key, password authentication is disabled.
In this case, in order to log in with the new user, you need to add a copy of the public key file on your computer to the new user's ~/.ssh/authorized_keys file.
The public key is already registered in the ~/.ssh/authorized_keys file of the root user on the server.
Now you can copy this file and folder structure to the new user while in your current session.
The easiest way to copy these files with the correct permissions is to use the rsync command.
The rysnc command copies the root user's .ssh directory to the new user, preserving permissions and automatically adjusting ownership.
Note:
Be careful when using rsync — there shouldn't be
/at the end of the source directory.
So using~/.sshis correct,
Using~/.ssh/is incorrect.
If you accidentally put /, only the files inside will be copied, the directory structure will be corrupted and SSH will not be able to find the keys.
rsync --archive --chown=kullaniciadi:kullaniciadi /root/.ssh /home/kullaniciadi
Now open a new terminal on your computer and connect via SSH with your new username:
ssh kullaniciadi@sunucu-ip
You can now connect to the server without a password with your new user account.
Remember, if you are going to run a command that requires administrator privileges, you must add sudo at the beginning:
sudo komut
When you first use the sudo and occasionally you will be asked to enter your regular user password.
What Can You Do From Here?
Together we have laid a solid foundation for your server. After that, you can start installing the software you need.
If you want to learn Linux commands better, you can practice by taking a look at the basic commands. This way, you can manage your server much more easily.