This is the first in a series of posts that will cover from the deployment of a VPS up to the installation of Nextcloud. These are the kind of posts I will write mostly for future memory, but if they will be useful to you, even better. I’m not reinventing the wheel here, these are just the result of the sum of tutorials and lessons I keep learning.

On this post I will cover the use of SSH to connect to a server, the creation of a new user with administrative privileges and the setup of a firewall.

I’m currently using Ubuntu 18.04, but these instructions are equally valid for other Ubuntu versions.

Use SSH

While managing our server, we will spend a lot of time working on a terminal session and the safest way to connect to it is through SSH, or secure shell.

To do that we have to make use of an SSH key, which is a pair of encryption keys mathematically linked to each other: a private key and a public key. The public key is used to encrypt a message whereas the private key is used to decrypt it. There are several ways to generate an SSH key. Generally the SSH client we will use is capable of doing this and that’s possibly the easiest way. For Windows, the most popular SSH client is Putty. I use Termius. To know more on how to connect to a server using SSH, see this tutorial from DigitalOcean.

So, you will keep your private key to yourself, to use with the SSH client, and install/copy the public key to your server. Almost any VPS provider nowdays have a option on their console that let’s you add your public SSH keys so you can chose to automatically add them upon server deployment. That’s how I do it. But if you prefer to install/copy your SSH key only after the server deployment, see this tutorial.

Moving on, after creating a new Ubuntu server there are a few configuration steps that we should take to increase security and usability.

Create a new user

To first access our server we need to login as root.

The root user is the administrative user in a Linux environment that has very broad privileges. Because of the heightened privileges of the root account, you are discouraged from using it on a regular basis. This is because part of the power inherent with the root account is the ability to make very destructive changes, even by accident. 1

So, our first step is to set up an alternative user account with a reduced scope of influence for day-to-day work.

On this example we will create a new user called johndoe, but you should replace it with a username of your choice:

# adduser johndoe

You’ll be asked to set up a password and some information. Enter a strong one and, optionally, fill in any of the additional information if you would like. This is not required and you can just hit ENTER in any field you wish to skip.

Grant administrative privileges

To grant administrative privileges to the new user we need to add it to sudo group:

# usermod -aG sudo johndoe

Copy SSH key to a new user

Next we have to copy the public SSH key from root user to the new user. This way we can login as both using the same SSH key. The simplest way to copy the files with the correct ownership and permissions is with the rsync command. This will copy the root user’s .ssh directory, preserve the permissions, and modify the file owners, all in a single command:

# rsync --archive --chown=johndoe:johndoe ~/.ssh /home/johndoe

Now we can login with our new user account typping:

# sudo -i -u johndoe

You should be logged in to the new user account without using a password. Remember, if you need to run a command with administrative privileges, type sudo before it like this:

# sudo command_to_run

You will be prompted for your regular user password when using sudo for the first time each session.

Setup a firewall

We can use the built-in firewall (UFW) to manage which connections are allowed to/from the server.

Different applications can register their profiles with UFW upon installation. These profiles allow UFW to manage these applications by name. OpenSSH, the service allowing us to connect to our server now, has a profile registered with UFW.

You can see this by typing:

# sudo ufw app list
Available applications:
  OpenSSH

We need to make sure that the firewall allows SSH connections so that we can log back in next time. We can allow these connections by typing:

# sudo ufw allow OpenSSH

Afterwards, we can enable the firewall by typing:

# sudo ufw enable

Type y and press ENTER to proceed. You can see that SSH connections are still allowed by typing:

# sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)

What’s next?

Now that we have completed the initial configuration of our server, we can proceed with the installation of a webserver to present it to the vast and incredible world wide web!

In a following post I will cover the installation of Nginx.

Do you want to contribute and add something to this tutorial? Have you found a typo, grammar or formatting error? Please, feel free to edit this post and open a pull resquest.