Notes on Setting Up an Ubuntu Server

This article provides a quick reference guide for setting up an Ubuntu server. I found myself setting up multiple servers in the past, and always needed to look up the necesseary steps. This hopes to provide a nice and easy step-by-step reference.

This guide was directly compiled from Syntax FM’s brilliant YouTube video, which you can view here.

Steps for setting up your own Ubuntu server:

• SSH into server

• Update the package lists:

  • Run apt update, apt upgrade
  • Restart the server if necessary/prompted
  • You can also run ls /var/run/reboot-required, if the file exists, a reboot required
  • Run the reboot command or reboot from the cloud provider dashboard

• Change the root user password

  • Run the passwd command

• Add a non-root user

  • Run the adduser command
  • Add the user to the sudo group: usermod -aG sudo [username]
  • Run the groups command to check which group it’s in

• Create ssh key login

  • Generate an ssh key on your local machine: ssh-keygen -t ed25519 -C "test@test.com"
    • Follow the directions in this link: https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
  • Create an .ssh directory in the home/[user] folder on the server
  • Create an authorized_keys file in the .ssh dir
  • Copy the public key from the generated SSH key on your local machine from local machine into the authorized_keys file

• Disable password login (optional)

  • Edit the /etc/ssh/sshd_config file (might need to use sudo nano ...)
  • Set the PasswordAuthentication key value to No
  • Might also have to edit the same file in the /etc/ssh/sshd_config.d directory and do the same thing
  • Restart the ssh service: sudo service ssh restart

• Disable root login

  • Edit the /etc/ssh/sshd_config file (sudo nano ...)
  • Set the PermitRootLogin key value to No
  • Restart the ssh service: sudo service ssh restart

• Set up network and firewall policies

  • Close unused ports (ufw)

    • might need to enable firewall (sudo ufw enable)
    • allow ssh traffic through the firewall: sudo ufw allow ssh (do this before enabling the firewall)
    • useful commands:
      • list all open ports: sudo ss -tuln
      • list firewall status: sudo ufw status verbose
      • list firewall rules for apps: sudo ufw app list
    • can change default ssh port if needs be

  • can restrict ip addresses for allowed connections if needs be as well

• Enable and configure automatic updates:

  • Install the package for unattended upgrades: sudo apt install unattended-upgrades
  • Enable automatic updates: sudo dpkg-reconfigure unattended-upgrades
  • Hit yes on the popup dialog
  • Can modify unattended upgrade settings - follow the guide here: https://github.com/mvo5/unattended-upgrades?tab=readme-ov-file#supported-options-reference
  • Security updates are only enabled by default, can tweak settings for reboot time etc.
  • Check service status: sudo systemctl status unattended-upgrades

Congratulations! You should have your Ubuntu server in a running state.