How to setup a secure Ubuntu server starting from a fresh install

1. Objective:

This procedure outlines the steps to securely configure a fresh Ubuntu server, including creating a new user with sudo privileges, enabling UFW for SSH access, setting up key-based authentication, and disabling root SSH login.

2. Steps:

Step 1: Log in to the Server as Root

Log in to the server using the root user and your SSH client:

ssh root@<server_ip_address>

Step 2: Create a New User with Sudo Privileges

Add a new user (replace with the desired username):

adduser <username>

Follow the prompts to set a password and other details.

Grant the new user sudo privileges:

usermod -aG sudo <username>

Step 3: Set Up UFW to Allow SSH

Install UFW if it is not already installed:

apt update && apt install ufw -y

Allow SSH through the firewall:

ufw allow OpenSSH

Enable the firewall:

ufw enable

Verify the status of the firewall:

ufw status

Step 4: Set Up Key-Based Authentication

On your local machine, generate an SSH key pair (if not already generated):

ssh-keygen -t rsa -b 4096

Save the key pair in the default location (~/.ssh/id_rsa).

Copy the public key to the new user on the server:

ssh-copy-id <username>@<server_ip_address>

Alternatively, manually copy the key:

ssh <username>@<server_ip_address> mkdir -p ~/.ssh echo "<your_public_key>" >>
~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys chmod 700 ~/.ssh

Test the SSH connection with the new user:

ssh <username>@<server_ip_address>

Step 5: Disable Root SSH Access

Open the SSH configuration file for editing:

nano /etc/ssh/sshd_config

Find and modify the following lines:

PermitRootLogin no 
PasswordAuthentication no

Restart the SSH service to apply changes:

systemctl restart sshd

Step 6: Verify Security Configuration

Attempt to log in as root to confirm root SSH access is disabled:

ssh root@<server_ip_address>

This should result in an "Access Denied" message.

Verify you can still log in with the new user using key authentication.

3. Additional Information:

Prerequisites: A fresh Ubuntu server with root SSH access and an SSH client installed locally. Tips: Store your private key securely and consider using a passphrase for additional security. References: For more information, refer to the Ubuntu Server Guide.