Setting up your server with Ubuntu 14: Steps and Guidelines

Tips on the first steps you should be taking with your Ubuntu 14 Server

Blue Light Tech

It could be frustrating having a newly purchased and primed server without any idea of how to configure its settings for maximum usage.

Therefore, this guide will show you the exact steps to follow in order to setup your Ubuntu server.

  1. Get your login details handy
  2. Create a New User
  3. Give privileges to the new Account
  4. Add SSH Public Key Authentication
    1. Via OpenSSH (Linux and Mac OS X users)
    2. Via Putty (Windows)
  5. Securing SSH Daemon
  1. Get your login details handy

    As you provision your Ubuntu server, you will be given 3 things:

    1. Username which will be called: root
    2. A password consisting of numbers, letters & symbols.
    3. The IP address which is unique to the server.

    With these details, fire up your ssh client, either OpenSSh (for Linux and Mac OS x users) or Putty (for Windows users).

    Note: You can consult our tutorial here for a full explanation on how to connect to your server via ssh.

    Once you are logged-in, you will need to change your password.

    To do that, type in:

    passwd root

    You will be asked for a new password in the next prompt, supply it twice.

  2. Create a New User:

    Please know that it is not enough to just change the password of the root user, you will need to have another user. This is necessary because, the root has the most powerful access to the server. If it is compromised, the whole server is compromised. To avoid the possibility therefore, we will create another user, which we will using instead of the root.

    To begin, type:

    adduser newdemo

    newdemo  now becomes the newly created user. But it needs a password. Type:

    passwd newdemo

    This command will then bring up a prompt to set a password for the newly created user. Do this twice.

  3. Give privileges to the new Account:

    Before you start using the new account, it needs to have suitable powers.

    To pass along the super privileges that is usually reserved for roots only, then type this:

    gpasswd -a newdemo sudo

    In Ubuntu 14, this command will add the new user to the sudo group and grants it all the privileges attributed to only the root.

  4. Add SSH Public Key Authentication

    Adding a public key authentication to your server makes it extremely difficult for hackers to brute-force their way into your server. Basically, rsa keys are two sets of keys (Private and Public) which are set up to authenticate the source of a login attempt. One set of key (private) is placed on your local machine, while the other set, the public key is placed in a directory on your server. Now, any attempt to login must correlate with these two keys. If there is an inconsistency, the server simply refuses the  connection. But to make this happen, let us explore the 2 options available:

    1. Via OpenSSH (Linux and Mac OS X users)

      Fire up OpenSSH terminal and type in:

      ssh-keygen

      If your localuser is called localuser, then you are going to see an output like this:

      ssh-keygen output

      Generating public/private rsa key pair.

      Enter file in which to save the key (/Users/localuser/.ssh/id_rsa):

      Press enter to accept the location of the file.

      The next prompt will ask you to choose a passphrase. Note that passphrase is like a password for the keys which make them more secured. This is optional. Hit Enter if you want it to be blank or type it (twice) if you wish to have one.

      Once you are through with this, two files will have been created in the .ssh directory of the localuser: id_rsa (private key ) and id_rsa.pub (public key).

      Now that you have generated the key pair, let us now copy the public key to the server, where it will be stored for authentication.

      1. If you have installed ssh-copy-id script, all you need to do is to specify the user and the IP address to use the keys:
        ssh-copy-id demo@SERVER_IP_ADDRESS

        Demo is the user with the IP of the server.

        You will be prompted to give your password, after which your public key will now be copied over to the .ssh/authorized_keys file.

      2. Manually install the public key.

        First, you need to view the content of the public key, do that by typing:

        cat ~/.ssh/id_rsa.pub

        You should then see a result like this:

        ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBGTO0tsVejssuaYR5R3Y/i73SppJAhme1dH7W2c47d4gOqB4izP0+fRLfvbz/tnXFz4iOP/H6eCV05hqUhF+KYRxt9Y8tVMrpDZR2l75o6+xSbUOMu6xN+uVF0T9XzKcxmzTmnV7Na5up3QM3DoSRYX/EP3utr2+zAqpJIfKPLdA74w7g56oYWI9blpnpzxkEd3edVJOivUkpZ4JoenWManvIaSdMTJXMy3MtlQhva+j9CgguyVbUkdzK9KKEuah+pFZvaugtebsU+bllPTB0nlXGIJk98Ie9ZtxuY3nCKneB+KjKiXrAvXUPCI9mWkYS/1rggpFmu3HbXBnWSUdf localuser@machine.local

        Select the entire text and copy to your clipboard.

        If you want to log-in with the user created earlier, then type:

        su – newaccount

        Once you have done this, try running the code below:

        mkdir .ssh

        chmod 700 .ssh

        The first line creates a directory called .ssh in the main directory of the server, while the second line changed the permission of the file to 700. Once you are through setting up the folder, then create the file that will host the key:

        nano .ssh/authorized_keys

        A blank document opens up on your terminal, where you can paste the key you copied, then CTRL+ O to write/save the file and CTRL + X to exit the program.

        Lastly, you will need to chmod the authorized_keys file. Do that by typing:

        chmod 600 .ssh/authorized_keys
    2. Via Putty (Windows)

      We shall be making use of a little program known as PuttyKey Generator (A.K.A PuttyGen).

      Download your preferred version here:

      http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

      With this program, we shall be generating 2 sets of keys, one public and the other, private.

      The public key will be saved on the server while the private key will be saved on our local machine. Once the 2 keys match, access is granted.

      Begin by clicking on the downloaded .exe PuttyGen program.

      Under Parameters,  select the type of key (preferably SSH -2 RSA) and also type in the number of bits you want (the default is 2048 but you can increase it to 4096, the more the better).

      After this, click on the 'Generate' button.

      Then add comment and or passphrase. Passphrase adds another layer of security. It is a password that will be asked before the keys are auto-loaded during authentication. It is not compulsory though.

      Once you are through, save the 2 keys separately into a folder with a name you can easily recognize.

      Important: If you lose your private keys, you may not be able to access your server again!

      Scroll up and right-click on the text field that says: 'Public key for pasting into OpenSSH authorized_keys file '

      And 'Select All'

      Right click again and choose 'Copy'

      Now that you have successfully generated your keys, its time to save the newly copied 'Public key' to the server.

      Login and type the following code to create a directory for the keys:

      mkdir  ~/.ssh

      Secure it by typing

      chmod 0700 ~/.ssh

      To create the file, now type:

      touch ~/.ssh/authorized_keys

      Secure it by:

      chmod 0644 ~/.ssh/authorized_keys

      Now, open that file by typing:

      nano ~/.ssh/authorized_keys

      Remember the Public key you copied?

      Now paste it here by pressing 'Ctrl + Insert' from your keyboard

      Note, the beginning of the keys must be ssh-rsa

      Save the file by pressing Ctrl + O and exit by pressing Ctrl + X

      The ssh program will now need to be reloaded.

      Just type this:

      sudo reload ssh  

      Now that the public keys have been saved, lets save the private ones to your local computer.

      Fire up your local SSH login console (preferable Putty) download it here:

      http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

      Note, this is different from PuttyGen you downloaded earlier.

      Type in the IP address of your server and its port number in their respective fields.

      Look towards the right and expand the 'Connection' Toggle

      Click also on 'SSH' to expand, then select 'Auth'.

      In the window, you will see 'Private Key file for authentication' Browse to the location of the private key you saved earlier and select it.

      Now, all you need to do is go back to the Session Category and click on 'Save'

      To test, just access the server again via the putty program. You will notice that there is no more need to login with your password.

  5. Securing SSH Daemon

  6. You now know how  to secure your server by using the ssh authentication keys. But everything we have done so far will be wasted if hackers can still login via password and ip.

    What we have done goes beyond just making it easy for us to login-in, it positively affects the integrity and the security of the server. So what are we going to do about this?

    Let us disable login via password altogether and limit access to just only one user: root or demo.

    Let us get started:

    nano /etc/ssh/sshd_config

    This opens up the ssh config file. Scroll to where you will see:

    #PasswordAuthentication Yes

    And change it to:

    PasswordAuthentication no

    To limit access to only root or anyone, just type towards the end of the file:

    AllowUsers root

    Again, CTRL + O to write to the file and CTRL + X to exit.

    Type the following to reload the SSH server and allow your changes to take effect:

    service ssh restart


29 Comments


188bet - 25/06/2018 11:34:19

Wow that was odd. I just wrote an very long comment but after I clicked submit

my comment didn't show up. Grrrr... well I'm not writing

all that over again. Anyways, just wanted to say superb blog! http://www.redrice-co.com/page/jump.php?url=https://www.keoc1.com


seo expert meaning - 23/06/2018 02:21:00

But I knew nothing about search engine optimization at period.

Just ask your crooks to include your resource

box and a traffic to internet site in convert.

Sometimes, customers would certainly like to feel exceptional. http://academy.uroweb.ru/applying-marketing-approach-keyphrase-research?nocache=1


188bet - 18/06/2018 19:22:07

It's genuinely very complicated in this full of activity life to listen news on TV, thus I only use the web for that reason, and get the newest news. http://sharmakedar.blogspot.com/cgi-bin/smore.cgi?source=form1&title=keonhacai64538&url=http%3A%2F%2Fsoikeoplus.com%2Ftag%2Fsoi-keo-nha-cai&email=olivia.arledge%40yahoo.com


188bet - 18/06/2018 14:51:56

It's fantastic that you are getting ideas from this post as

well as from our dialogue made here. http://staging.pelhamservices.com/LoginPage/tabid/132/ctl/SendPassword/language/en-US/Default.aspx?returnurl=https://www.keoc1.com


take down - 10/06/2018 03:01:52

I'm really impressed together with your writing abilities as smartly as

with the structure for your weblog. Is that this a paid subject

or did you modify it your self? Either way keep up the nice quality

writing, it's rare to look a great weblog like this one today.. https://www.keoc1.com


Delta Mass Pro Testosterone Booster - 04/06/2018 05:03:22

Hey there! This post could not be written any better!

Reading through this post reminds me of my old room mate!

He always kept talking about this. I will forward this article to him.

Fairly certain he will have a good read. Thanks for sharing! https://matchguaranty.com/groups/penis-length-surgery-and-natural-to-be-able-to-increase-stamina/


Salus Structured Silver - 02/06/2018 06:39:43

Appreciating the commitment you put into your website and in depth information you offer.



It's nice to come across a blog every once in a while that isn't

the same out of date rehashed information. Excellent

read! I've saved your site and I'm including your RSS feeds

to my Google account. http://twynedocs.com/index.php?title=Probiotics_Likewise_Digestive_System_-_The_Keys_To_Good_Health


188bet - 02/06/2018 02:15:42

There's certainly a great deal to know about this issue.

I like all of the points you have made. http://spaces.hand-china.com/home/link.php?url=http://alternatif188bet.com/


188bet - 01/06/2018 11:10:53

Hi there, just became aware of your blog through Google, and found

that it is truly informative. I'm gonna watch out for

brussels. I'll be grateful if you continue this in future.



Numerous people will be benefited from your

writing. Cheers! http://7ba.info/out.php?url=http://www.betfortuna1.com/188bet


link 188bet - 24/05/2018 22:39:53

If you are going for best contents like myself, simply pay a quick visit this

site every day as it offers feature contents, thanks http://www.mbet88vn.com


Judi - 12/05/2018 13:27:15

LBzk22 https://www.genericpharmacydrug.com


Judi - 12/05/2018 12:45:42

1GYERC https://www.genericpharmacydrug.com


Judi - 12/05/2018 12:27:10

5LnIMw https://www.genericpharmacydrug.com


mike11 - 18/04/2018 05:10:11

jzFE3Z https://www.genericpharmacydrug.com


mike11 - 18/04/2018 01:26:04

bbBZI7 https://www.genericpharmacydrug.com


mike11 - 17/04/2018 23:34:13

aUFWnV https://www.genericpharmacydrug.com


mike11 - 16/04/2018 16:22:46

DBilfe https://www.genericpharmacydrug.com


holabromx - 22/03/2018 08:41:07

http://google0125.com/


vente de jouets en ligne discount - 20/03/2018 02:51:59

• petits jouets à manipuler à tenir à la main. http://www.beyondthelimit.biz/__media__/js/netsoltrademark.php?d=wikikids.ru%2Fuser%2FBernardGarnett9%2F


HolaBromz - 19/03/2018 04:06:19

http://google0123.com/


GoldenTabs - 07/01/2018 23:17:25

gojoKf https://goldentabs.com/


JimmiNi - 22/10/2017 20:53:55

ZtyfNu http://www.FyLitCl7Pf7ojQdDUOLQOuaxTXbj5iNG.com


JimmiNi - 21/10/2017 15:26:15

iAGqpa http://www.FyLitCl7Pf7ojQdDUOLQOuaxTXbj5iNG.com


matt - 20/02/2017 13:46:59

szBP7a http://www.y7YwKx7Pm6OnyJvolbcwrWdoEnRF29pb.com


matt - 20/02/2017 11:49:34

ii1Jgs http://www.y7YwKx7Pm6OnyJvolbcwrWdoEnRF29pb.com


gordon - 20/02/2017 09:53:12

VyKtfB http://www.y7YwKx7Pm6OnyJvolbcwrWdoEnRF29pb.com


chaba - 20/02/2017 07:56:51

offQUt http://www.y7YwKx7Pm6OnyJvolbcwrWdoEnRF29pb.com


gordon - 20/02/2017 06:00:15

lnevMq http://www.y7YwKx7Pm6OnyJvolbcwrWdoEnRF29pb.com


Graham P - 20/11/2015 09:37:24

Very comprehensive. I usually question what the best things are to do with a server at first, and this has really helped.