Server Setup with Ubuntu 16.04.3 LTS (Xenial Xerus)

No matter the use case for a server, the options available are plentiful. If you are anything like me then you are in it for the long haul. Ubuntu 16.04.3 LTS (Xenial Xerus) will be supported until April 2021.

Server Setup with Ubuntu 16.04.3 LTS (Xenial Xerus)

Here are a few configurations for a basic setup that will increase the security and usability of your server. I use DigitalOcean to rent virtual private servers and if you would like to get started on DigitalOcean, here is a $10 credit to play with before spending your hard earn cash.

Root Login

In order to log into your server, you will need to know the server’s public IP address and root password. If you went with DigitalOcean, then you will receive an email with a temporary password after creating the server in the control panel. You will also need a SSH client if your server is remote. I use OpenSSH(Linux and Mac only).

To connect to your server, open a terminal and run the following command

ssh root@your_server__public_ip

Accept the warning about host authenticity and go through the process of changing your root password.

The root user is the administrative user in a Linux environment that has very broad privileges. Because of the heightened privileges of the root account, you are actually discouraged from using it on a regular basis. This is because part of the power inherent with the root account is the ability to make very destructive changes, even by accident.

To prevent accidental destruction, we are going to set up an alternative user account with a reduced privileges for day to day use.

Create A New User

Once logged in as root, creating a new user is as simple as running the following command

adduser jason

Replace jason with a username of your choice.

You will be asked a few questions, starting with the account password. Enter a strong password and fill in any of the additional information if you would like.

Root Privileges For New User

Now that we have a new user with regular privileges we will grant the user root privileges so that the user will be able to preform administrative task.

To add these privileges to our new user, we need to add the new user to the “sudo” group. By default, on Ubuntu 16.04, users who belong to the “sudo” group are allowed to use the sudo command.

Run the following command to add your new user to the sudo group. Replace jason with the username of the user you want to add to the sudo group.

usermod -aG sudo jason

Now your user can run commands with superuser privileges. At this point, we can increase security by disabling root login.

Disallow Remote SSH Root Login

In order to make changes to the configurations of our server, we will use a text editor in our terminal called nano.

Open the configuration file with root privileges by running the following command.

sudo nano /etc/ssh/sshd_config

Find the line that looks like this:

PermitRootLogin yes

In order to disable root login through SSH, replace yes with no. The line should now look like this:

PermitRootLogin no

When you are finished making your changes, save and close the file by pressing CTRL-X (save) then Y (for yes), then ENTER).

Reload SSH

To load the new configuration file we need to restart the SSH service. Use the following command to restart the SSH service:

service ssh restart

Before you log out of the server, test that the new configuration will allow connections to be established successfully.

Open a new terminal on your local machine and SSH into the server, like before, except replace root with your user name. For example, my user name is jason, so I log into my account using the following command:

ssh jason@your_server__public_ip

You will be prompted for the new user’s password that you configured. After that, you will be logged in as your new user.

Set Up a Basic Firewall

Ubuntu 16.04 servers can use the UFW firewall to make sure only connections to certain services are allowed. We will use this application to set up a basic firewall.

Different applications can register their profiles with UFW upon installation. We can list these registered profiles with the following command:

sudo ufw app list
Output:

Available applications:
  OpenSSH

To allow SSH connections through the firewall, we can use the following command:

sudo ufw allow OpenSSH

Now enable the firewall with the following command:

sudo ufw enable

Type y and press ENTER to proceed.

To check the status of the firewall run the command:

sudo ufw status

And there you have it. If you install and configure additional services, you will need to adjust the firewall settings to allow acceptable traffic in.

Now that you have a basic server setup, you can move on to create awesome things like website, applications, media centers, virtual private networks, and allot more!