We use cookies from third party services for marketing activities and to offer you a better experience. Read about how we use cookies and how you can control them by clicking "Privacy Preferences".


Privacy Preferences

Privacy Preferences

When you visit any website, it may store or retrieve information through your browser, usually in the form of cookies. Since we respect your right to privacy, you can choose not to permit data collection from certain types of services. However, not allowing these services may impact your experience.

  • Privacy Policy
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
    REQUIRED
  • Content Delivery Network
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
    REQUIRED
  • Youtube (Hosting Video Platform by Google Inc.)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
  • Vimeo (Hosting Video Platform)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
  • Google Ads (Advertisement Delivery Network)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
  • Dailymotion (Hosted Video Platform)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.
  • Facebook & Instagram (Social Media)
    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Assumenda, dolorum, vero ipsum molestiae minima odio quo voluptate illum excepturi quam cum voluptates doloribus quae nisi tempore necessitatibus dolores ducimus enim libero eaque explicabo suscipit animi at quaerat aliquid ex expedita perspiciatis? Saepe, aperiam, nam unde quas beatae vero vitae nulla.





How to setup and secure Ubuntu Server 18.04 in 6 steps

How to setup and secure Ubuntu Server 18.04 in 6 steps

How to setup and secure Ubuntu Server 18.04 in 6 steps

Setup secure Ubuntu 18.04

1. Login to the server

Login to your ubuntu instance as the root user

2. Create a new user

If the only user on your Ubuntu instance is root then first create a sudo user to avoid doing all the work as root and making inadvertent mistakes. We will be using the adduser command to create the user, useradd can also be used but it is not that user friendly. Don’t forget to replace ubuntu with the user name that you want to create. It is recommended to use a non standard username that a hacker won’t be able to guess easily, as they generally try root, admin or even ubuntu , etc using automated attacks:

$ adduser ubuntu

You will be prompted to set and confirm the new user password. Make sure that the password for the new account is as strong as possible.

output:

Adding user `ubuntu' ...
Adding new group `ubuntu' (1001) ...
Adding new user `ubuntu' (1001) with group `ubuntu' ...
Creating home directory `/home/ubuntu' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully

Once you set the password, the command will create a home directory for the user, copy several configuration files in the home directory, and prompts you to set the new user’s information. If you want to leave all of this information blank just press ENTER to accept the defaults.

Changing the user information for ubuntu
Enter the new value, or press ENTER for the default
    Full Name []: Ubuntu User
    Room Number []:
    Work Phone []:
    Home Phone []:
    Other []:
Is the information correct? [Y/n] y

3. Give sudo privileges to user

On Ubuntu systems, members of the group sudo are granted with sudo access by default. To add the ubuntu user you created to the sudo group, use the usermod command:

$ usermod -aG sudo ubuntu

4. Password less SSH for security

SSHing in to the server using password authentication is cumbersome and inherently insecure, moreover you have to enter the password each time you want to login and thus people become lazy and start using simple passwords, which makes the system more insecure. A much better way is to login using public keys, which makes the whole login process simple, secure and convenient.

If you are logged in the server then first logout.

$ exit

Then assuming that you have already generated a public-private key pair on the machine that you are using to login to the server, copy your public key to the server. If you haven’t generated the key pair then search the internet on to generate it.

$ ssh-copy-id [email protected]

it will ask for your ubuntu user password, once provided, the public key will inserted in the server. From now on, anytime you want to login to the server, you can use

and you will be able to login to the remote server without password with ssh

5. Allow Sudoers users to use sudo without password

Issue with password less SSH i.e. with ssh key login is that you still need to enter the user password when you want to run any command that requires sudo. To fix this use

$ sudo visudo

and then replace the line

%sudo ALL=(ALL:ALL) ALL

with

%sudo ALL=(ALL) NOPASSWD:ALL

in that file.

6. Disable root SSH login

To increase the security you should disable the ability of the root user to login using SSH as hackers often try to guess the root password using automated attacks that try many thousands of passwords in a very short time.

So edit /etc/ssh/sshd_config and disable root login and password authentication.

$ sudo nano /etc/ssh/sshd_config

and change the following

PasswordAuthentication yes

PermitRootLogin yes

to

PasswordAuthentication no

PermitRootLogin no

Save the file and restart the SSH service:

$ sudo service ssh restart

For extra security you can also change the port on which you connect to SSH. By default port 22 is used for SSH, but you can change this to something else in /etc/ssh/sshd_config

change

Port 22

to

Port 1022

or some other port that you prefer. Just make sure to open that new port in UFW as described next.

Important

Make sure your SSH port is below 1024 (but still not 22). Reason being if you are ever compromised, a bad user may be able to crash sshd and run their own rogue sshd as a non root user since your original port is configured >1024

Enable UFW

UFW - Uncomplicated Firewall is a basic firewall that works very well and easy to configure.

  • Normally UFW is distributed in the default Ubuntu distributing. But just in case it is not installed, you can install it by:
$ sudo apt install ufw
  • Allow SSH services
$ sudo ufw allow ssh
  • or the new ssh port if you changed it above
$ sudo ufw allow 1022
  • You can also open any other ports that you need
$ sudo ufw allow http
$ sudo ufw allow https
  • Enable the firewall
$ sudo ufw enable
  • Check the status of the firewall.
sudo ufw status verbose

Share this Post:
Posted by Varinder Singh
Varinder Singh
Co-Founder and CTO of Indivar Software Solutions Pvt Limited, India and New Zealand. Co-Founder & Director - IT for Credence Medicure Corporation. Co-Founder and CTO for Stakteck Limited

Related Posts:

comments powered by Disqus