Your VPS or a server only comes with Ubuntu 16.04, setup by default. It’s convenient for new users, but it leaves some known vulnerabilities of the system wide open. In order to secure the system from both internal mistakes and external attacks, you need to setup the server correctly.

Requirements

  • A server or a VPS with Ubuntu 16.04 and OpenSSH.
  • A device that supports SSH.
    • On Linux PCs, SSH is supported via terminal.
    • On Android, we recommend JuiceSSH.
    • On Windows we recommend Remote Terminal.

IMPORTANT: All commands in this article have to be executed via terminal. Under Linux, Terminal can be launched through the app menu or via a hotkey combo (in Ubuntu it’s Ctrl+Alt+T). Under other OS’s, you have to launch the terminal emulation session via a corresponding app. In order to execute a command, enter it in the terminal and press Enter.

Glossary

  • Superuser rights. Also known as root rights. Provide the highest access level in any Linux OS, allowing the user to edit any files as they see fit.

Creating a new user

By default, there is only one user on the server — root. Root has superuser rights with no regulation mechanism. This is bad, because even the smallest mistake can result in the files or settings being corrupted or just plain wrong. Which is why, in order to correctly and safely set the server up, you need to create your own user.

  1. Connect to the server via ssh as a root. In order to do this, execute the command:
    ssh root@Your_server's_IP_address

    Подключаемся к VPS

  2. The server will request your password. Your hosting company had to provide you one, most likely in an e-mail. Enter the password (the symbols won’t be seen on the screen, so enter them carefully) and press Enter.
    Вводим пароль
  3. See the welcome screen:Видим экран входа
  4. Create a user via a command:
    adduser user_name

    Создаем пользователя

  5. See the report, where Ubuntu tells you how exactly it added a user to the PC. At the end, you will be asked to provide a password for a user. Create one, enter it and press Enter.Задаем его пароль
  6. Ubuntu will ask you to repeat the password, in order to diminish the chance of a fatal mistype. Enter it again and press Enter.Повторяем пароль
  7. Ubuntu will want to collect some info about the user. You can fill it in, or you can simply press Enter in the empty fields. At the end, press Y and then Enter in order to agree that the information is correct.Заполняем анкету и создаём пользователя

The user is created. Now you have to check if it’s working. To do this, close the terminal window and open another one.

  1. Log into the server as a new user. To do this, execute:
    ssh user_name@server's_IP_address

    Вход под новым пользователем

  2. See the password request. Type down the password and press Enter.Вход под новым пользователем
  3. See the welcome screen.
    Вход под новым пользователем
  4. Close the terminal window.

Now you have a new user. It doesn’t have the root rights yet, and it needs them in order to install apps and setup the server. At the same time, root user have those rights, but doesn’t have enough security measures to use them safely.

Giving the new user root access

  1. Log into the server as a root-user. To do this, execute a command:
    ssh root@Your_server's_IP_address

    Подключаемся к VPS

  2. See the password request. Type it down and press Enter. See the welcoming screen.Видим экран входа
  3. Execute a command:
    usermod -aG sudo user_name

    Выдача прав судо

Now your new user has root-access, yet it is protected by a password. We will continue setting the server up via the new user.

Firewall installation and setup

Firewall is a software that prevents the computer from undesirable connections. For example, with a hacker that tries to access the server. But since the firewall does not know how exactly the server is being used, it needs to be setup first.

  1. Log into the system as a new user. Execute:
    ssh user_name@server's_IP_address

    Вход под новым пользователем

  2. See the password request. Enter the password and press Enter.Вход под новым пользователем
  3. See the Welcome screen. Now you have to download a list of the fresh software packages from the repository. To do this, execute:
    sudo apt-get update

    Обновляем пакеты

  4. Sudo commands require superuser rights, which Ubuntu will tell you by now. Enter your password once more and press Enter.Пароль для sudo
  5. See Ubuntu’s report about the package updates. Execute this command to install the UFW firewall:
    sudo apt-get install ufw

    Установка файрвола

  6. See the report on installation and preliminary setup.Отчет об установке
  7. Request the list of the apps that will be blocked from the Internet by the UFW. To do this, execute:
    sudo ufw app list

    Запрашиваем список програм

  8. There’s OpenSSH on the list. That’s bad, because that’s what we are using to access the server. Allow OpenSSH to access the Internet by executing:
    sudo ufw allow OpenSSH

    Разрешаем OpenSSH доступ в Интернет

  9. See the report that the firewall rules have been updated.Отчет о разрешении OpenSSH доступа
  10. Turn on the firewall. To do this, execute:
    sudo ufw enable

    Включаем файрвол

  11. Ubuntu will tell you that SSH can be disabled after the firewall is enabled. But we already fixed it, so press Y and Enter.Подтверждаем включение
  12. Check the firewall status by a command:
    sudo ufw status

    Статус файрвола

The firewall is working and your project is safe from both hackers and user mistakes. Now you can install your specialized software and setup the server as you see fit.