Setting Up a Pretty Good Server Running Ubuntu 14.04

Choose a Virtual Private Server aka VPS

Requisite Information

Remote server IP address

  • Root user password
  • Non root user and password

Instructions

Login
From your local computer connect to the remote server with ssh. Login using the root password.

$ ssh root@REMOTE_SERVER_IP

Updates
Update the software repositories.

# apt-get update

Upgrade the software packages

# apt-get upgrade

Install unattended upgrades. This will automatically install important system updates.

# apt-get install unattended-upgrades
# sudo dpkg-reconfigure — priority=low unattended-upgrades

Users

Create a new user and set password

# adduser USER_NAME
# gpasswd -a USER_NAME sudo

Generate SSH Keys
If you already have a set of SSH keys, then skip this step.
On your local computer generate a pair of SSH keys. You will be prompted for information. Accept the default file location for the key. Answer the others as you wish.

$ ssh-keygen

Note: If you leave the passphrase blank, then your system will be less secure. Possession of the keys will be enough to gain access. Convenience is often the enemy of security.

Transfer Public SSH key to remote server

On your local machine copy your public SSH key to the remote server. Rember to user the password for the non-root user.

$ ssh-copy-id USER_NAME@REMOTE_SERVER_IP

After the key has been copied, login to the remote server as USER_NAME.

$ ssh USER_NAME@REMOTE_SERVER_IP

Configure SSH Server

Note: You will need to use sudo as USER_NAME

We will improve the security of the SSH server by removing remote root login

$ sudo nano /etc/ssh/sshd_config

Find

PermitRootLogin yes

Then change it to

PermitRootLogin no

Reload the SSH server. This may cause you to lose your SSH connection.

$ sudo service ssh restart

Install Fail2Ban

Fail2Ban is great an intrusion prevention tool. For example it will temporarily ban ip address that repeatedly fail SSH logins.

$ sudo apt-get install fail2ban

Firewall

Firewall configuration will change as you add server programs. For this tutorial, we only care about the SSH server.

$ sudo apt-get install ufw

Allow the SSH server

 $ sudo ufw allow ssh

Check status

$ sudo ufw status

Then enable

$ sudo ufw enable

<form style=”border:1px solid #ccc;padding:3px;text-align:center;” action=”https://tinyletter.com/jasonrigden" method=”post” target=”popupwindow” onsubmit=”window.open(‘https://tinyletter.com/jasonrigden', ‘popupwindow’, ‘scrollbars=yes,width=800,height=600’);return true”><p><label for=”tlemail”>Enter your email address</label></p><p><input type=”text” style=”width:140px” name=”email” id=”tlemail” /></p><input type=”hidden” value=”1" name=”embed”/><input type=”submit” value=”Subscribe” /><p><a href=”https://tinyletter.com" target=”_blank”>powered by TinyLetter</a></p></form>

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.