username password

Initial Ubuntu 16.04 Server Setup

This post is part 9 of 11 in the series: Simple Guide To Planning & Developing A Website Project

Production server environment setup, part 2.

This tutorial will guide you through the initial steps to take once you have created a new Ubuntu 16.04 instance (DigitalOcean droplet).

1. Login to your server using Git (or Putty) replacing ‘SERVER_IP_ADDRESS’ with your DigitalOcean IP address:

$ ssh [email protected]_IP_ADDRESS

or from Putty by entering username/password

2. Add new user (replace ‘johndoe’ with whatever you want):

$ adduser johndoe

enter password and optionally fill in additional information although to skip this, just hit ‘ENTER’.

3. To add ‘superuser’ (root) privileges to the new user account (replace ‘johndoe’ with whatever you want):

$ usermod -aG sudo johndoe

At this point you are DONE unless you would like to add public key authentication by following the steps below:

Optional Steps

To add public key authentication (optional, but recommended), enter the following command at the terminal of your local machine (your computer/ from Vagrant Git command line):

$ ssh-keygen

Hit enter to accept the file name and path. Optionally, you can enter a passphrase or just leave blank.

Copy the public key to your server:

$ ssh-copy-id [email protected]_IP_ADDRESS

Disabling password authentication

Now that your new user can use SSH keys to log in, you can increase your server’s security by disabling password-only authentication. Doing so will restrict SSH access to your server to public key authentication only. That is, the only way to log in to your server (aside from the console) is to possess the private key that pairs with the public key that was installed.

Note: Only disable password authentication if you installed a public key to your user as recommended in the previous section, step four. Otherwise, you will lock yourself out of your server!

To disable password authentication on your server, follow these steps.
As root or your new sudo user, open the SSH daemon configuration:

$ sudo nano /etc/ssh/sshd_config

Find the line that specifies ‘PasswordAuthentication’, uncomment it by deleting the preceding #, then change its value to “no”. It should look like this after you have made the change:

sshd_config — Disable password authentication
PasswordAuthentication no

Here are two other settings that are important for key-only authentication and are set by default. If you haven’t modified this file before, you do not need to change these settings:

sshd_config — Important defaults
PubkeyAuthentication yes
ChallengeResponseAuthentication no

When you are finished making your changes, save and close the file using the method we went over earlier (CTRL-X, then Y, then ENTER).

Type this to reload the SSH daemon:

$ sudo systemctl reload sshd

Password authentication is now disabled. Your server is now only accessible with SSH key authentication.

Now, before you log out of the server, you should test your new configuration. Do not disconnect until you confirm that you can successfully log in via SSH.

In a new terminal on your local machine, log in to your server using the new account that you created. To do so, use this command (substitute your username and server IP address):

$ ssh [email protected]_IP_ADDRESS

If you added public key authentication to your user, your private key will be used as authentication. Otherwise, you will be prompted for your user’s password.

Note about key authentication: If you created your key pair with a passphrase, you will be prompted to enter the passphrase for your key. Otherwise, if your key pair is passphrase-less, you should be logged in to your server without a password.

Once authentication is provided to the server, you will be logged in as your new user.
Remember, if you need to run a command with root privileges, type “sudo” before it like this:

$ sudo command_to_run

DONE

In the next part of this series, we will install a LEMP stack and WordPress on our production server.

REFERENCES

https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04

If you don’t have an account already, sign up to DigitalOcean using this link which will give you a $10 credit (2 months FREE using a $5/mo droplet!) which also helps support this site.

Series Navigation<< How to Setup a Ubuntu 16.04 Production ServerHow to Install WordPress on LEMP Stack with Ubuntu 16.04, Nginx, MariaDB and PHP7 >>

Ken Favors is an Information Systems and Technology professional, an astute investor - and a history, music, arts and design enthusiast.

Leave a reply:

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Site Footer