Introduction to A Ubuntu 14.04 Server
When creating your first Ubuntu 14.04 vps, you will need to do a couple of configuration steps early as part of the setup.
This will provide an improvement in security and usability of your VPS and will also give you a proper foundation for future actions.
1. Logging in as Root
To be able to login to your VPS, it will first require you to know the server’s public IP address, it will also require your password for the ‘root’ user’s account.
If you have not connected to your server, you can go ahead and login as the root user account with the following command.
local$ ssh root@SERVER_IP_ADDRESS
Finish the process of logging in by accepting the warning about host authenticity; once it appears, you will need to provide the root authentication, password or private key.
If it happens to be the first time you are logging into the VPS server with a password, there will most likely be a prompt to change the default root password.
A root user account is normally the administrative user in the Linux OS which has a very wide amount of privileges.
Since it has the heightened privileges for the root account, you should be discouraged to attempt using it on a regular basis.
This will take part of the power inherent from the root account and will give it the ability to make enormously destructive changes, even by accident.
What you will need to do next is: set up an alternative account for the user which will have a reduced scope of influence for day to day work.
You will be taught how to gain increased privileges during the times for once you need them.
2. Creating a New User
When you have logged in as root user account, you are ready to add your new user account which you will use to login from now on.
The following example will create a user named ‘demo’ however you can replace it with any user name that you like.
# adduser demo
You are gonna be asked a couple of various questions, first is with the password for the account.
Make sure you type in a fairly strong password, optionally, you will be able to fill in any of the other information if you would like.
This is not a requirement and may simply hit ‘ENTER’ in any field you would like to skip.
3. The Root Privileges
Since you now have a new user account with the default account privileges, you still may need to sometimes need to do administrative tasks.
To stop needing to logout of your normal user and requiring to log back in as the root account.
You can also setup what is known as ‘super user’ with root privileges for your normal account.
This will enable the normal user to be able to run commands with administrative privileges by using the word ‘sudo’ before each command.
To attach the privileges to the new user, you will need to add the new user to the ‘sudo’ group.
Automatically on Ubuntu 14.04, users in the ‘sudo’ group should be able to use the ‘sudo’ command.
When you are ‘root’ you will need to run the following command in order to add your user new user to the ‘sudo’ group
# gpasswd -a demo sudo
After that is done, your user should be able to run commands with ‘super user privileges’.
4. Add Public Key Authentication (Required)
Next, to secure your VPS, set up the public key authentication for your new user.
Enabling this will improve the security of your server by requiring a private SSH key to login.
Generate a Key Pair
If you do not have an SSH key pair, which is made of a public and private key, you will have to generate one.
If you happen to already have a key that you would like to use, move to the ‘Copy the Public Key step’.
To create a new key pair, type in the following command at the terminal of your local machine.
If your local user is named ‘localuser’, you should see an output that looks like the below.
Generating public/private rsa key pair.
Enter the file in which to save the key: ‘/Users/localuser/.ssh/id_rsa’.
Click on ‘return’ to accept this file name and path or, if you would like, enter a new name.
Now you should be prompted for a passphrase which you can secure the key with. You can either enter a passphrase or just leave it blank.
Note: If you leave your passphrase blank, you should be able to use the private key for authentication with out having to enter a passphrase.
If you entered your passphrase, you will require both your private key and the passphrase to login.
Securing your keys with pass phrases is more safe, however, both ways have their uses and are more safe than default password authentication.
This will generate you a private key, ‘id_rsa’, and a public key, ‘id_rsa.pub’, in the ‘.ssh’ directory of the ‘localuser’s’ home directory.
Remember that your private key has to not be shared with anyone who should not have access to your servers.
Copy the Public Key
Once you have generated an SSH key pair, you might want to copy your public key to your new server.
Option 1: Use ssh-copy-id
If the local machine in use has the ‘ssh-copy-id’ script installed, you may use it to install your public key to any user that you have login information for.
You can run your ‘ssh-copy-id’ script by clarifying the user and IP address of the server that you would like to install the key on are like the below.
local$ ssh-copy-id demo@SERVER_IP_ADDRESS
Once you have entered your password at the prompt,
your public key should be added to the remote user’s ‘.sssh/authorized_keys’ file.
The corresponding private key will be able to be used to login the server.
Option 2: Installing the Key manually
If you generated an SSH key pair with the previous step, feel free to use the following command in the terminal of your local machine to print your public key (id_rsa.pub).
local$ cat ~/.ssh/id_rsa.pub
With this, you can print your public SSH key, it should look like something in the below.
id_rsa.pub contents ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBGTO0tsVejssuaYR5R3Y/i73SppJAhme1dH7W2c47d4gOqB4izP0+fRLfvbz/tnXFz4iOP/H6eCV05hqUhF+KYRxt9Y8tVMrpDZR2l75o6+xSbUOMu6xN+uVF0T9XzKcxmzTmnV7Na5up3QM3DoSRYX/EP3utr2+zAqpJIfKPLdA74w7g56oYWI9blpnpzxkEd3edVJOivUkpZ4JoenWManvIaSdMTJXMy3MtlQhva+j9CgguyVbUkdzK9KKEuah+pFZvaugtebsU+bllPTB0nlXGIJk98Ie9ZtxuY3nCKneB+KjKiXrAvXUPCI9mWkYS/1rggpFmu3HbXBnWSUdf firstname.lastname@example.org
Select and copy the public key.
Add Public Key to New Remote User.
To activate the use of the SSH key to authenticate as the new remote user you will have to add the public key to a special file in the user’s home directory.
On the server, with the root user, be sure to type out the following command to switch to the new user.
# su - demo
You should now be in your new user’s home directory.
Make a directory called ‘.ssh’ and restrict the permissions using the commands shown below.
$ mkdir .ssh $ chmod 700 .ssh
Open a file in ‘.ssh’ named ‘authorized_keys’ using a text editor. You need to use nano to edit the file.
$ nano .ssh/authorized_keys
Now enter the public key, which should be in your clipboard, by pasting it in the editor.
Press CTRL-X to exit the file. Afterwards use ‘Y’ to save the changes that you have made before pressing ‘ENTER’ to confirm the file’s name.
You may now restrict the permissions of the ‘authorized_keys’ file with the below command.
$ chmod 600 .ssh/autohized_keys
Use the command below once to return to the root user.
You can now SSH login as your new user, by using the private key as authentication.
5. How To Configure SSH Daemon
Since you now have your new account, you may secure the server more by modifying its SSH daemon configuration to disallow remote SSH access to the root account.
Start by clicking on the configuration file with your text editor as root.
# nano /etc/ssh/sshd_config
Now look for the line that looks like the below.
Now, you will have the option to disable root login with SSH.
This is typically a more secure setting since you may now access your server with the normal user account and escalate privileges once necessary.
Edit the line to ‘no’ like shown below to disable root login.
Removing the permit of remote root login is highly suggested on every server.
Once you are finished making the changes, you may save and close the file using the method we went over earlier: CTRL-X, then Y, and lastly ENTER.
6. Reloading SSH
Since you have made your change, you now need to restart the SSH service so it will use the new configuration.
Use the following command to restart SSH.
# service ssh restart
Now, before you logging out of the server, you will want to test the new configuration.
You do not want to disconnect until you are sure that the new connections are established successfully.
Create a new terminal window on the local machine. In your new window, you will have to begin a new connection to your server.
Now, instead of using the root account, you will want to use the new account that you have made.
With the server that we showed you how to configure above, you should be able to connect with this command.
Note to switch out your own username and IP address of the server where fits.
local$ ssh demo@SERVER_IP_ADDRESS
Note: If you happen to be using ‘PuTTY’ to connect to your servers, make sure you are updating the session’s port number to match the server’s current configuration.
You will be prompted for the new user’s password which you configured. Afterwards, you should be logged in as your new user.
$ sudo command_to_run
Once all is finished, you may exit your sessions by typing the below.
From this point on, you should have a solid foundation for your VPS.
You may install any of the software you possibly need on your VPS now.