Here are some steps you’ll want to take when setting up a fresh Ubuntu production server.
Enable SSH authentication
the public key of the machine you want to use to access your server.
cat ~/.ssh/id_ed25519.pub # will probably called id_rsa.pub on Linux
Login to your server as root. Your cloud provider usually offers a way to do this. Add the public key to the root user’s authorized keys in
Now, try SSHing into your server from your local machine.
Create non-root sudo user
Confirm user was created with
getent passwd. New user should appear at the bottom.
Grant administrative privileges
usermod -aG sudo sajad
ufw or your cloud provider’s firewall feature to restrict access to services within your server. If using your cloud provider’s firewall, you’ll want to disable
A typical set of inbound rules might look like:
|SSH||TCP||22||All IPv4 All IPv6|
|HTTP||TCP||80||All IPv4 All IPv6|
|HTTPS||TCP||443||All IPv4 All IPv6|
Enable SSH access for non-root sudo user
Assuming you’re still logged in as root and the new user is named
sajad, copy the root user’s
~/.ssh directory to the new user’s home directory.
user=sajad rsync --archive --chown=$user:$user ~/.ssh /home/$user
Open a terminal on your local machine and try SSHing into your server as the non-root sudo user.
Setup monitoring service
You’ll want to monitor your server’s resource utilization so that you’re notified if things go wrong or if resources like CPU, RAM or disk space are close to full capacity. For example, Digital Ocean provides this for free.
Bonus: Create SSH alias
Instead of typing
ssh <user>@<server-ip>, let’s make life easier and create an alias so that we can just type
ssh prod (replace
prod with whatever makes sense).
On your local machine, edit
~/.ssh/config and add the following:
Host prod Hostname <server-ip> User <user>
Now, you should be able to SSH into your server with
Bonus: install some tools
sudo apt-get install htop