Here are some steps you'll want to take when setting up a fresh Ubuntu production server.
Enable SSH authentication
Copy the public key of the machine you want to use to access your server.
cat ~/.ssh/id_ed25519.pub # will probably called id_rsa.pub on Linux
Login to your server as root. Your cloud provider usually offers a way to do this. Add the public key to the root user's authorized keys in
Now, try SSHing into your server from your local machine.
Create non-root sudo user
Confirm user was created with
getent passwd. New user should appear at the bottom.
Grant administrative privileges
usermod -aG sudo sajad
ufw or your cloud provider's firewall feature to restrict access to services within your server. If using your cloud provider's firewall, you'll want to disable
A typical set of inbound rules might look like:
|SSH||TCP||22||All IPv4 All IPv6|
|HTTP||TCP||80||All IPv4 All IPv6|
|HTTPS||TCP||443||All IPv4 All IPv6|
Enable SSH access for non-root sudo user
Assuming you're still logged in as root and the new user is named
sajad, copy the root user's
~/.ssh directory to the new user's home directory.
user=sajad rsync --archive --chown=$user:$user ~/.ssh /home/$user
Open a terminal on your local machine and try SSHing into your server as the non-root sudo user.
Bonus: Create SSH alias
Instead of typing
ssh <user>@<server-ip>, let's make life easier and create an alias so that we can just type
ssh prod (replace
prod with whatever makes sense).
On your local machine, edit
~/.ssh/config and add the following:
Host prod Hostname <server-ip> User <user>
Now, you should be able to SSH into your server with