Today you’ll learn how to initially set up and secure an Ubuntu 22.04 cloud server (or local machine) by adding a new non-root user with sudo
privileges instead of logging in a root user, which is dangerous. We’ll also secure your new server using UFW (Uncomplicated Firewall), which comes pre-installed on Ubuntu 22.04.
This article is part of my series The Ultimate Web Server.
Contents
- Prerequisites
- Set Up your SSH Client
- Creating a New User
- Setting up the Firewall
- Conclusion
- See Also
- Further Reading
Prerequisites
- You’ll need a cloud server with a company like DigitalOcean, Vultr or DreamHost.
- An SSH client like PuTTY
- Your cloud servers IP address and root password
Set Up your SSH Client
Open PuTTY and enter the following information:
- Host Name (or IP Address) – [enter your server IP address i.e. 66.234.567.11]
- Port – 22
- Click “Open”
Once PuTTY opens your server, enter username: root
and password root password
.
Creating a New User
We need to create a non-root user with sudo
privileges. This ensures a higher level of security and safety rather than logging in as root user all the time, which is potentially dangerous.
I’ll create a new user named richie
, but you can use your name or almost any name you like (some usernames are reserved for system accounts):
adduser richie
You will be asked the following questions and you will need to enter and confirm a new password. If you don’t want to answer the rest, just keep pressing the ENTER key:
- New Password – [mynewpassword]
- Confirm Password – [mynewpassword]
- Full Name
- Room Number
- Work Phone
- Home Phone
- Other
- Is the information correct? – Y
Now let’s give your new user sudo
privileges so you can run commands normally reserved for root (replace my username richie
with yours):
usermod -aG sudo richie
Now if you need to run root commands as your new user, prepend them with sudo
and you’ll be prompted to enter your new users password (not root password).
Setting up the Firewall
Let’s set-up the built-in UFW (Uncomplicated Firewall) to secure your new server. The only ports we will open are for secure SSH access. After you have completed these steps, you will need to manually open ports using UFW for any applications you install.
Let’s see what built-in rules UFW already has:
ufw app list
My results will likely be different from yours because I already have Apache installed. For a new server, you’ll only have the OpenSSH
option. Let’s create a new rule that opens SSH ports:
ufw allow OpenSSH
Then we enable the UFW firewall:
ufw enable
Now we confirm UFW is on and working:
ufw status
Again, my results may differ from yours as I already have Apache installed. You should see this:
- Status – Active
- OpenSSH – ALLOW – Anywhere
- OpenSSH (v6) – ALLOW – Anywhere (v6)
Now you can logout of your server and login again as your new user. Close your SSH connection, then enter your cloud servers IP address and reconnect except this time, enter your new username at the command prompt: richie
, and you new users password.
Let’s test you new users ability to use elevated sudo
privileges by updating your server:
sudo apt update && sudo apt upgrade -y
Your server should then update and upgrade any outdated packages.
Conclusion
Now you have a new Ubuntu 22.04 server secured and ready to start installing packages like Apache web server. Check out my guide on installing a LAMP stack on Ubuntu 22.04.
See Also
- How to install LAMP stack on Ubuntu 22.04
- How to configure Apache Virtual Hosts on Ubuntu 22.04
- How to install a free Let’s Encrypt SSL certificate on Ubuntu 22.04 LAMP stack
- How to enable HTTP/2 on Ubuntu 22.04 LAMP stack
- How to install phpMyAdmin on Ubuntu 22.04 LAMP stack
- How to secure an Ubuntu 22.04 LAMP Stack
- How to install WordPress on Ubuntu 22.04 LAMP stack
Comments
Marcelo #
thank you!
Richard Brereton (Author) #
no worries Marcello :)
Comment