Setting up ubuntu server

Last updated over 2 years ago · 6 minutes to read.

In this post we are going to install ubuntu server. In this tutorial I’ll be using a Lenovo TS140 but any computer that can turn on and has decent specs should work. Let’s dive in.

Creating the install disk

The first step is to get a fresh copy of the install file from the official ubuntu site, which you can get from here. When you download the file it will be an .iso file which provides an image of the operating system to install on the server.

Unfortunately, it’s not quite as simple as copying and pasting the file onto a USB drive as we need to tell the computer that this is a special type of bootable disk that it can install an operating system from. The official docs give a great overview of how to use a USB drive for the install process. I am not going to be able to explain this any better so I'd recommend following these docs.

Once this has finished, you can insert your USB drive into a port and turn on the computer. My server automatically recognized the USB drive but if not, you will need to manually select the USB drive as the drive you want to boot from. This can be done by pressing some combination of F2, F8 or F10 when the server starts and praying to the computer gods that one of them works.

I am installing version 20.04 of ubuntu server and the installation is pretty slick. It asked if I wanted to import any private keys from github to configure ssh and offered to install some pretty popular packages for me. For the sake of learning I will only install openssh server right now. Grab a cuppa and give the installer some time do it’s thing.

Configuring Ubuntu server

There are lots of possible ways to configure unix which can make unix very powerful and overwhelming. Please let me know if you’d recommend anything else

Enabling the Firewall

I am going to enable a firewall via the ufw package (Uncomplicated firewall). The interface is quite straightforward but here are the most useful commands. By default ssh runs on port 22 so I will use that port in these examples. Some useful commands:

sudo ufw enable / disable
sudo ufw allow / deny 22
sudo ufw delete deny 22
sudo ufw status

I am going to run the following commands to enable the firewall and ONLY allow incoming traffic on port 22. This means that requests on any other port will be rejected. 

sudo ufw enable
sudo ufw default deny incoming
sudo ufw allow 22

Setting up SSH

SSH or secure shell is a way of connecting to another computer. It is really similar to using a remote desktop but as there is no user interface, you only interact via the command line. Let’s check if SSH is enabled via system manager:

service ssh status

If this is enabled then you should be able to connect via SSH from another computer on your home network. If ssh is not enabled for whatever reason then you can run:

service ssh enable

In order to connect to the server we need to know what it’s IP address is. The easiest way to get this is via the hostname command:

hostname -I

Once we have the hostname we can then connect via SSH on any other computer: 

ssh <user>@<host>

Where user is the username you created during installation and hostname is the ip address of your server. In my example, I am going to run:

ssh dave@192.168.0.25

Right now, our SSH configuration is not very secure so let’s make a few sensible changes. I want the following rules:

  • Whitelist which users can connect via SSH (only me)
  • Only allow users to connect using allowed keys (no passwords)

Before you start changing configuration files it’s always a good idea to backup the originals. 

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

One important thing to note is that if you make a mistake when configuring SSH (or firewall rules) it can block you from being able to access the server. As such, be careful!

Setting up the keys

I want to create a whole blog post on public and private keys so for now we are going to keep things very high level. We are going to create two keys on the computer that we are connecting from - one public and one private. The public key will be shared with the server, the private key will not be shared with anyone else - sensible names, right?

To generate a new key run the following command

ssh-keygen -t rsa -C <email address>

I prefer to add a passphrase for additional security. This means that the private key will be useless unless the correct passphrase is provided. As such, try and use something sensible when creating your password. I also prefer to add my username as a unique identifier, this is optional.

It is personal preference on whether you would like to use a seperate key for each computer that you would like to connect from or if you have one key that is shared between all computers. My personal suggestion would be to use unique keys so that you can remove a single key if you need to rather than updating the key on every device.

Check that the keys have been properly generated by listing the contents of your .ssh directory:

  ls -alh ~./ssh

You should see a file called id_rsa and id_rsa.pub. These may be called something different if you chose a different file name.

Adding your public key to the server

Now we have our public key, we need to share the public key with the server. The easiest way to do this is via the terminal: 

ssh-copy-id <user>@<host>

Follow the prompts and enter your password. You should now be able to login with ssh without entering your password - way more secure. Note, if you used a different name to create your public key (or have multiple keys) then you will need to specify which key you would like to copy. This can be done with the i flag 

ssh-copy-id -i ~/.ssh/<mykeyname> <user>@<host>

On my computer that I am connecting from, I am going to add a SSH config to make it easier to connect to the server. On your computer, create a config file:

touch ~/.ssh/config

And add the following fields, replacing them with the appropriate values.

Host ubuntu-server  
  HostName 192.168.0.25
  User dave
  Port 22
  IdentityFile ~/.ssh/<mykeyname> # Optional if the file name of your key is not id_rsa

Now, I can connect to the server by typing:

ssh ubuntu-server

Configuring SSH

We’re almost done, now we need to update our server to make our ssh more secure. I am going to make the following changes to sshd_config

sudo nano /etc/ssh/sshd_config

Change which port SSH runs on to a non standard port - if we later decide to expose the server on the internet it will make it harder for malicious people (and programs) on the internet to discover that they connect to our server via SSH. 

Port <Custom Port number>

Disable login via passwords - we have set up our SSH keys which are way more secure.

AuthenticationMethods publickey
PubkeyAuthentication yes

PasswordAuthentication no
PermitEmptyPasswords no

Specify which users are allowed to connect

AllowUsers <username>

Do not enable root login

PermitRootLogin No

Now you can apply your changes and restart. 

sudo service ssh restart

Note, you’ll need to start a new SSH session to verify that your config is working correctly. Also, if you changed your port number (recommended) then you will need to update your firewall rules on the server and the SSH config on your computer to specify the new port.

I did follow one additional step of configuring my server to use a static IP address. I don't think it's worth me rewriting the instructions but you can follow an excellent tutorial here.

And that’s us. We now have a server running with some basic configuration set. If you would recommend any other settings please let me know. Happy hacking!