Securing Ubuntu Server

skip Jan 24, 2021

#linux #cli #tutorial

Note: 2023-01-22 I’ve taken the video down temporarily to fix some issues. I’ll be re-recording an uploading a new version in the near future.

Updated: 2022-12-06

Here are the basic steps you should follow for any Ubuntu Linux server. This is a starting point, there is a lot more that can be done to secure your server.

Update the System

apt update && apt full-upgrade

Setup a standard user

adduser username
2a. Add new user to sudo group
usermod -aG sudo username

Copy Keypair to remote machine.

This is needed for passwordless login. Note: This process is covered in detail here. https://youtu.be/My16kPs6Nvw

ssh-copy-id -i ~/.ssh/id_rsa.pub username@host

Setup firewall rules and enable

sudo ufw allow ssh
sudo ufw allow <whatever other apps/ports you need>
sudo ufw enable

Reboot

sudo reboot

What next?

I would consider your server somewhat secure at this point. Here are some other things you can think about doing.

  • Install fail2ban - I’ll be doing a video on it in the future.
  • Setup Yubikey login for SSH - link.

I’m likely missing other things you can do to secure your server. I’ll keep this post up to date with steps and additions.