This article takes a lot of information from the tutorial here https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04. It is a good read, however, I am going to list the steps on the site as well, so you can just follow along here.

Now we need to connect to your droplet or VPS. To do so, I recommend downloading Putty. If you are running on a modern machine, you most likely have a 64 bit machine, so I recommend downloading all the tool by clicking on putty-64bit-0.70-installer.msi. At this time, the version is 0.70. Once installed, you can utilize putty to connect to your server.

Update Your Server

This first thing you will want to do, is update your machine. You will most likely be logged in as the root user at this time. However, to get used to the sudo command, I will be sudoing everything!

Now, type in the following commands to update your system

sudo apt update
sudo apt upgrade

This will get your server setup to the latest and greatest versions and security fixes. Or at least hope it does 😀

Create New User

In Ubuntu 16.04 it is very easy to create a user. You simple put adduser a space and than the username. In this example, I will be using my name.

sudo adduser joshua

You will be asked a few questions, starting with the account password. Make sure to enter a strong password. You also have the option to fill in any of the additional information if you would like. This is not required and you can just hit ENTER in any field you wish to skip.

Please make sure to remember your password

Set User With Root Privileges

This is a super simple and super easy way to grant your user with SUPER POWERS!

usermod -aG sudo joshua

The -aG in this means Add user to Group sudo then the username in this case joshua. Once logged in as the new user, you can do root privileged stuff by simply saying sudo! Example: sudo apt update or sudo nano somefile.vue

Add Public Key Authentication

At this point you should already have a public key setup for root. If not, you need to get that done. If you would like, you can create a new key. You should still be in root. to switch users within the terminal, you can type in this:

su joshua

This will log you into that user joshua, of course you will want to log in with your user you created. Logging in to the new user you can then generate a new key for that user specifically. You do not need to do this, unless you will be setting up git, and want to connect to github or gitlab or bitbucket or whatever git repo you use. (Hopefully you use git and not SVN…) To generate a key you can run this command.

ssh-keygen

Just follow the prompts. if you have some trouble, post in the comments below and I will help you out! Now you will have your private key setup at ~/.ssh/id_rsa and public key will be at ~/.ssh/id_rsa.pub.  You can then plug your public key into your git repo so you have access. You can output the key by running cat ~/.ssh/id_rsa.pub

A ~ means users root directory. This is set in a user file, but is defaulted to /home/joshua/ where joshua is your username you are logged into. If you are logged into root, it would be a different folder. If logged into user greg, it would be /home/greg/

You are now going to want to add your key that you login with the server to your new user, so instead of logging in as root and running su joshua to switch to that user, you can log directly into you user. I would first check and see if the file authorized_keys exists, if not we can create the file. To check to see if the file exists simply run:

ls ~/.ssh/

If you see authorized_keys as one of the files, then it already exists and you can skip the creation of the file. To create the file run this:

touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

To edit and put in your ssh key you can edit the file by running:

nano ~/.ssh/authorized_keys

Add your key and save. I always hit CTRL + X hit Y hit ENTER. This should save the file.

Disable Password Authentication

This part is if it isn’t already disabled. Edit the SSHD config file:

sudo nano /etc/ssh/sshd_config

Set the following settings:

PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no

Now restart SSHD

sudo systemctl reload sshd

At this point I would test logging into the user using putty. If all is successful, you can now celebrate that you have done all the boring stuff.

Part 4’s link will appear here once article is published! It will be a simple run down on Setting up your firewall. Need to keep those hackers out.

~Joshua

Sharing is caring!