Ubuntu Server First Steps

After spinning up a fresh Ubuntu server, there are a few critical steps to take before running any workloads. This guide covers system updates, SSH hardening, firewall setup, and basic security checks.

Prerequisites

A fresh Ubuntu 22.04 LTS or 24.04 server
SSH access to the server
Root or sudo privileges
A local machine for generating SSH keys (if needed)

Step 1: Update System Packages

Connect to your server and update all packages to the latest versions.

sudo apt update
sudo apt upgrade -y
sudo apt autoremove -y

Verify the update completed successfully:

apt list --upgradable

If the output is empty, all packages are current.

Step 2: Set Hostname and Timezone

Set a descriptive hostname for your server:

sudo hostnamectl set-hostname my-server

Verify the change:

hostnamectl

Set the timezone to match your location:

sudo timedatectl set-timezone America/New_York
timedatectl

Step 3: Configure SSH Access

Generate SSH Keys (on your local machine)

If you don’t have an SSH key pair, generate one:

ssh-keygen -t ed25519 -C "your-email@example.com"

This creates ~/.ssh/id_ed25519 (private key) and ~/.ssh/id_ed25519.pub (public key).

Copy Public Key to Server

Copy your public key to the server’s authorized_keys file:

ssh-copy-id -i ~/.ssh/id_ed25519.pub user@server-ip

Or manually:

mkdir -p ~/.ssh
echo "your-public-key-content" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh

Harden SSH Configuration

Edit the SSH daemon configuration:

sudo nano /etc/ssh/sshd_config

Apply these changes:

#Port 22
Port 22

#PermitRootLogin prohibit-password
PermitRootLogin no

#PubkeyAuthentication yes
PubkeyAuthentication yes

#PasswordAuthentication yes
PasswordAuthentication no

#PermitEmptyPasswords no
PermitEmptyPasswords no

#X11Forwarding yes
X11Forwarding no

Restart SSH to apply changes:

sudo systemctl restart ssh

Step 4: Configure Firewall

Enable and configure UFW (Uncomplicated Firewall):

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp
sudo ufw enable

Verify firewall status:

sudo ufw status verbose

Step 5: Create a Non-Root User

Create a dedicated user account for daily work:

sudo useradd -m -s /bin/bash -G sudo myuser
sudo passwd myuser

Test login with the new user:

ssh myuser@server-ip

Prevent direct root login by locking the root account:

sudo passwd -l root

Verify the lock:

sudo passwd -S root

You should see “root L” (locked) in the output.

Verification Checklist

Run these commands to verify your setup:

Check	Command	Expected Result
System updated	`apt list --upgradable`	Empty output
Hostname set	`hostnamectl`	Shows your hostname
SSH keys working	`ssh user@server-ip`	Logs in without password
Firewall active	`sudo ufw status`	Status: active
Root locked	`sudo passwd -S root`	Shows “root L”

Troubleshooting

SSH Connection Refused

Check that SSH is running:

sudo systemctl status ssh

Restart if needed:

sudo systemctl restart ssh

Locked Out of SSH

If you changed SSH settings and can’t connect, use console access or recovery mode to fix /etc/ssh/sshd_config and restart SSH.

Firewall Blocking SSH

If you can’t connect after enabling UFW, add the SSH rule:

sudo ufw allow 22/tcp
sudo ufw reload

Next Steps

Once your server is hardened, you can:

Install Docker for running containerized services
Set up monitoring and log aggregation
Configure automated backups
Deploy your first application

See the Docker Compose Notes for the next step.

Ubuntu Server First Steps

Ubuntu Server First Steps

Prerequisites

Step 1: Update System Packages

Step 2: Set Hostname and Timezone

Step 3: Configure SSH Access

Generate SSH Keys (on your local machine)

Copy Public Key to Server

Harden SSH Configuration

Step 4: Configure Firewall

Step 5: Create a Non-Root User

Step 6: Disable Root Login

Verification Checklist

Troubleshooting

SSH Connection Refused

Locked Out of SSH

Firewall Blocking SSH

Next Steps