Tutorial

Initial Server Setup with Ubuntu 12.04

Published on May 22, 2012
Initial Server Setup with Ubuntu 12.04
Not using Ubuntu 12.04?Choose a different version or distribution.
Ubuntu 12.04

Status: Deprecated

This article covers a version of Ubuntu that is no longer supported. If you are currently operate a server running Ubuntu 12.04, we highly recommend upgrading or migrating to a supported version of Ubuntu:

Reason: Ubuntu 12.04 reached end of life (EOL) on April 28, 2017 and no longer receives security patches or updates. This guide is no longer maintained.

See Instead:
This guide might still be useful as a reference, but may not work on other Ubuntu releases. If available, we strongly recommend using a guide written for the version of Ubuntu you are using. You can use the search functionality at the top of the page to find a more recent version.

What the Red Means

The lines that the user needs to enter or customize will be in red in this tutorial! The rest should mostly be copy-and-pastable.

The Basics

When you first begin to access your fresh new server, there are a few early steps you should take to make it more secure. Some of the first tasks required on a virtual private server can include setting up a new user, providing them with the proper privileges, and configuring SSH.

Step One—Root Login

Once you know your IP address and root password, login as the main user, root.

It is not encouraged to use root on a VPS on a regular basis, and this tutorial will help you set up an alternative user to login with permanently.

ssh root@123.45.67.890

The terminal will show:

The authenticity of host '69.55.55.20 (69.55.55.20)' can't be established.
ECDSA key fingerprint is 79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0.
Are you sure you want to continue connecting (yes/no)?

Go ahead and type yes, and then enter your root password.

Step Two—Change Your Password

Currently your root password is the default one that was sent to you when you registered your droplet. The first thing to do is change it to one of your choice.

passwd

Step Three— Create a New User

After you have logged in and changed your password, you will not need to login again as root. In this step we will make a new user and give them all of the root capabilities.

You can choose any name for your user. Here I’ve suggested Demo

adduser demo

After you set the password, you do not need to enter any further information about the new user. You can leave all the lines blank if you wish

Step Four— Root Privileges

As of yet, only root has all of the administrative capabilities. We are going to give the new user the root privileges.

When you perform any root tasks with the new user, you will need to use the phrase “sudo” before the command. This is a helpful command for 2 reasons: 1) it prevents the user making any system-destroying mistakes 2) it stores all the commands run with sudo to the file ‘/var/log/secure' which can be reviewed later if needed.

Let’s go ahead and edit the sudo configuration. This can be done through the default editor, which in Ubuntu is called ‘nano’

visudo

Find the section called user privilege specification. It will look like this:

# User privilege specification
root    ALL=(ALL:ALL) ALL

Under there, add the following line, granting all the permissions to your new user:

demo    ALL=(ALL:ALL) ALL

Type ‘cntrl x’ to exit the file.

Press Y to save; press enter, and the file will save in the proper place.

Step Five— Configure SSH (OPTIONAL)

Now it’s time to make the server more secure. These steps are optional. Please keep in mind that changing the port and restricting root login may make logging in more difficult in the future. If you misplace this information, it could be nearly impossible.

Open the configuration file

nano /etc/ssh/sshd_config

Find the following sections and change the information where applicable:

Port 25000
Protocol 2
PermitRootLogin no

We’ll take these one by one.

Port: Although port 22 is the default, you can change this to any number between 1025 and 65536. In this example, I am using port 25000. Make sure you make a note of the new port number. You will need it to log in in the future. This change will make it more difficult for unauthorized people to log in.

PermitRootLogin: change this from yes to no to stop future root login. You will now only be logging on as the new user.

Add these lines to the bottom of the document, replacing *demo* in the AllowUsers line with your username. (AllowUsers will limit login to only the users on that line. To avoid this, skip this line):

UseDNS no
AllowUsers demo

Save and Exit

Step Six— Reload and Done!

Reload SSH, and it will implement the new ports and settings.

reload ssh

To test the new settings (don’t logout of root yet), open a new terminal window and login as your new user.

Don’t forget to include the new port number.

ssh -p 25000 demo@123.45.67.890

Your prompt should now say:

[demo@yourname ~]$

See More

As you start securing your droplet with SSH, you can continue to improve its security by installing programs, such as Fail2Ban or Deny Hosts, to prevent against brute force attacks on the server. You can also find the tutorial to install the LAMP stack on the server here or the LEMP stack here.

By Etel Sverdlov

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about our products

About the authors

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
10 Comments


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Etel Sverdlov
DigitalOcean Employee
DigitalOcean Employee badge
October 29, 2012

The visudo command is the correct way to edit that file. As explained on the man page: “visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors.”

This comment has been deleted

    Hey,

    reload ssh is not working. The command line says “No command found reload”

    Command : reload ssh Result : The program ‘reload’ is currently not installed. You can install it by typing: apt install upstart

    What is the problem ? I am following this doc and configuring Ubuntu 16.04 first time.

    Thanks @etel :) You made my day

    Is there a reason for adding root privileges to the new user in this manner? I have always found it simpler to issue, as root, usermod -aG sudo <username>.

    I get this error when I try to ‘reload ssh’

    Unable to connect to Upstart: Failed to connect to socket /com/ubuntu/upstart: Connection refused

    root@x.x.x.x’s password: Permission denied, please try again.

    That’s what I get after I finish configuring the new user and sign out and try to sign back in (ssh) as root. I want to keep the root login, so I didn’t update the PermitRootLogin. Pretty much I only added: AllowUsers ----- But as soon as I do reload ssh I get the previous error.

    Anyone has any idea how to resolve this issue?

    Hi, Even though everything is setup correctly. The Root user is no longer available to login via SSH / SFTP.

    Then why the USER can’t modify the files by himself? Even though the USER is added to the SUDO group, He also got access to everything under VISUDO file.

    No matter which file you try to modify, it will always says Permission Denied. Apache & SSH all had been restarted.

    If the USER cannot modify the files by himself, then how can we make him to do it? Instead of using ROOT ?

    Not sure why this isn’t mentioned, but once you create the new user, you have to then use the password to connect and can no longer use your ssh keys that you probably used to set up the droplet in the first place. While still logged in as root, before testing the connection with your port changes and locking out root from ssh, you should:

    mkdir /home/demo/.ssh
    cp /root/.ssh/authorized_keys /home/demo/.ssh
    chown -R demo:demo /home/demo/.ssh
    

    Now all the keys you used when you set up the droplet will work and log you in as your new user.

    Try DigitalOcean for free

    Click below to sign up and get $200 of credit to try our products over 60 days!

    Sign up

    Join the Tech Talk
    Success! Thank you! Please check your email for further details.

    Please complete your information!

    Become a contributor for community

    Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

    DigitalOcean Documentation

    Full documentation for every DigitalOcean product.

    Resources for startups and SMBs

    The Wave has everything you need to know about building a business, from raising funding to marketing your product.

    Get our newsletter

    Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

    New accounts only. By submitting your email you agree to our Privacy Policy

    The developer cloud

    Scale up as you grow — whether you're running one virtual machine or ten thousand.

    Get started for free

    Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

    *This promotional offer applies to new accounts only.