Tutorial

Initial Server Setup with Ubuntu 18.04

Initial Server Setup with Ubuntu 18.04
Not using Ubuntu 18.04?Choose a different version or distribution.
Ubuntu 18.04

Introduction

After creating a new Ubuntu 18.04 server, you should take some configuration steps as part of an initial server setup in order to increase security and facilitate management later.

This guide will walk you through a few procedures that you should complete early on in order to create a solid foundation for your new server, before moving on to installing and configuring any software or services.

Step 1 — Logging in as Root

Newly installed servers typically have only a root account set up, and that is the account you’ll use to log into your server for the first time.

The root user is an administrative user that has very broad privileges. Because of the heightened privileges of the root account, you are discouraged from using it on a regular basis. This is because part of the power inherent to the root account is the ability to make very destructive changes, even by accident. For that reason, the recommended practice is to set up a regular system user and give this user sudo permissions, so that it may run administrative commands with certain limitations. In the next step, you’ll set up such a user.

To get started, you’ll need to log into your server. Make sure you know your server’s public IP address. To authenticate, you’ll need either the account’s password or the SSH private key for the root user’s account, in case you have set up an SSH key for authentication within the server. If you have not already logged into your server, you may want to follow our guide on how to connect to your Droplet with SSH, which covers this process in detail.

If you are not already connected to your server, go ahead and log in as the root user with the following command. Be sure to replace the highlighted portion of the command with your server’s public IP address:

  1. ssh root@your_server_ip

Accept the warning about host authenticity if it appears. If you are using password authentication, provide your root password to log in. Alternatively, if you are using an SSH key that is passphrase protected, you may be prompted to enter the passphrase the first time you use the key each session. Additionally, if this is your first time logging into the server with a password, you may also be prompted to change the root password.

In the next step, you’ll set up a new system user account with reduced privileges, and configure this user to run administrative commands via sudo.

Step 2 — Creating a New User

Once you are logged in as root, you can create a new user that will be your regular system user from now on.

The following example creates a new user called sammy, but you should replace it with a username of your choice:

  1. adduser sammy

You will be asked a few questions, starting with the account password.

Enter a strong password and, optionally, fill in any of the additional information if you would like. This is not required and you can just hit ENTER in any field you wish to skip.

In the next step, you’ll set up sudo privileges for this user. This will allow the user to execute administrative tasks as the root user through the sudo program.

Step 3 — Granting Administrative Privileges

You have now a new user account with regular privileges. Sometimes, however, you’ll need to perform administrative tasks, like managing servers, editing configuration files, or restarting a server.

To avoid having to log out of your regular user and log back in as the root account, you can set up what are known as “superuser” or root privileges for your regular account. This will allow your regular user to run commands with administrative privileges by prefixing each command with the word sudo.

To add these privileges to you new user, you need to add the new user to the sudo group. By default on Ubuntu 18.04, users who belong to the sudo group are allowed to use the sudo command.

The following command will modify the default user settings, including the sudo group in the list of groups a user already belongs to. Pay attention to the -a argument, which stands for append. Without this option, the current groups a user is linked to would be replaced by sudo, which would cause unexpected consequences. The -G argument tells usermod to change a user’s group settings.

As root, run this command to add your new user to the sudo group (replace the highlighted word with your new user):

  1. usermod -aG sudo sammy

Your system user is now set up. In the next step, you’ll configure a basic firewall for your server.

Step 4 — Setting Up a Basic Firewall

UFW (Uncomplicated Firewall) is a firewall configuration tool that comes with Ubuntu servers. You can use the UFW firewall to make sure only connections to certain services are allowed on your server.

Note: If your servers are running on DigitalOcean, you can optionally use DigitalOcean Cloud Firewalls instead of the UFW firewall. We recommend using only one firewall at a time to avoid conflicting rules that may be difficult to debug.

Applications can register their profiles with UFW upon installation. These profiles allow UFW to manage per-application settings by name. OpenSSH, the service allowing you to connect to your server now, has a profile registered within UFW.

Run the following command to get a list of all current available profiles:

  1. ufw app list
Output
Available applications: OpenSSH

You need to make sure that the firewall allows SSH connections so that you can log back in next time. You can allow these connections by typing:

  1. ufw allow OpenSSH

Afterwards, you can enable the firewall with:

  1. ufw enable

Type “y” and press ENTER to proceed. You can see that SSH connections are still allowed by typing:

  1. ufw status
Output
Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6)

As the firewall is currently blocking all connections except for SSH, if you install and configure additional services, you will need to adjust the firewall settings to allow acceptable traffic in. You can learn some common UFW operations in this guide.

Step 5 — Enabling External Access for Your Regular User

Now that you have a regular user for daily use, you need to make sure you can SSH into the account directly.

Note: Until verifying that you can log in and use sudo as your new user, we recommend staying logged in as root. This way, if you have problems, you can troubleshoot and make any necessary changes as root. If you are using a DigitalOcean Droplet and experience problems with your root SSH connection, you can log into the Droplet using the DigitalOcean Console.

The process for configuring SSH access for your new user depends on whether your server’s root account uses a password or SSH keys for authentication.

If the Root Account Uses Password Authentication

If you logged in to your root account using a password, it means that password authentication is enabled for SSH. You can SSH to your new user account by opening up a new terminal session and using SSH with your new username:

  1. ssh sammy@your_server_ip

After entering your regular user’s password, you will be logged in. Remember, if you need to run a command with administrative privileges, type sudo before it like this:

  1. sudo command_to_run

You will be prompted for your regular user password when using sudo for the first time each session (and periodically afterwards).

To enhance your server’s security, we strongly recommend setting up SSH keys instead of using password authentication. Follow our guide on setting up SSH keys on Ubuntu 18.04 to learn how to configure key-based authentication.

If the Root Account Uses SSH Key Authentication

If you logged in to your root account using SSH keys, it’s likely that password authentication is disabled for SSH. You will need to add a copy of your local public key to the new user’s ~/.ssh/authorized_keys file to log in successfully.

Since your public key is already in the root account’s ~/.ssh/authorized_keys file on the server, you can copy that file and directory structure to your new user account in your existing session.

The simplest way to copy the files with the correct ownership and permissions is with the rsync command. This will copy the root user’s .ssh directory, preserve the permissions, and modify the file owners, all in a single command. Make sure to change the highlighted portions of the following command to match your regular user’s name:

Note: The rsync command treats sources and destinations that end with a trailing slash differently than those without a trailing slash. When using rsync below, be sure that the source directory (~/.ssh) does not include a trailing slash (check to make sure you are not using ~/.ssh/).

If you accidentally add a trailing slash to the command, rsync will copy the contents of the root account’s ~/.ssh directory to the sudo user’s home directory instead of copying the entire ~/.ssh directory structure. The files will be in the wrong location and SSH will not be able to find and use them.

  1. rsync --archive --chown=sammy:sammy ~/.ssh /home/sammy

Now, open up a new terminal session and try to log in with your new username:

  1. ssh sammy@your_server_ip

You should be able to log into the new user account without being prompted for the remote user’s SSH password for authentication. If your SSH key was set up with a keyphrase, you may be asked to unlock the SSH key by providing that password when you use the key for the first time in a terminal session.

Remember, if you need to run a command with administrative privileges, type sudo before it like this:

  1. sudo command_to_run

You will be prompted for your regular user password when using sudo for the first time each session (and periodically afterwards).

Where To Go From Here?

At this point, you have a solid foundation for your server. You can install any of the software you need on your server now.

If you’d like to get more familiar with Linux commands, you can check our Linux Command Line Primer. To extend your setup, you may want to check our Ubuntu 18.04 tag page for more guides based on that distribution.

Get Ubuntu on a hosted virtual machine in seconds with DigitalOcean Droplets! Simple enough for any user, powerful enough for fast-growing applications or businesses.

Learn more here

About the authors

Default avatar

Developer Advocate

Dev/Ops passionate about open source, PHP, and Linux.


Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
52 Comments
Leave a comment...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

I have made a bash script to automate the setup process, hopefully this will be useful to someone else.

@jasonheecs nice! however, feels like cheating to an extent. no pain, no gain, they say. on the other hand, I adore bash scripts. NICE)

Nice

You sir are awesome. Automation is an Admins friend.

Hey, Justin! Thanks for the great tutorial. In your last step, rsync --archive --chown=sammy:sammy ~/.ssh /home/sammy, it might be worth pointing out that there should be no trailing slash on ~/.ssh. I only mention that because when I was typing it in, I hit <tab> (to autocomplete, out of habit) and bash turned that into /root/ssh/.

I tried to log in with my new user, but because rsync doesn’t copy the source directory itself when it is appended with a trailing slash, my authorized_keys file was just hanging out in my new user’s home directory. A quick note might save someone else the trouble. Thanks again!

Justin Ellingwood
DigitalOcean Employee
DigitalOcean Employee badge
May 15, 2018

@benforshey Yeah, that’s a good call. Thanks for the input! I’ve added a note to help users avoid that problem in the future.

This saved my day. Thank you very much.

Hi…i followed this steps but I still cannot SSH login, i remove the trailing slash followed this rsync but still error…what am i doing wrong? please guide…thanks (rsync --archive --chown=sammy:sammy .ssh /home/sammy). with trailing slash and without trailing slash still cannot login with SSH.

Hey, @odtrtest! Are you replacing sammy with your own username?

Thanks buddy!

It’s also probably advisable to include a Step 6: Disable SSH root login.

This can be done by setting PermitRootLogin to no in /etc/ssh/sshd_config.

If you disable SSH root login, will you still be able to access the server via DigitalOcean web console, in case of emergency?

Yes.

Although the web console isn’t great, and is extremely buggy with copy and pasting (e.g. the copy and pasting of a new ssh key).

Thanks!

And don’t forget to restart ssh with sudo service ssh restart.

Dont forget to

sudo systemctl restart sshd!

I also prefer to install fail2ban to prevent anybody trying to hack into the system.

apt-get install fail2ban
alexdo
Site Moderator
Site Moderator badge
December 31, 2024

Installing fail2ban is an excellent way to enhance the security of your system by protecting it against brute-force attacks.

You can also check this article on Fail2ban:

https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-20-04

Regards

This comment has been deleted

    The old 16-04 tutorial made a lot more sense with how to get the keys in the correct place for ssh on the new user.

    You might not be able to access using the new user you created, make sure you allow OpenSSH on uwf by (logged in as root or access it via the droplet console):

    ufw allow OpenSSH

    in my case i also allowed port 22

    ufw allow 22

    alexdo
    Site Moderator
    Site Moderator badge
    December 17, 2024

    Heya,

    Also when working with firewalls make sure there is no other firewall tool where you’ll need to open/allow the port as well.

    Regards

    Great piece! thank you. Keep up the good work :)

    https://transfer.sh/ is a neat alternative for rsync. \Yet, not sure about security compliance on their side.

    i.e.

    $ curl -H "Max-Downloads: 1" -H "Max-Days: 5" --upload-file ./xxx.pub https://transfer.sh/xxx.pub 
    

    output returns a downloadable link that fits both for cli and webUI Also addable as alias to .bashrc:

    # Add this to .bashrc or its equivalent 
    transfer() { if [ $# -eq 0 ]; then echo -e "No arguments specified. Usage:\necho transfer /tmp/test.md\ncat /tmp/test.md | transfer test.md"; return 1; fi 
    tmpfile=$( mktemp -t transferXXX ); if tty -s; then basefile=$(basename "$1" | sed -e 's/[^a-zA-Z0-9._-]/-/g'); curl --progress-bar --upload-file "$1" "https://transfer.sh/$basefile" >> $tmpfile; else curl --progress-bar --upload-file "-" "https://transfer.sh/$1" >> $tmpfile ; fi; cat $tmpfile; rm -f $tmpfile; } 
    
    # Now you can use transfer command 
    $ transfer hello.txt
    
    alexdo
    Site Moderator
    Site Moderator badge
    December 17, 2024

    Heya,

    Thanks for sharing this! If you’re interested in using rsync or scp you can check the following article:

    https://www.digitalocean.com/community/tutorials/how-to-use-rsync-to-sync-local-and-remote-directories

    Regards

    Very useful, short and it works. Thx for sharing.

    Please include this in your doc sudo ufw allow 22

    Why? It already includes ufw allow OpenSSH.

    Note also that it is equivalent to ufw allow 22/tcp, which is more restrictive and thus better than what you’re suggesting.

    Didn’t work. I’m getting “Permission denied (publickey)”.

    that’s usually a local problem… make sure you’ve got your agent running and using the correct key

    This can also happen when you try to access your newly created user before actually copying the keys over from the root user.

    Make sure to rsync --archive --chown [...] the home directory of your newly created user. Search the article for rsync. The complete command is documented by the author.

    I followed the steps but at the end when trying to ssh using my new user I get this

    Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-47-generic x86_64)
     * Documentation:  https://help.ubuntu.com
     * Management:     https://landscape.canonical.com
     * Support:        https://ubuntu.com/advantage
      System information as of Tue May 14 12:58:00 UTC 2019
      System load:  0.0               Processes:           85
      Usage of /:   7.7% of 24.06GB   Users logged in:     1
      Memory usage: 11%               IP address for eth0: 142.93.104.207
      Swap usage:   0%
      Get cloud support with Ubuntu Advantage Cloud Guest:
        http://www.ubuntu.com/business/services/cloud
     * Canonical Livepatch is available for installation.
       - Reduce system reboots and improve kernel security. Activate at:
         https://ubuntu.com/livepatch
    168 packages can be updated.
    0 updates are security updates.
    ********************************************************************************
    Welcome to DigitalOcean's One-Click Node.js Droplet.
    To keep this Droplet secure, the UFW firewall is enabled.
    All ports are BLOCKED except 22 (SSH), 80 (HTTP), and 443 (HTTPS).
    To get started, visit http://do.co/node1804
    ********************************************************************************
    To delete this message of the day: rm -rf /etc/update-motd.d/99-one-click
    Last login: Tue May 14 12:52:57 2019 from 217.96.166.218
    To run a command as administrator (user "root"), use "sudo <command>".
    See "man sudo_root" for details.
    

    and I’m immediately back at my shell. What’s going on? I checked and I have

    ufw status
    Status: active
    To                         Action      From
    --                         ------      ----
    22/tcp                     LIMIT       Anywhere
    80/tcp                     ALLOW       Anywhere
    443/tcp                    ALLOW       Anywhere
    OpenSSH                    ALLOW       Anywhere
    22/tcp (v6)                LIMIT       Anywhere (v6)
    80/tcp (v6)                ALLOW       Anywhere (v6)
    443/tcp (v6)               ALLOW       Anywhere (v6)
    OpenSSH (v6)               ALLOW       Anywhere (v6)
    

    and als the authorized_keys are both at root and my user .ssh directory.

    Hi, how would this go along with https://www.digitalocean.com/community/tutorials/an-introduction-to-cloud-config-scripting ?

    It would be nice to include at the end a cloud-config that will automatically run all this on first server boot

    I am using Putty. Is there a way to set up this with Putty instead of OpenSSH?

    alexdo
    Site Moderator
    Site Moderator badge
    December 17, 2024

    You can use PuTTy to access your server, there is no issue with that. Once the server is allowing connections on port 22 you’ll be good to go.

    https://docs.digitalocean.com/products/droplets/how-to/connect-with-ssh/putty/

    Regards

    usefull, thanks ;3

    after i logged in as

    ssh sammy@your_server_ip

    i got problem with this command

    rsync --archive --chown=sammy:sammy ~/.ssh /home/sammy

    here is the error

    rsync: link_stat “/home/sammy/.ssh” failed: No such file or directory (2) rsync error: some files/attrs were not transferred (see previous errors) (code 2 3) at main.c(1196) [sender=3.1.2]

    create dir before launch this command: mkdir .ssh

    alexdo
    Site Moderator
    Site Moderator badge
    January 30, 2025

    The error “rsync: link_stat ‘/home/sammy/.ssh’ failed: No such file or directory (2)” occurs because the .ssh directory does not exist in /home/sammy/.

    Regards

    Can’t get the command

    rsync --archive --chown=sammy:sammy ~/.ssh /home/sammy

    to work either after following these instructions. Anyone got any idea how to make this work?

    From https://help.ubuntu.com/community/rsync:Rsync is installed in Ubuntu by default”.

    Make sure there are two dashes ( -- ) before the archive and chown flags. Make sure you replace sammy with the name of YOUR user. If the name for your user on the server is janedoe you replace sammy with janedoe. The command is to be executed ON the server in an SSH session. Not on your local machine.

    So your command might look something like this:

    # logged in via ssh as root as we follow the setup for the new user
    # my-ubuntu-machine is the name of the server which is being configured over ssh
    # janedoe is the username of the user I am setting up for this machine
    root@my-ubuntu-machine:~# rsync --archive --chown=janedoe: janedoe ~/.ssh /home/janedoe
    
    alexdo
    Site Moderator
    Site Moderator badge
    December 31, 2024

    Before running the rsync command, make sure the /home/sammy/.ssh directory exists. If it doesn’t, you need to create it. The .ssh directory should be owned by the user (sammy) and should have the correct permissions.

    Run the following commands:

    mkdir -p /home/sammy/.ssh chown sammy:sammy /home/sammy/.ssh chmod 700 /home/sammy/.ssh
    

    This ensures the .ssh directory is created and the correct permissions are applied.

    The rsync command uses relative paths based on the user’s home directory. It’s important to make sure the ~/.ssh directory exists and contains the necessary files like authorized_keys, and that you are specifying the destination path correctly.

    If you’re running the command as root or another user, you may need to use the absolute path for the home directory. For example:

    rsync --archive --chown=sammy:sammy /root/.ssh/ /home/sammy/.ssh/
    

    This will copy the SSH configuration files from /root/.ssh/ to /home/sammy/.ssh/. Make sure there is a trailing slash (/) at the end of the source path so it correctly copies the contents of the directory rather than the directory itself.

    Regards

    The problem I was having was when I tried logging in with my username, it would give me an error “No supported authentication methods available (server sent: publickey)”

    When I logged in as root and ran this command (changing sammy to my username)

    chown -R sammy:sammy /home/sammy/.ssh

    …it worked.

    alexdo
    Site Moderator
    Site Moderator badge
    December 31, 2024

    Heya,

    I’m glad that you’ve sorted this! This issue can often be related to files’s permissions and ownership so it’s a good idea to start looking there when troubleshooting.

    Regards

    Thanks for the article. This worked very well for me with the exception of setting up the firewall.

    I typed the following, hoping to allow SSH and HTTP :

    sudo ufw allow 22 sudo ufw allow 80 ufw enable

    HTTP does not work. I had to disable ufw to get HTTP to work.

    alexdo
    Site Moderator
    Site Moderator badge
    December 17, 2024

    Heya,

    If you need to allow connections for HTTP and HTTPS you can open the ports in UFW.

    sudo ufw allow 'Apache Full'
    

    You can check our article on the initial Ubuntu Apache setup here:

    https://www.digitalocean.com/community/tutorials/how-to-install-the-apache-web-server-on-ubuntu-22-04

    Regards

    Followed all the steps for SSH key authentication but after the last step as root user rsync –archive –chown=anthony:anthony ~/.ssh /home/anthony and opening a new tab in my terminal, I still had to enter my passphrase after running ssh anthony@178.xx.xxx.xxx

    alexdo
    Site Moderator
    Site Moderator badge
    January 30, 2025

    SSH requires strict permissions on your .ssh folder and keys.

    Run the following commands on your server:

    chmod 700 /home/anthony/.ssh 
    chmod 600 /home/anthony/.ssh/authorized_keys 
    chown -R anthony:anthony /home/anthony/.ssh
    

    Check your SSH configuration:

    sudo nano /etc/ssh/sshd_config
    

    Make sure the following lines exist and are not commented out (#):

    PubkeyAuthentication yes 
    AuthorizedKeysFile .ssh/authorized_keys   PasswordAuthentication no
    

    Save and restart SSH:

    sudo systemctl restart ssh
    

    Regards

    This comment has been deleted

      This comment has been deleted

        This comment has been deleted

          This comment has been deleted

            This comment has been deleted

              This comment has been deleted

                This comment has been deleted

                  Followed all the steps for SSH key authentication but after the last step as root user rsync –archive –chown=anthony:anthony ~/.ssh /home/anthony and opening a new tab in my terminal, I still had to enter my passphrase after running ssh anthony@178.xx.xxx.xxx

                  alexdo
                  Site Moderator
                  Site Moderator badge
                  December 31, 2024

                  The SSH agent is responsible for managing your SSH keys in memory, so you don’t have to type the passphrase every time.

                  First, check if the SSH agent is running:

                  ps aux | grep ssh-agent
                  

                  If the agent isn’t running, you can start it with:

                  eval $(ssh-agent -s)
                  

                  If the agent is running, but the key isn’t loaded, you’ll need to add it manually:

                  ssh-add ~/.ssh/id_rsa
                  

                  Replace id_rsa with the actual name of your private key file if you’re using a different one.

                  After adding the key, try logging in again with:

                  ssh anthony@178.xx.xxx.xxx
                  

                  You should be prompted for your passphrase (if the key has one), but it should not ask for the user password.

                  Regards

                  Yet it should be noted rsync could copy a root’s ssh private key when the one is existing. May be, a command to rsync authorized_keys file only would look better for beginners.

                  alexdo
                  Site Moderator
                  Site Moderator badge
                  December 31, 2024

                  When using rsync, if not used carefully, it could inadvertently copy sensitive files like a root user’s SSH private key (if it exists) to a destination, which poses a security risk.

                  For beginners, it’s best to only copy the necessary SSH configuration files, such as the authorized_keys file, to avoid inadvertently transferring sensitive data like private keys.

                  Regards

                  Followed all the steps for SSH key authentication but after the last step as root user rsync –archive –chown=anthony:anthony ~/.ssh /home/anthony and opening a new tab in my terminal, I still had to enter my passphrase after running ssh anthony@178.xx.xxx.xxx

                  alexdo
                  Site Moderator
                  Site Moderator badge
                  January 30, 2025

                  SSH requires strict permissions on your .ssh folder and keys.

                  Run the following commands on your server:

                  chmod 700 /home/anthony/.ssh 
                  chmod 600 /home/anthony/.ssh/authorized_keys 
                  chown -R anthony:anthony /home/anthony/.ssh
                  

                  Check your SSH configuration:

                  sudo nano /etc/ssh/sshd_config
                  

                  Make sure the following lines exist and are not commented out (#):

                  PubkeyAuthentication yes 
                  AuthorizedKeysFile .ssh/authorized_keys   PasswordAuthentication no
                  

                  Save and restart SSH:

                  sudo systemctl restart ssh
                  

                  Regards

                  This comment has been deleted

                    This comment has been deleted

                      This comment has been deleted

                        This comment has been deleted

                          This comment has been deleted

                            This comment has been deleted

                              This comment has been deleted

                                Followed all the steps for SSH key authentication but after the last step as root user rsync –archive –chown=anthony:anthony ~/.ssh /home/anthony and opening a new tab in my terminal, I still had to enter my passphrase after running ssh anthony@178.xx.xxx.xxx

                                alexdo
                                Site Moderator
                                Site Moderator badge
                                December 31, 2024

                                The SSH agent is responsible for managing your SSH keys in memory, so you don’t have to type the passphrase every time.

                                First, check if the SSH agent is running:

                                ps aux | grep ssh-agent
                                

                                If the agent isn’t running, you can start it with:

                                eval $(ssh-agent -s)
                                

                                If the agent is running, but the key isn’t loaded, you’ll need to add it manually:

                                ssh-add ~/.ssh/id_rsa
                                

                                Replace id_rsa with the actual name of your private key file if you’re using a different one.

                                After adding the key, try logging in again with:

                                ssh anthony@178.xx.xxx.xxx
                                

                                You should be prompted for your passphrase (if the key has one), but it should not ask for the user password.

                                Regards

                                Yet it should be noted rsync could copy a root’s ssh private key when the one is existing. May be, a command to rsync authorized_keys file only would look better for beginners.

                                alexdo
                                Site Moderator
                                Site Moderator badge
                                December 31, 2024

                                When using rsync, if not used carefully, it could inadvertently copy sensitive files like a root user’s SSH private key (if it exists) to a destination, which poses a security risk.

                                For beginners, it’s best to only copy the necessary SSH configuration files, such as the authorized_keys file, to avoid inadvertently transferring sensitive data like private keys.

                                Regards

                                Once I’ve created a working system, is it easy to duplicate it to instances in other datacenters?

                                We are looking at using DO for tiny ‘remote monitors’ and basically want the same image running all over the world. Being able to build up one reference machine, then duplicating that for deployment would rock.

                                Andy Hattemer
                                DigitalOcean Employee
                                DigitalOcean Employee badge
                                July 15, 2020

                                @CoSoWes Yes!

                                Many developers use snapshots for this exact thing.

                                The general idea is:

                                1. Spin up a Droplet and configure it to be your “reference machine” - You’ll probably want to configure services to auto-start on boot, and you can even use the metadata api if each Droplet will need to know its own name/region/IP etc…

                                2. Once it’s ready, take a snapshot of the Droplet, either through the control panel, or command-line tool, doctl

                                3. Now you can create new Droplets (through the control panel or CLI) that use the Snapshot instead of a base image like Debian.

                                This sounds perfect for our need.

                                Good info on the metadata api, we will probably want to report on the public IP, and likely the region as well.

                                May I just add, awesome response time!

                                I need to add the new user to group ‘sudo’ before user has root privileges.

                                adduser newuser sudo

                                Bobby Iliev
                                Site Moderator
                                Site Moderator badge
                                October 19, 2020

                                Hello,

                                For anyone interested, I just created a similar video demo on how to do the initial server setup as described in this tutorial:

                                Hope that this helps!

                                Regards, Bobby

                                Why not add the following commands to the end of this tutorial? I think it is a good practice to update a fresh Ubuntu installation, no?

                                sudo apt update
                                sudo apt upgrade
                                
                                alexdo
                                Site Moderator
                                Site Moderator badge
                                December 31, 2024

                                Thanks for the feedback! Yes, this is a valid point! I totally agree with you it is always a good idea to update a fresh installation when starting to build your droplet.

                                Regards

                                Great Mind. I want to be like you when I finally understand all these

                                Excellent article, thank you!

                                Just regarding the use of rsync. If you had multiple users on ubuntu representing real people of different machines then you might not want to use rsync to prevent access via ssh regardless of whether once logged in they’re able to switch users.

                                For example Fred has a different client machine to Michael and so Fred has a different public key. That public key gets coppied in authorized_keys for ssh in Fred’s directory and only contains Fred’s key. Likewise for Michael. So that Fred can only ssh into Fred on Fred’s machine, and Michael can only ssh into Michael on Michael’s machine and not each others.

                                Is this use of rsync here because we start out with the root user and then add our first additional user?

                                alexdo
                                Site Moderator
                                Site Moderator badge
                                December 31, 2024

                                Heya,

                                The use of rsync in the tutorial is primarily for system setup and file transfer, and it doesn’t bypass user access control. When using rsync, if Fred and Michael are logged in separately, each will only have access to their own files as long as permissions are correctly set. If you’re concerned about users accessing each other’s data, make sure to use the correct file ownership and permissions for each user’s home directory and their .ssh folder.

                                Regards

                                Bonjour. J’ai voulu me connecter à mon serveur en tant que root avec la commande “ssh root@your_server_ip” mais quand je saisis mon mot de passe on met “permission denied,please try again” et à la fin je n’arrive pas à me connecter en tant que root. Pouvez-vous m’aider svp

                                alexdo
                                Site Moderator
                                Site Moderator badge
                                December 31, 2024

                                You can ensure that root login is allowed in your SSH configuration. Open the SSH configuration file on your server:

                                sudo nano /etc/ssh/sshd_config
                                

                                Look for the following line:

                                PermitRootLogin yes
                                

                                If it’s set to no or prohibit-password, change it to yes. If the line is commented out, uncomment it.

                                After editing the file, save it and restart the SSH service:

                                sudo systemctl restart ssh
                                

                                Ensure that the permissions for your .ssh directory and its contents are correct. On your server, check that the following files have the correct permissions:

                                sudo chmod 700 /root/.ssh 
                                sudo chmod 600 /root/.ssh/authorized_keys
                                

                                Also, ensure the file ownership is correct:

                                sudo chown -R root:root /root/.ssh
                                

                                If you’re trying to log in using a password, make sure that password authentication is enabled in the SSH config file. Check for this line in /etc/ssh/sshd_config:

                                PasswordAuthentication yes
                                

                                If it’s set to no, change it to yes and restart SSH:

                                sudo systemctl restart ssh
                                

                                Ensure that your firewall is not blocking the SSH port (usually port 22). You can check if SSH is allowed through the firewall by running:

                                sudo ufw allow ssh 
                                sudo ufw enable
                                

                                Double-check that you’re entering the correct root password. If you’ve forgotten it, you can reset the root password.

                                If none of the above works, you can check the SSH logs to get more information about the issue:

                                sudo tail -f /var/log/auth.log
                                

                                This will show any SSH-related log entries and may provide additional clues.

                                Guys you need to let these through your ufw: To Action From


                                OpenSSH ALLOW Anywhere 80 ALLOW Anywhere 443 ALLOW Anywhere 51820/udp ALLOW Anywhere 55967 ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) 80 (v6) ALLOW Anywhere (v6) 443 (v6) ALLOW Anywhere (v6) 51820/udp (v6) ALLOW Anywhere (v6) 55967 (v6) ALLOW Anywhere (v6)

                                I also had to change the DNS servers. Not sure how I managed to bungle them. You can do that in the client.

                                alexdo
                                Site Moderator
                                Site Moderator badge
                                December 31, 2024

                                You can always allow additional ports and services if you require this, for start allowing the openssh port will grant you access to the droplet from where you can additionally develop the firewall configuration.

                                Regards

                                This comment has been deleted

                                  Thank you and the community for a detailed tutorial.

                                  I followed all the steps in this tutorial, but was still unable to login as a non-root user from putty client, with error - Server refused our key. No supported authentication methods available (server sent: public key)

                                  You can verify this by making a fresh droplet and following this tutorial.

                                  Found this in auth.log in /var/log - User myUsernamer from xx.xx.xx.xx not allowed because not listed in AllowUsers

                                  For Enabling External Access for Your Regular(Non-Root) User, you need to add the user to list of users who are allowed access via SSH in /etc/ssh/sshd_config file, which is specified in line starting with AllowUsers.

                                  Something like - AllowUsers root, yourUser1, myUserName

                                  Please add instructions for this step.

                                  alexdo
                                  Site Moderator
                                  Site Moderator badge
                                  December 31, 2024

                                  It seems like the error you’re encountering is due to the AllowUsers directive in the SSH configuration file, which limits which users are allowed to log in via SSH. If your non-root user is not listed in the AllowUsers section, you’ll get the error message you mentioned.

                                  Open the /etc/ssh/sshd_config file in a text editor like nano:

                                  sudo nano /etc/ssh/sshd_config
                                  

                                  Look for the line that starts with AllowUsers. This line restricts SSH access to only certain users. If this line exists and does not include your non-root username, you’ll need to modify it.

                                  If the line is missing or commented out, you can add it yourself. For example, if the username of your non-root user is myUserName, you would modify or add the line like this:

                                  AllowUsers root myUserName
                                  

                                  To apply the changes, restart the SSH service:

                                  sudo systemctl restart ssh
                                  

                                  Regards

                                  Good day,can someone pls share me a link to download and install ubuntu on mac os,thanks.

                                  alexdo
                                  Site Moderator
                                  Site Moderator badge
                                  December 31, 2024

                                  Heya,

                                  If you’re looking to install Ubuntu Desktop you can check this article:

                                  https://ubuntu.com/tutorials/install-ubuntu-desktop

                                  Regards

                                  This comment has been deleted

                                    Try DigitalOcean for free

                                    Click below to sign up and get $200 of credit to try our products over 60 days!

                                    Sign up

                                    Join the Tech Talk
                                    Success! Thank you! Please check your email for further details.

                                    Please complete your information!

                                    Become a contributor for community

                                    Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

                                    DigitalOcean Documentation

                                    Full documentation for every DigitalOcean product.

                                    Resources for startups and SMBs

                                    The Wave has everything you need to know about building a business, from raising funding to marketing your product.

                                    Get our newsletter

                                    Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

                                    New accounts only. By submitting your email you agree to our Privacy Policy

                                    The developer cloud

                                    Scale up as you grow — whether you're running one virtual machine or ten thousand.

                                    Get started for free

                                    Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

                                    *This promotional offer applies to new accounts only.