Ubuntu Server : install and secure

How to install and secure Ubuntu Server

Prerequises

First of all download the ISO of the latest stable LTS release of Ubuntu Server on the official website here.

Install

The install of Ubuntu Server is really easy and have already a lot of detailed how to on internet, the only point to take care is the manual partition, I suggest to follow this one from ubuntuserverguide or to read this one. The second thing to take care is to use a strong password scheme (Upper/Lower/Number/Special) who stay easy to remember (not have to write).

Just after the install the first thing need to do is to secure your SSH with adding a Public Key Authentication. Setting this up will increase the security of your server by requiring a private SSH key to log in.

Generate The Key Pair for SSH

To generate a new key pair, enter the following command (use the option -b 4096 for higher security)

xxxx@xxx:~$ ssh-keygen -b 4096

Result an output like this

Generating public/private rsa key pair.
Enter file in which to save the key (/home/xxxx/.ssh/id_rsa):
Created directory '/home/xxxx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xxxx/.ssh/id_rsa.
Your public key has been saved in /home/xxxx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xxxxxxxxxx xxxx@xxxx
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
+----[SHA256]-----+

You have now a private key id_rsa and a public key id_rsa.pub in the .ssh directory in the home directory. You need to copy the public key id_rsa.pub to ~/.ssh/authorized_keys on the remote server.

Putty users : You need to load the private key id_rsa in PuTTYgen then save the private key for have it in .ppk format

When finished configure the ssh deamon to disallow remote SSH access to an account and force the use of a Public Key Authentication.

Don’t forget to change the value of PasswordAuthentication to no in /etc/ssh/sshd_config.

Restart ssh and try to connect with the key for validate than everything working well before to log out your actual ssh connection.