How to install and secure Ubuntu Server

Prerequises

First of all download the ISO of the latest stable LTS release of Ubuntu Server on the official website here.

Install

The install of Ubuntu Server is reallyĀ easy and have already a lot of detailed how to on internet, the only point to take care is the manual partition, I suggest to follow this one fromĀ ubuntuserverguide or to read this one. The second thing to take care is to use a strong password scheme (Upper/Lower/Number/Special) who stay easy to remember (not have to write).

Just after the install the first thing need to do is to secure your SSH with adding a Public Key Authentication. Setting this up will increase the security of your server by requiring a private SSH key to log in.

Generate The Key Pair for SSH

To generate a new key pair, enter the following command (use the option -b 4096 for higher security)

xxxx@xxx:~$ ssh-keygen -b 4096

Result an output like this

Generating public/private rsa key pair.
Enter file in which to save the key (/home/xxxx/.ssh/id_rsa):
Created directory '/home/xxxx/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/xxxx/.ssh/id_rsa.
Your public key has been saved in /home/xxxx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xxxxxxxxxx xxxx@xxxx
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
|                 |
+----[SHA256]-----+

You have now a private keyĀ id_rsaĀ and a public keyĀ id_rsa.pubĀ in the .ssh directory inĀ the home directory. You need to copy theĀ public keyĀ id_rsa.pubĀ toĀ ~/.ssh/authorized_keys on the remote server.

Putty users : You need to loadĀ the private keyĀ id_rsaĀ inĀ PuTTYgenĀ then save the private key for have it in .ppk format

When finished configure the ssh deamon to disallow remote SSH access to an account and force the use of a Public Key Authentication.

Don’t forget to change the value of PasswordAuthenticationĀ to no in /etc/ssh/sshd_config.

Restart ssh and try to connect with the key for validate than everything working well before to log out your actual ssh connection.