Initial Server Setup with Ubuntu 20.04
Introduction
When you first create a new Ubuntu 20.04 server, you should perform some important configuration steps as part of the initial setup. These steps will increase the security and usability of your server, and will give you a solid foundation for subsequent actions.
Step 1 — Creating a New User
Once you are logged in as root, you’ll be able to add the new user account. In the future, we’ll log in with this new account instead of root.
This example creates a new user called jpeacock, but you should replace that with a username that you like:
useradd --create-home -s /bin/bash jpeacock
This will add a new user named jpeacock, create a home directory for it (/home/jpeacock), and give it a login shell (/bin/bash).
Step 2 — Setting a Password
Next, you need to create a password for the jpeacock user. If you don’t create a password the account will remain "locked" and you won’t be able to login.
passwd jpeacock
Since the password is never used for anything, I recommend setting it to a long, random string.
Step 3 — Granting Administrative Privileges
Now we have a new user account with regular account privileges. However, we may sometimes need to do administrative tasks.
To avoid having to log out of our normal user and log back in as the root account, we can set up what is known as superuser or root privileges for our normal account. This will allow our normal user to run commands with administrative privileges by putting the word sudo before the command.
To add these privileges to our new user, we need to add the user to the sudo group. By default, on Ubuntu 20.04, users who are members of the sudo group are allowed to use the sudo command.
As root, run this command to add your new user to the sudo group (substitute the highlighted username with your new user):
usermod -aG sudo jpeacock
Now, when logged in as your regular user, you can type sudo before commands to run them with superuser privileges.
Step 4 — Adding user to the www-data group
usermod -a -G www-data jpeacock
Step 5 — Adding user to sudoers
Add the user to the list of sudoers by opening /etc/sudoers in your preferred text editor:
sudo nano /etc/sudoers
Add the highlighted to the bottom of the file:
#includedir /etc/sudoers.d
jpeacock ALL=(ALL) NOPASSWD: ALL
If you are using nano, press ⌃ Control + X, then when prompted, Y and then ⏎ Enter.
Step 6 — Copying the Public Key to Your Ubuntu Server
The quickest way to copy your public key to the Ubuntu host is to use a utility called ssh-copy-id. Due to its simplicity, this method is highly recommended if available. If you do not have ssh-copy-id available to you on your client machine, you may use one of the two alternate methods provided in this section (copying via password-based SSH, or manually copying the key).
Copying the Public Key Using ssh-copy-id
The ssh-copy-id tool is included by default in many operating systems, so you may have it available on your local system. For this method to work, you must already have password-based SSH access to your server.
To use the utility, you specify the remote host that you would like to connect to, and the user account that you have password-based SSH access to. This is the account to which your public SSH key will be copied.
The syntax is:
ssh-copy-id username@remote_host
You may see the following message:
The authenticity of host '203.0.113.1 (203.0.113.1)' can't be established.
ECDSA key fingerprint is fd:fd:d4:f9:77:fe:73:84:e1:55:00:ad:d6:6d:22:fe.
Are you sure you want to continue connecting (yes/no)? yes
This means that your local computer does not recognize the remote host. This will happen the first time you connect to a new host. Type "yes" and press ⏎ Enter to continue.
Next, the utility will scan your local account for the id_rsa.pub key that we created earlier. When it finds the key, it will prompt you for the password of the remote user’s account:
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
username@203.0.113.1's password:
Type in the password (your typing will not be displayed, for security purposes) and press ⏎ Enter. The utility will connect to the account on the remote host using the password you provided. It will then copy the contents of your ~/.ssh/id_rsa.pub key into a file in the remote account’s home ~/.ssh directory called authorized_keys.
You should see the following output:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'username@203.0.113.1'"
and check to make sure that only the key(s) you wanted were added.
At this point, your id_rsa.pub key has been uploaded to the remote account.