Recommended practices for initializing a new virtual server

%% date:: [[2021-08-17]], [[2021-02-09]], [[2021-02-08]], [[2024-01-08]] parent:: %% # [[Recommended practices for initializing a new virtual server]] Here are some best practices for initializing your new virtual server. ## Authentication Always use [[SSL]]. You may have the option to use a passphrase/password, but that's considerably less secure. [[Generating an SSH key pair|Generate an SSH key pair]] on your local machine and share the public key to your cloud provider of choice. ## Log into your new machine To log into your new server, use [[SSH]]. `ssh [email protected]`, substituting your virtual machine's IP address. `root` is the standard user with admin privileges used by [[Unix]] systems. ## Use another user instead of root You shouldn't use `root` regularly, for security reasons (anyone with access to it can do anything on the machine) and also because it's just too easy to accidentally mess something up when you have the highest level of privileges. To prevent that from happening, create a new user and give it the appropriate permissions to do what you need to do. ### Create new user `adduser nic` ### Grant admin privileges to the new user From `root`: `usermod -aG sudo nic` ## Set up a basic firewall On [[Ubuntu]], the easiest one to set up is [[UFW]]. ### Verify that OpenSSH is allowed by UFW You want to be able to log into your server via SSH despite the firewall, so set UFW to allow it: `ufw allow OpenSSH` ### Enable firewall `ufw enable` ### Verify firewall status `ufw status` It should return something like this: ```bash root@ubuntu-s-1vcpu-1gb-ams3-01:~# ufw status Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) ``` Note that this means that only SSH traffic will be allowed into the server, which is probably what you want anyway. But if you want to allow other types of connections, you'll need to configure [[UFW]] to allow it as well. ## Enable external access for new user If you logged into `root` with an SSH key rather than a password (and you should have done so), you'll need to copy your public key from `root` to your new user (in this case, `nic`). That will allow the new user to log in via SSH as well. The public key was already stored in `~/.ssh/authorized_keys`. `rsync --archive --chown=nic:nic ~/.ssh /home/nic` ### Verify that you can log in via SSH with the new user Before you log out of root, check that you can log in with your new user. Just open up a new terminal window and try to log in the same way as you did with root: `ssh [email protected]` ## References - [[Initial Server Setup With Ubuntu 18.04 | DigitalOcean]]