Published on December 24, 2020
This document was migrated from DigiDocs
In this section you will find my notes on setting up and securing Ubuntu 18.04. Vim knowledge is assumed.
Creating a new non-root Sudo user
It is recommended to avoid using the root user account on a regular basis as it compromises security and is risky. Instead, create a new user account and add it to the sudo group.
Add a new user
Add user to sudo group
usermod -aG sudo evan
Log in to user
Only allow Key Authentication
Password-based authentication is susceptible to brute-force attacks. Thus, it is good practice to disable it and only allow key-based authentication.
Add Public Key to User
As mentioned, usage of the root user account should be avoided. Hence, it is advisable that you add your public key to the user account you created earlier on. It is assumed that you logged into your root account using SSH key.
- Create a
- Insert your public key and save the file with
:wq!. You can copy this from the
authorized_keysfile under the root account's directory. You can find the file using the following commands:
Toggle visual mode by pressing
v at the start of the line for the public key you wish to copy over. Press
$ to move the cursor to the end of the line; doing so highlights the entire line. Press
y to yank (copy). Then exit the file using
Enter the destination
authorized_keys file. Press
p to paste what you yanked.
Disable Password Authentication
As it is assumed that you logged into your root account using SSH key, this step could be unnecessary. However, do still perform a check to verify that
PasswordAuthentication no is in place.
sudo vim /etc/ssh/sshd_config
PasswordAuthentication no. It might be commented out as
#PasswordAuthentication noor written as
PasswordAuthentication yes. If you find either, replace with
PasswordAuthentication no. Else just add it in.
:/PasswordAuthentication to find
Save the file with
sshto implement this change:
sudo systemctl restart ssh
- List application profiles registered with ufw firewall:
sudo ufw app list
You should see
- Ensure the firewall allows SSH connections:
sudo ufw allow OpenSSH
sudo ufw enable # Enable firewall
sudo ufw status # Check if OpenSSH is allowed
You should see the following after executing
sudo ufw status:
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)