Set Up a New Ubuntu Server

Chanming
Dec 3, 2019

Update Package Source

apt-get update
apt-get upgrade

Add User Account with Limited Privilege

adduser username
adduser username sudo # add administrative privilege use sudo

Secure SSH Login by RSA Key Authentication

Generate RSA 4096 key pair on local machine by:

ssh-keygen -b 4096

Add public key to the user home dir, at /home/username/.ssh/authorized_keys

Disable root user logins and password logins by editing config file at /etc/ssh/sshd_config:

# Authentication:
...
PermitRootLogin no

# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no

Port 12345

Restart ssh process to apply the new settings:

sudo systemctl restart sshd

Setting up Firewall by UFW and Fail2Ban

UFW

apt-get install ufw
ufw allow ssh # depends on your ssh port
ufw enable
ufw status

Fail2Ban

apt-get install fail2ban
fail2ban-client status

more settings at https://www.linode.com/docs/security/using-fail2ban-to-secure-your-server-a-tutorial/

Other security concerns

https://www.digitalocean.com/community/questions/best-practices-for-hardening-new-sever-in-2017

Configure BBR

Done.