Securely Setup Ubuntu 14.04 Server

Learn how to securely setup a Ubuntu 14.04 server for application deployment. I cover patching the system, using public key authentication, using an account other than root, disabling root access and setting up a firewall.

This tutorial is the first in a three part series on how to deploy a Ruby on Rails application to your own server.

This tutorial assumes you already have a ssh key pair setup. If you don't, you can see how to create one in our git and github video.

On your workstation:

# copy your SSH key to your hosting providers keys
cat .ssh/id_rsa.pub

# create server and use the ip address to log in (replace 0.0.0.0)
ssh root@0.0.0.0

On your server:

# reset root password if it is set
passwd

# Update packages
aptitude update 
aptitude safe-upgrade

# add another user
adduser creston

# add user to group sudo so that user can sudo all commands
usermod -a -G sudo creston

# reboot system in case any installed patches require it
sudo reboot

On your workstation:

# copy your LOCAL public key to the creston user on the server
ssh-copy-id 0.0.0.0

# logon as creston
ssh 0.0.0.0

On your server:

# update sshd config
sudo nano /etc/ssh/sshd_config

# Edit or add the following configuration to sshd_config
PermitRootLogin no
PasswordAuthentication no
X11Forwarding no
AllowUsers creston deploy

# reload the sshd config
sudo service ssh reload

# configure ufw
sudo ufw logging on
sudo ufw allow ssh
sudo ufw allow www
sudo ufw enable
sudo ufw status

# disconnect from the server
exit

On your workstation:

# check connections, root login should fail
ssh root@0.0.0.0
ssh 0.0.0.0

Please go ahead and leave a comment below if you have any questions about this tutorial.