How to Setup and Secure Ubuntu Server in 6 Steps
Updated June 2026 — commands and versions refreshed for current releases. Ubuntu 18.04 LTS reached end of standard support in 2023; the steps below now target Ubuntu 24.04 LTS (or 22.04 LTS), which use the same commands shown here.
This guide walks through setting up and securing a fresh Ubuntu LTS server. It was originally written for 18.04, but the same six steps apply unchanged to the current 24.04 LTS and 22.04 LTS releases. The goal is a server that is convenient to use and resistant to the most common automated attacks.
1. Login to the server
Access your Ubuntu instance as the root user with:
$ ssh root@your_server_ip2. Create a new user
Rather than operating exclusively as root, establish a sudo-enabled user account. The adduser command provides a user-friendly interface compared to alternatives. Replace "ubuntu" with your preferred username — avoid predictable choices like "root", "admin", or "ubuntu" that automated attacks typically target:
$ adduser ubuntuYou'll be prompted to establish and verify a strong password. The system creates a home directory, copies configuration files, and requests additional user information:
output:
Adding user 'ubuntu' ...
Adding new group 'ubuntu' (1001) ...
Adding new user 'ubuntu' (1001) with group 'ubuntu' ...
Creating home directory '/home/ubuntu' ...
Copying files from '/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfullyPress ENTER to accept default values for the additional information prompts:
Changing the user information for ubuntu
Enter the new value, or press ENTER for the default
Full Name []: Ubuntu User
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] y3. Give sudo privileges to user
Ubuntu grants sudo access to members of the sudo group by default. Add your new user with:
$ usermod -aG sudo ubuntu4. Passwordless SSH for security
Password-based SSH authentication is inconvenient and inherently risky; users tend toward simpler passwords when repeated entry is required. Public key authentication offers a superior alternative — convenient, secure, and requiring no password entry.
Exit the server first:
$ exitAfter generating a public-private key pair on your local machine (use ssh-keygen -t ed25519 for a modern key), copy your public key to the server:
$ ssh-copy-id ubuntu@your_server_ipEnter your ubuntu user password when prompted. The public key is then inserted on the server. Subsequently, login without a password using:
$ ssh ubuntu@your_server_ip5. Allow sudoers to use sudo without a password
Passwordless SSH still requires entering your password for sudo commands. Remedy this with:
$ sudo visudoReplace this line:
%sudo ALL=(ALL:ALL) ALLwith:
%sudo ALL=(ALL) NOPASSWD:ALL6. Disable root SSH login
Prevent root login via SSH, since attackers frequently attempt to guess the root password through automated, high-volume attacks. Edit /etc/ssh/sshd_config:
$ sudo nano /etc/ssh/sshd_configChange these lines:
PasswordAuthentication yes
PermitRootLogin yesto:
PasswordAuthentication no
PermitRootLogin noSave and restart SSH:
$ sudo systemctl restart sshNote: on current Ubuntu releases the original sudo service ssh restart still works, but systemctl is the standard way to manage services today.
For additional security, modify the SSH port from the default 22 in /etc/ssh/sshd_config.
Change:
Port 22to:
Port 1022or another preferred port, ensuring it's opened in UFW afterward.
Important: Choose a port below 1024 (other than 22). This prevents a compromised non-root user from crashing the legitimate SSH daemon and launching their own on a higher-numbered port.
Enable UFW
UFW (Uncomplicated Firewall) is a straightforward, effective firewall configuration tool.
Install it if not present:
$ sudo apt install ufwAllow SSH services:
$ sudo ufw allow sshOr permit your custom SSH port:
$ sudo ufw allow 1022Open additional required ports:
$ sudo ufw allow http
$ sudo ufw allow httpsEnable the firewall:
$ sudo ufw enableCheck the firewall status:
$ sudo ufw status verboseIndivar Software Solutions
SAP Business One consulting and custom software development since 2009. Offices in India, New Zealand, and the USA.
