How does DigitalOcean work

Initial setup of the server with Ubuntu 18.04

introduction

If you are setting up a new Ubuntu 18.04 server for the first time, you should perform some of these configuration steps as part of the basic configuration in the initial phase. This increases the security and usability of your server and gives you a solid basis for further actions.

Comment: The following guide illustrates how the steps we have given for new Ubuntu 18.04 servers are carried out manually. Performing this pass manually can be useful for learning basic system administration skills and as a practice activity to fully understand the activities that are going on on your server. If you want faster commissioning, you can alternatively run our initial server setup script, which automates these steps.

Step 1 - Log in as root

To log into your server, you need to use the public IP address of your server know. You also need the password, or if you have installed an SSH key for authentication, the private key for the root-User account. If you haven't logged into your server yet, you can follow our guide on how to connect to your droplet with SSH, which describes this process in detail.

If you are not already connected to your server, then use the command below (replace the highlighted part of the command with your server's public IP address) as rootUsers.

If the warning about the authenticity of the host appears, accept it. If you are using password authentication, enter your root-Password to login. If you are using a password-protected SSH key, you may be asked to enter the password the first time you use the key in each session. When you log on to the server with a password for the first time, you may also be asked to enter the root-Enter password.

About root

The root-User is the administrative user in a Linux environment with extensive rights. Due to the increased access rights of the rootAccount, you will benefit from its regular use advised against. This is due to the fact that part of the dem rootAccount's inherent power is the ability to make highly destructive changes, even by accident.

The next step is to set up an alternative user account with a reduced sphere of influence for daily work. We will show you how to obtain additional rights during the required periods.

Step 2 - Create a new user

After you sign up as a root signed in, we're ready to add the new user account that we'll be signing into in the future.

This example creates a new user named Sammy, but you should replace it with a username you prefer:

You will be asked a few questions starting with the account password.

Enter a strong password and fill in any additional information of your choice. This is not required and you can just hit the 'Enter' key on any field you want to skip.

Step 3 - Assignment of administrative rights

Now we have a new user account with normal account access rights. However, sometimes we need to perform administrative tasks.

In order not to log out as a normal user and log back in as a root-Users, we can use so-called "superuser" or root- Set up rights for our normal account. This allows our normal users to execute commands with administrative rights by putting the word 'sudo' in front of each command.

In order to assign these rights to our new user, we have to assign the new user of the sudo-Group assign. With Ubuntu 18.04, users of the sudo-Group is authorized to use the 'sudo' command by default.

Run as root this command to your new user of the sudo-Group assign (replace the highlighted word with your new user):

If you are now logged in as a normal user, you can introduce 'sudo' commands to perform tasks with superuser rights.

Step 4 - Install a standard firewall

Ubuntu 18.04 servers can use the UFW firewall to ensure that only connections to certain services are allowed. We can very easily install a standard firewall with this application.

Comment: If your servers run with DigitalOcean, you can also use DigitalOcean Cloud Firewalls instead of the UFW firewall. We recommend using only one firewall at a time to avoid conflicting rules that are difficult to debug.

Different applications can register their profiles with UFW after installation. These profiles allow UFW to manage these applications by name. OpenSSH, the service with which we can now connect to our server, has registered a profile with UFW.

This is shown when you enter the following:

We need to make sure the firewall allows SSH connections so we can log in again next time. We can allow these connections by entering:

Then we can activate the firewall by entering:

Type “” and press 'Enter' to continue. You can see that SSH connections are still allowed if you type:

There the firewall is currently blocking all connections except SSH, when installing and configuring additional services, you will need to adjust the firewall settings to allow acceptable traffic. You can learn some UFW operations in this guide.

Step 5 - Activation of external access for your normal user

Now that we have a normal user for regular use, we need to make sure that we can connect directly to the account with SSH.

Comment: Until it is verified that you can log in and use it with your new user, we recommend that you act as a root to stay logged in. If problems arise, you can use this to fix errors and save necessary changes as root make. If you are using a DigitalOcean droplet and have problems with your root-SSH connection, you can log into the droplet using the DigitalOcean console.

The configuration process for SSH access for your new user depends on whether the rootYour server's account uses a password or SSH key for authentication.

When the root account uses password authentication.

If you are with your root-Account with a password then password authentication for SSH is activated *. You can establish an SSH connection to your new user account by opening a new terminal session and using SSH with your new user name.

After entering your normal user password, you are logged in. Note that if you need to run a command with administrative rights, you must put the word 'sudo' in front of it, as follows:

You will be asked for your normal user password when you use 'sudo' for the first time in every session (and at regular intervals thereafter).

To increase the security of your server we strongly recommend creating SSH keys instead of using password authentication. Follow our guide to Create SSH Keys on Ubuntu 18.04 to learn how to configure key-based authentication.

When the root account uses key-based authentication.

If you are with your root-Account with SSH keys login, then the password authentication is for SSH deactivated. You will need to add a copy of your local public key to the new user's file in order to log in successfully.

Since your public key is already in the RootAccount file is contained on the server, we can copy this file and folder structure to our new user account in our existing session.

The easiest way to copy the files with the correct owners and permissions is with the 'rsync' command. The '.ssh' folder directory of the root-Copy the user, get the permissions and modify the file owner, all with a single command. Make sure to change the highlighted parts of the command below to match the name of your regular user.

Comment: The 'rsync' command treats sources and destinations that end with a slash differently than those without a trailing slash. If you're using 'rsync' below, make sure the source directory () none includes trailing slash (make sure you are not using).

If you accidentally add a slash to the command, 'rsync' will copy the content of the directory of theRootAccount to the home directory of the 'sudo' user instead of copying the entire directory structure. The files will be put in the wrong place and SSH will not be able to find and use them.

You can now open a new terminal session and use SSH with your new username:

You should be logged into the new user account without entering a password. Note that if you need to run a command with administrative rights, you must put the word 'sudo' in front of it, as follows:

You will be asked for your normal user password when you use 'sudo' for the first time in every session (and at regular intervals thereafter).

How does it go from here?

At this point, you have a solid foundation for your server. You can now install the software you need on your server.