Via terminal. Change password as may be prompted.
ssh root@SERVER_IP_ADDRESS
Create new user to carry out day-to-day tasks, to avoid using root
adduser USER_NAME
Create .ssh
folder and authorized_keys
file
mkdir ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
Add new user to sudo
group. By using sudo
, user will have root privileges.
sudoers tutorial
usermod -aG sudo USER_NAME
Generate key on LOCAL machine
(local$) ssh-keygen
If ssh-copy-id
is installed locally, then use this to add key to remote user’s .ssh/authorized_keys
file. (Note: will need a password)
(local$) ssh-copy-id USER_NAME@REMOTE_SERVER_IP
Print SSH public key to terminal. Select and copy.
(local$) cat ~/.ssh/id_rsa.pub
On server, as root
user, temporatily switch to new user
su - USER_NAME
Open file in .ssh/authorized_keys
to edit.
Paste key. CTRL-X
to exit file, y
to save changes, then ENTER
nano ~/.ssh/authorized_keys
Restrict permissions of the authorized_keys
chmod 600 ~/.ssh/authorized_keys
return to root
user
exit
Ubuntu 16.04 servers can use the UFW firewall to make sure only connections to certain services are allowed. We can set up a basic firewall very easily using this application.
Different applications can register their profiles with UFW upon installation. These profiles allow UFW to manage these applications by name. OpenSSH, the service allowing us to connect to our server now, has a profile registered with UFW.
You can see this by typing:
sudo ufw app list
Output
Available applications:
OpenSSH
We need to make sure that the firewall allows SSH connections so that we can log back in next time. We can allow these connections by typing:
sudo ufw allow OpenSSH
Afterwards, we can enable the firewall by typing:
sudo ufw enable
Type “y” and press ENTER to proceed. You can see that SSH connections are still allowed by typing:
sudo ufw status
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
These step-by-step instructions are taken from various tutorials on digitalocean.com, phusionpassenger.com, and other sites. Some sources have been linked. Most step descriptions have been shortened and simplified. Some step sequences are from one source while other may come from various sources.
These instructions and commands are placed on GitHub so I can conveniently find them. I am a novice with Ubuntu, Nginx, Passenger, command line, etc., so I probably can’t answer any questions. However, I’ll be glad to incorporate any corrections that are needed.
Use instructions and commands at your own risk.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.