muniu · March 10, 2016 11:58
diff --git a/new_ubuntu_server_setup.txt b/new_ubuntu_server_setup.txt
 Server Tasks

 1. Change root password

 2. Change ssh port (assume to be 4444)
 nano /etc/ssh/sshd_config(change port to between 1025 and 65536)
 PermitRootLogin no
 service ssh restart
 ssh -p 4444 demo@SERVER_IP_ADDRESS

 3. Add normal user with sudo privileges
 adduser username_here
 gpasswd -a username_here sudo

 4. Copy ssh key to remote server
 cat ~/.ssh/id_rsa.pub (copy output to clipboard)
 ssh-rsa long_string_here_ends_with_email_address
 su - username_here
 mkdir .ssh
 chmod 700 .ssh
 nano .ssh/authorized_keys (paste ssh key)
 chmod 600 .ssh/authorized_keys
 exit

 5. setup firewall
 # by default, deny all incoming, allow all outgoing
 sudo ufw default deny incoming
 sudo ufw default allow outgoing

 # allow the new ssh port
 sudo ufw allow 4444/tcp

 # allow port 80 if webserver
 sudo ufw allow 80/tcp
 sudo ufw allow 443/tcp

 # confirm rules added
 sudo ufw show added

 # effect the rules
 sudo ufw enable

 6. Configure timezones, network time and locale
 sudo dpkg-reconfigure tzdata
 sudo apt-get update
 sudo apt-get install ntp

 sudo locale-gen en_US.UTF-8 (or sudo locale-gen UTF-8?)
 sudo dpkg-reconfigure locales
 edit the file /etc/environment add one line with your LANG, like this LC_ALL="en_US.UTF-8" save and reboot

 7. Create swap file, either same or double the installed RAM
 sudo fallocate -l 4G /swapfile
 sudo chmod 600 /swapfile
 sudo mkswap /swapfile
 sudo swapon /swapfile
 sudo sh -c 'echo "/swapfile none swap sw 0 0" >> /etc/fstab'
	Server Tasks

	1. Change root password

	2. Change ssh port (assume to be 4444)
	nano /etc/ssh/sshd_config(change port to between 1025 and 65536)
	PermitRootLogin no
	service ssh restart
	ssh -p 4444 demo@SERVER_IP_ADDRESS

	3. Add normal user with sudo privileges
	adduser username_here
	gpasswd -a username_here sudo

	4. Copy ssh key to remote server
	cat ~/.ssh/id_rsa.pub (copy output to clipboard)
	ssh-rsa long_string_here_ends_with_email_address
	su - username_here
	mkdir .ssh
	chmod 700 .ssh
	nano .ssh/authorized_keys (paste ssh key)
	chmod 600 .ssh/authorized_keys
	exit

	5. setup firewall
	# by default, deny all incoming, allow all outgoing
	sudo ufw default deny incoming
	sudo ufw default allow outgoing

	# allow the new ssh port
	sudo ufw allow 4444/tcp

	# allow port 80 if webserver
	sudo ufw allow 80/tcp
	sudo ufw allow 443/tcp

	# confirm rules added
	sudo ufw show added

	# effect the rules
	sudo ufw enable

	6. Configure timezones, network time and locale
	sudo dpkg-reconfigure tzdata
	sudo apt-get update
	sudo apt-get install ntp

	sudo locale-gen en_US.UTF-8 (or sudo locale-gen UTF-8?)
	sudo dpkg-reconfigure locales
	edit the file /etc/environment add one line with your LANG, like this LC_ALL="en_US.UTF-8" save and reboot

	7. Create swap file, either same or double the installed RAM
	sudo fallocate -l 4G /swapfile
	sudo chmod 600 /swapfile
	sudo mkswap /swapfile
	sudo swapon /swapfile
	sudo sh -c 'echo "/swapfile none swap sw 0 0" >> /etc/fstab'