Creating and Configuring Ubuntu VPS Instances
Adam Sidiali
on scripts, guide, devops, and ubuntu
There are many different practices around spinning up and configuring new server instances for your apps and services. In this guide, I’ll walk you through how I deploy, setup, and configure an Ubuntu Linux VPS instance, which is my go-to hosted server configuration for its ease of use, general flexibility, and vast community support.
Here’s an overview of what we’ll cover:
- Deploying a new VPS instance
- Creating a new user
- Configuring SSH keys for your new user
- Securing your SSH configuration
- Configuring your firewall
1. Deploying a new VPS instance
Let’s get started by picking a VPS provider. There are tons to choose from, and while they are all pretty similar, you’ll probably find the one that best suits you by shopping around and trying a few.
I personally like using DigitalOcean. They run on AWS, but just provide simplified everything - from pricing to experience to support. I find it way easier to deal with than sorting through the vast number of services AWS has to offer, while still benefitting from their superior infrastructure. VPS start at $5 per month, and scale with your system requirements.
After creating an account with a provider and adding your billing details, you will be able to pick out a machine type. Be sure to select Ubuntu 18.04 LTS as your operating system, and for the purpose of this guide and most personal projects, minimum system specs will do.
If you have the option to add your SSH key during the VPS creation process, be sure to add yours from your local system. You can quickly view it from the command line on your local computer with the following command:
$ cat ~/.ssh/id_rsa.pub
Note: if you have setup your SSH keys in a different location, you will need to adjust the path in the above command for it to work.
Once your VPS has been created, you should be given an IP address - the location of your new private server!
You can now login with the following SSH command:
$ ssh root@<VPS-IP-ADDRESS>
If you included your SSH key in the VPS setup process, you should be logged in automatically. If you didn’t, you should have received a default root password either via email or right away in the signup process from your VPS provider. If you can’t find it, you can always reset it via your provider dashboard. Once you login by password for the first time, your system should ask you to set a new custom password.
2. Creating a new user
Now that we’re in, let’s setup our first user. Go ahead and run the following command with your name (I’m going to use adam). You’ll be asked for a few details like your name, and then the program will exit.
$ adduser adam
Once that’s done, let’s give our new user root privileges with the following command (don’t forget to replace adam with your user):
$ usermod -aG sudo adam
Now our user will be able to execute commands via root using sudo.
3. Configuring SSH keys for your new user
Let’s get our user setup with SSH keys to automate the authentication process.
We’ll want to copy over our local SSH key to our VPS user, so that we can SSH straight into this user instead of root when accessing our VPS. Let’s create the SSH config folder for our user, and copy over authenticated keys from the root SSH config (be sure to use your user in place of adam):
$ mkdir /home/adam/.ssh
$ cp authorized_keys /home/adam/.ssh/
$ chown /home/adam/.ssh/authorized_keys adam
We also need to change the owner of the copied file to be our user instead of root for SSH to authenticate properly:
$ chown /home/adam/.ssh/authorized_keys adam
Now that we have that copied over, let’s login to a new bash shell as our new user:
$ su adam
Now, we are operating on our VPS are our new user. Pretty nifty. Let’s create some SSH keys for our user:
$ ssh-keygen -t rsa
You will be asked a few different things regarding location, name, and password for your keys - we don’t need any of that right now, so do not type anything for any of them, and just hit enter until you are back at a bash prompt.
Let’s verify that our keys were created. Run the following commands to move to our user’s new SSH config directory, and print out the contents of our public SSH key:
$ cd ~/.ssh
$ cat id_rsa.pub
You should see something starting with ssh.... and ending with your VPS user@host - that string is your public SSH key! You can use that just like you can with a local SSH key, so that your VPS user can SSH into any other VPS you give this key to (see: SSH tunneling).
You can now exit your user session by running the command exit. You should be taken back to the root bash prompt of your VPS.
4. Securing your SSH configuration
The SSH default configuration on Ubuntu 18.04 allows for you to login as root via SSH, so that you can get into your VPS for the first time to get it set up. Once you have, though, it is best practice to disable root login via SSH in an effort to secure administrative privileges in case of attack.
Make sure you’re logged in as root on your VPS, and then run the following command to open up your SSH config in Nano, or your preferred editor:
$ nano /etc/ssh/sshd_config
Using your arrow keys, scroll to the line that says PermitRootLogin yes and change the yes to a no. Then, use Ctrl+O and Ctrl+X to save and exit Nano, or save and exit whichever editor you’re using.
Finally, we’ll want to restart our server’s SSH service for our change to take effect by running this command:
$ service sshd restart
Now moving forward, root logins via SSH will be disabled, and you’ll only be able to access your VPS via your newly created user from earlier. As you use your VPS for more and more things, you can create other user accounts for different use cases if you’d like to separate your services.
5. Configuring your firewall
Ubuntu 18.04 VPS servers ship by default with ufw firewall, which is a great little utility for securing your VPS.
Let’s start by making sure ufw is installed and disabled before we configure it. Log back into your VPS, and run the following command:
$ sudo ufw disable
After entering your password, you should get confirmation that ufw is stopped and disabled.
Now, we’ll add a few useful entries to our ufw firewall to allow access to some common applications:
$ sudo ufw allow ssh # expose SSH access
$ sudo ufw allow 80 # expose default web port
$ sudo ufw allow 443 # expose default SSL web port
Now, whenever you install and/or plan to expose a service to the web on your VPS, you’ll need to be sure to expose port access to your service by running the above
ufw allowcommand with whichever port it is you need to expose through the firewall.
Once you’re done configuring ufw for your exposed services, go ahead and enable it with the following command:
$ sudo ufw enable
And that’s it! You should see confirmation of ufw running successfully.
Closing Thoughts
Setting up a fresh VPS instance can be tedious, but with enough practice becomes a creature of habit. What’s more, every single thing we did in this post can be wrapped up into a bash script and automated, so that you can run it to automatically provision your new VPS instances without breaking a sweat. I’ll leave it up to you to put the script together.
Let me know if this guide helped you, and if there are any additions or changes you think would make this guide better, by leaving a comment below 👇