SetupUbuntuNewServer
When we deploy a new Ubuntu server, it usually comes with the root user and a password. Hackers immediately attempt brute-force attacks against root login.
To harden the server, we set up a dedicated user with sudo privileges, configure SSH key authentication, and disable root login.
1. SSH Into the Server
Log in as root with the password provided by your hosting provider:
ssh root@<server-ip>ssh root@<server-ip>2. Update the Server
Always update the package list and upgrade existing packages first:
apt update && apt upgrade -y3. Create a New User
Create a new user (replace errorop with your username):
adduser errorop4. Set a Password for the New User
Assign a password for the new user:
passwd errorop5. Create the wheel Group and Add User
Create the wheel group (if it doesn’t exist):
groupadd -f wheelAdd the user to wheel:
usermod -aG wheel errorop6. Grant wheel Group Sudo Access
Edit the sudoers file safely:
visudoUncomment or add this line:
%wheel ALL=(ALL) ALL
This gives all users in the wheel group full sudo privileges.
7. Configure SSH Key Authentication
On your local machine, generate an RSA key pair if you don’t have one:
ssh-keygen -t rsa -b 4096Copy the public key to the server:
ssh-copy-id -i ~/.ssh/id_rsa.pub errorop@<server-ip>Now you can log in without entering a password:
ssh errorop@<server-ip>8. Disable Root Login and Password Authentication
Edit the SSH daemon config:
nano /etc/ssh/sshd_configChange or add the following lines:
PermitRootLogin no
PasswordAuthentication no
Save and exit.
Reload SSH:
systemctl reload sshd9. Test Access
Open a new terminal and test logging in:
ssh errorop@<server-ip>Make sure everything works before closing your existing root session.
✅ Summary
- SSH into server as root.
- System updated (
apt update && apt upgrade). - New user created and password assigned.
wheelgroup created and configured insudoers.- SSH key authentication (RSA) set up.
- Root login and password login disabled.
Your Ubuntu server is now hardened against brute force attacks. 🚀