Initialize Ubuntu Droplet in DigitalOcean

This is a simple instruction on how to initialize Ubuntu Droplet in DigitalOcean. We will use Ubuntu 16.04 32 bit in this case.

We have to use a normal user instead of the root account. Normally the root account should be disabled. First, we have to add a user by executing the following command. Let’s assume the intended username is john.

adduser john

Then we need to add the above user account into sudo group by executing the following command.

gpasswd -a john sudo

Assuming you generated an SSH key pair using the previous step, use the following command at the terminal of your local machine to print your public key (id_rsa.pub):

cat ~/.ssh/id_rsa.pub

This should print your public SSH key, which should look something like the following:
id_rsa.pub contents

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBGTO0tsVejssuaYR5R3Y/i73SppJAhme1dH7W2c47d4gOqB4izP0+fRLfvbz/tnXFz4iOP/H6eCV05hqUhF+KYRxt9Y8tVMrpDZR2l75o6+xSbUOMu6xN+uVF0T9XzKcxmzTmnV7Na5up3QM3DoSRYX/EP3utr2+zAqpJIfKPLdA74w7g56oYWI9blpnpzxkEd3edVJOivUkpZ4JoenWManvIaSdMTJXMy3MtlQhva+j9CgguyVbUkdzK9KKEuah+pFZvaugtebsU+bllPTB0nlXGIJk98Ie9ZtxuY3nCKneB+KjKiXrAvXUPCI9mWkYS/1rggpFmu3HbXBnWSUdf localuser@machine.local

Select the public key, and copy it to your clipboard.

Add Public Key to New Remote User

To enable the use of SSH key to authenticate as the new remote user, you must add the public key to a special file in the user’s home directory.

On the server, as the root user, enter the following command to switch to the new user (substitute your own user name):

su - demo

Now you will be in your new user’s home directory.

Create a new directory called .ssh and restrict its permissions with the following commands:

mkdir .ssh
chmod 700 .ssh

Now open a file in .ssh called authorized_keys with a text editor. We will use nano to edit the file:

nano .ssh/authorized_keys

Now insert your public key (which should be in your clipboard) by pasting it into the editor.

Hit CTRL-X to exit the file, then Y to save the changes that you made, then ENTER to confirm the file name.

Now restrict the permissions of the authorized_keys file with this command:

chmod 600 .ssh/authorized_keys

Now that we have our new account, we can secure our server a little bit by modifying its SSH daemon configuration (the program that allows us to log in remotely) to disallow remote SSH access to the rootaccount.

Begin by opening the configuration file with your text editor as root:

nano /etc/ssh/sshd_config

Next, we need to find the line that looks like this:

/etc/ssh/sshd_config (before)
PermitRootLogin yes

Here, we have the option to disable root login through SSH. This is generally a more secure setting since we can now access our server through our normal user account and escalate privileges when necessary.

Modify this line to “no” like this to disable root login:

/etc/ssh/sshd_config (after)
PermitRootLogin no

Disabling remote root login is highly recommended on every server!

When you are finished making your changes, save and close the file using the method we went over earlier (CTRL-X, then Y, then ENTER).

Now that we have made our change, we need to restart the SSH service so that it will use our new configuration.

Type this to restart SSH:

service ssh restart

Now, before we log out of the server, we should test our new configuration. We do not want to disconnect until we can confirm that new connections can be established successfully.

Open a new terminal window on your local machine. In the new window, we need to begin a new connection to our server. This time, instead of using the root account, we want to use the new account that we created.

For the server that we showed you how to configure above, you would connect using this command. Substitute your own user name and server IP address where appropriate:

ssh demo@SERVER_IP_ADDRESS

Note: If you are using PuTTY to connect to your servers, be sure to update the session’s port number to match your server’s current configuration.

You will be prompted for the new user’s password that you configured. After that, you will be logged in as your new user.

Remember, if you need to run a command with root privileges, type “sudo” before it like this:

sudo command_to_run

If all is well, you can exit your sessions by typing: exit

Configure Linux Static IP Network Interface

Static IP configuration can be found in file /etc/network/interfaces. This applies to Debian or any derivatives such as Ubuntu.

Edit the file /etc/network/interfaces using sudo command

sudo pico /etc/network/interfaces

Change the file content to be similar like below. Please ensure to look closely on iface eth0 section. You can change the IP address based on your preferred address.

[code language=”bash”]# The loopback interface
auto lo
iface lo inet loopback

# Configuration for eth0 and aliases

# This line ensures that the interface will be brought up during boot.
auto eth0

# eth0 – This is the main IP address that will be used for most outbound connections.
# The address, netmask and gateway are all necessary.
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1[/code]

In case if you want to configure static IP in any virtual machine such as VirtualBox, you may need to adjust dns-nameservers manually
[code language=”bash”]iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
dns-nameservers 192.168.1.1
gateway 192.168.1.1
[/code]

How to Disable Root Login in Ubuntu

It is better to disable root user login since allowing root user login is a major security concern in Linux system. You can use root login after logging in as another user.

1. Edit sshd_config file.

sudo pico /etc/ssh/sshd_config

2. Search PermitRootLogin directive in that file and change PermitRootLogin to no. Example:

# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes

How to Install Security Updates in Ubuntu

You should install all available security updates in order to protect against unauthorised access to your Linux/Ubuntu box. The commands can be found in the following.

sudo apt-get update
sudo apt-get upgrade --show-upgraded

Please ensure to enter your root password since you are using sudo command that gains super access to your Linux system.