Securing Your Linux Server: Essential First Steps
Harden a fresh Ubuntu 24.04 server by creating a non-root user, locking down SSH, configuring a firewall with UFW, and setting up fail2ban to block brute-force attacks.
Need a server? Get $200 free credits on DigitalOcean- A running Ubuntu 24.04 server (see exercise 1: Creating and Connecting to Your First Linux Server)
- SSH access as root to your server
- Basic terminal knowledge
You need a running Linux server for this exercise. Any Ubuntu server works, but we recommend DigitalOcean for quick setup.
Get $200 in free credits to get started.
Disclosure: This is an affiliate link. We may earn a commission at no extra cost to you.
- Create a non-root user with sudo privileges
- Disable root login and password authentication over SSH
- Configure UFW to allow only necessary traffic
- Install and configure fail2ban to block repeated login attempts
- Verify that security settings are working correctly
Create a Non-Root User with Sudo Access
Running everything as root is risky. A single typo can destroy your system. Create a regular user and give it sudo privileges so you can run admin commands only when needed.
Copy SSH Key to the New User
Copy your SSH public key from the root account to the new user so you can log in directly without a password.
Test Sudo Access for the New User
Open a new terminal window and SSH in as the deploy user. Verify that sudo works before locking down root access.
Disable Root Login and Password Authentication
Now that you have a working sudo user, disable root SSH login and password authentication. This blocks the two most common attack vectors on Linux servers.
Configure UFW Firewall
UFW (Uncomplicated Firewall) is the default firewall tool on Ubuntu. Set it up to allow only SSH, HTTP, and HTTPS traffic, and block everything else.
Install and Configure fail2ban
fail2ban monitors log files for repeated failed login attempts and temporarily bans the offending IP addresses. It is one of the best defenses against brute-force SSH attacks.
Verify fail2ban is Working
Check that fail2ban is running, the SSH jail is active, and review the current ban status.
Run a Final Security Check
Verify that all security settings are in place by running a series of checks.
Found an issue?
Series:Linux Server Setup SeriesPart 2 of 5
More exercises
Linux
Creating and Connecting to Your First Linux Server
Spin up an Ubuntu 24.04 Linux server in the cloud, configure SSH key authentication, and learn to navigate your new server. This exercise uses DigitalOcean but the steps work with any cloud provider.
30 minutes
Linux
Running Docker Containers on Your Linux Server
Install Docker and Docker Compose on Ubuntu, run your first container, deploy a WordPress stack with docker-compose, and set up Nginx as a reverse proxy in front of your containers.
60 minutes
Linux
Linux Performance Tuning and Troubleshooting
Master essential Linux performance analysis and optimization techniques to diagnose and resolve system bottlenecks.
80 minutes
Also worth your time on this topic
How to Close Specific Ports on Linux Systems
Learn how to close and block specific ports on Linux using iptables, ufw, firewalld, and by stopping services. Secure your system by controlling port access.
Creating and Connecting to Your First Linux Server
Spin up an Ubuntu 24.04 Linux server in the cloud, configure SSH key authentication, and learn to navigate your new server. This exercise uses DigitalOcean but the steps work with any cloud provider.
30 minutes
SSH Basics and Key Authentication
How does SSH key authentication work? How do you set it up?
junior