Today, I have stumbled upon a simple BASH script called "Ubuntu-server-setup" that helps you to automate the setup and provisioning of Ubuntu server after a new installation. This script will do the following:
- Adds a new user account with sudo access
- Adds a public ssh key for the new user account
- Disables password authentication to the server
- Deny root login to the server
- Setup Uncomplicated Firewall (UFW)
- Create Swap file based on machine's installed memory
- Setup the timezone for the server (Default value is "Asia/Singapore". You can mention your timezone)
- Install Network Time Protocol
In this brief tutorial, we are going to see how to run this script in Ubuntu 16.04 LTS server. This might work on other Ubuntu versions too.
Ubuntu-server-setup - Ubuntu server post installation script
Before going to use this script, you need to create public ssh key on your client system. You will need this when running the script.
To create public ssh key, run:
$ ssh-keygen -t rsa
Enter the passphrase twice.
Generating public/private rsa key pair. Enter file in which to save the key (/home/sk/.ssh/id_rsa): Created directory '/home/sk/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/sk/.ssh/id_rsa. Your public key has been saved in /home/sk/.ssh/id_rsa.pub. The key fingerprint is: SHA256:JFEf6UJEHVmuU/wO1zFUeXyE5oxhLCBfJOKB4yoX9mI sk@ubuntuserver The key's randomart image is: +---[RSA 2048]----+ | .=+*+=*. ==| | o. *.+=++ +.+| | . .o.o..o+* oo| | o . o. .o..o.o| | . + S.o . o .| |. E . . + | | + . . | | | | | +----[SHA256]-----+
To view the newly created SSH public key, open a new Terminal window and run:
$ cat ~/.ssh/id_rsa.pub
Copy the ssh public key and keep it safe. You have to enter this key later.
Now, Login to your Ubuntu server. Install 'git' using commands:
$ sudo apt-get update
$ sudo apt-get install git
Next, grab the Ubuntu-server-setup script using command:
$ git clone https://github.com/jasonheecs/ubuntu-server-setup.git
The above command will clone the latest version to a folder called "ubuntu-server-setup" in your current working directory.
Go to the Ubuntu-server-setup directory and run the script as shown below.
$ cd ubuntu-server-setup/
$ bash setup.sh
Now, you'll have to answer series of question. Answer the, accordingly. First, Enter the new username:
Enter the username of the new user account:ostechnix Enter new UNIX password: Retype new UNIX password: Adding user `ostechnix' ... Adding new group `ostechnix' (1001) ... Adding new user `ostechnix' (1001) with group `ostechnix' ... Creating home directory `/home/ostechnix' ... Copying files from `/etc/skel' ... Changing the user information for ostechnix Enter the new value, or press ENTER for the default Full Name : Senthilkumar Room Number : 123 Work Phone : Home Phone : Other : Is the information correct? [Y/n] y
Copy/Paste the Public ssh key which we created in the previous step.
Paste in the public SSH key for the new user: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDg2S1/s3ZB/O/KBVT6OP0JEQKPQ3QjTOaWhAjFN9CJrb2IVYGx0P8SA52d81tw0UJXByXkPpxvGwXYbWukV6bF/mdm8kj+e+BxEYlq2sXbFdwW+lW0GwTYMq2tIRQ1Iec6QFLGNSi0QjLcIhG/JTg5TrmK9KyECCHRFQfR7cDWRXo2tBtMkDxdJdH/D4BdmO//rvSFgY4QiqjwmkKqgpLrK5ZvvfgjKWtO0+1D+hfrm+cTNGByWHvOAj3j5HyXB6dzNaKswCQygzkvESzXI6eyMWYW3+QNz2PBHbof+HVHSd9av7aC8IO31aUMsyvrTcSB3wHk0NpmrDfqLRvOspNb sk@ubuntuserver Running setup script...
Enter your timezone now:
Enter the timezone for the server (Default is 'Asia/Singapore'): Asia/Kolkata Timezone is set to Asia/Kolkata Installing Network Time Protocol... Setup Done! Log file is located at output.lo
Please note that you can't ssh to the Ubuntu server with any other users, except the one (i.e ostechnix in our case) you have just created. Because this script will disable the password-based ssh authentication for all users including root. And also, you can only ssh to the Ubuntu server from the client system where you have created the public ssh key and shared it with the remote system. If you want to ssh from some other systems, the public ssh key should be manually uploaded to a remote server that you want to be able to log into with SSH.
From now on, You'll be asked to enter the passphrase that you created in the client system every time you try to ssh to your server like below.
$ ssh email@example.com
Enter the passphrase for the key:
Enter passphrase for key '/home/sk/.ssh/id_rsa':
That's it. Ubuntu-server-setup script just completed the basic post installation tasks. Start installing other things you want to run in the server.