Server Setup Guide

Add Non-Root User

Creating a non-root user enhances security by limiting privileged access. This user can perform administrative tasks using sudo when needed, reducing the risk of accidental system changes.

Create new user with home directory and bash shell:
```
useradd -m -s /bin/bash userName
```
Set user password:
```
passwd userName
```
Add user to sudo group:
```
usermod -aG sudo userName
```
Verify sudo group members:
```
getent group sudo
```
If you want to remove user from sudo group:
```
gpasswd --delete userName sudo
```

Configure User SSH Key

SSH keys provide stronger security than passwords. Using ed25519 keys with a passphrase adds two layers of protection: the key file itself and the passphrase.

Switch to new user account:
```
su - userName
```

Generate SSH key:

ssh-keygen -t ed25519 -C "your_email@example.com"

Add passphrase when prompted

Add key to authorized_keys:

cat ~/.ssh/ed25519.pub >> ~/.ssh/authorized_keys

Setup Application Group

Creating a dedicated group for applications helps manage permissions and access control for application-specific files and directories.

Switch to new user:
```
su - userName
```
Create apps group:
```
sudo groupadd apps
```

Secure SSH Configuration

These settings strengthen SSH security by disabling root login, changing the default port, and enforcing key-based authentication only.

Open SSH config file:
```
sudo nano /etc/ssh/sshd_config
```

Update these settings, you can change the port if you want to:

PermitRootLogin no
Port 1122
PasswordAuthentication no
UsePAM no
PubkeyAuthentication yes

Apply changes:
```
sudo systemctl reload ssh
```

Update firewall rules:

sudo ufw status numbered
sudo ufw delete {number}  # Delete port 22 rule
sudo ufw allow 1122      # Add new SSH port

✨ Well done!

Edit this page on GitHub

Github ActionAction Workflow

Init ServerName Server Guide