Secure Digital Ocean Ubuntu 18.04 Server

July 18, 2019

I assume you setup SSH Key With DigitalOcean Droplet.

Login as root

ssh -i KEY_FILE.pem root@SERVER_IP

Create new user

Create new do-user and assign to sudo group for admin privileges.

adduser do-user
usermod -aG sudo do-user

Copy root’s SSH key to do-user

rsync --archive --chown=do-user:do-user ~/.ssh /home/do-user

Edit SSH configuration

sudo nano /etc/ssh/sshd_config

Disable login as root

PermitRootLogin no

Disable SSH password authentication

PasswordAuthentication no

Allow do-user only.

AllowUsers do-user

Restart SSH service

sudo systemctl reload sshd

NOTE: Don’t close the current root user terminal. Test login as do-user on separate terminal to make sure everything works to make sure you don’t accidentally lock yourself out from the server.

Test login for do-user.

ssh -i KEY_FILE.pem do-user@SERVER_IP

Setup Firewall

Refer Setup Firewall for Ubuntu 18.04.

Update Ubuntu

sudo apt-get update && sudo apt-get upgrade

NOTE: Might need to run sudo apt-get dist-upgrade as well, refer to install ubuntu update.

NOTE: You could look into automatic updates as well.

This work is licensed under a
Creative Commons Attribution-NonCommercial 4.0 International License.