After spinning up a fresh Ubuntu 24.04 LTS server, a few essential steps harden the system, create a non-root administrative account, and prepare it for production workloads. This guide walks through every step from first login to a locked-down, up-to-date server.
Tested and valid on:
- Ubuntu 24.04 LTS
Prerequisites
- A fresh Ubuntu 24.04 LTS server (cloud VM, VPS, or bare metal)
- Root access or a user with sudo
- An SSH client on your local machine
Step 1 – Log In as Root
Connect to your server using the root account and your server’s IP address:
ssh root@your_server_ip Step 2 – Create a New Administrative User
Replace sammy with your preferred username:
adduser sammy Step 3 – Grant Sudo Privileges
Add the new user to the sudo group:
usermod -aG sudo sammy Step 4 – Set Up a Basic Firewall with UFW
Allow OpenSSH connections, then enable UFW:
ufw allow OpenSSH
ufw enable
ufw status Step 5 – Copy Your SSH Key to the New User
From your local machine, copy your public key:
ssh-copy-id sammy@your_server_ip Then test the connection:
ssh sammy@your_server_ip Step 6 – Disable Root SSH Login
Edit the SSH daemon configuration:
sudo nano /etc/ssh/sshd_config Set or confirm these values:
PermitRootLogin no
PasswordAuthentication no Restart SSH to apply changes:
sudo systemctl restart ssh Step 7 – Update All Packages
Keep the system current:
sudo apt update && sudo apt upgrade -y Step 8 – Configure the Timezone
Set your server’s timezone (example: UTC):
sudo timedatectl set-timezone UTC
timedatectl Conclusion
Your Ubuntu 24.04 LTS server now has a non-root sudo user, UFW firewall enabled, root SSH login disabled, and all packages up to date. From here you can install a web server, database, or any application stack.
