After spinning up a fresh Ubuntu 26.04 LTS server, a few essential steps harden the system, create a non-root administrative account, and prepare it for production workloads. This guide walks through every step from first login to a locked-down, up-to-date server.

Tested and valid on:

Ubuntu 26.04 LTS

Prerequisites

A fresh Ubuntu 26.04 LTS server (cloud VM, VPS, or bare metal)
Root access or a user with sudo
An SSH client on your local machine

Step 1 – Log In as Root

Connect to your server using the root account and your server’s IP address:

ssh root@your_server_ip

Step 2 – Create a New Administrative User

Replace sammy with your preferred username:

adduser sammy

Step 3 – Grant Sudo Privileges

Add the new user to the sudo group:

usermod -aG sudo sammy

Step 4 – Set Up a Basic Firewall with UFW

Allow OpenSSH connections, then enable UFW:

ufw allow OpenSSH
ufw enable
ufw status

Step 5 – Copy Your SSH Key to the New User

From your local machine, copy your public key:

ssh-copy-id sammy@your_server_ip

Then test the connection:

ssh sammy@your_server_ip

Step 6 – Disable Root SSH Login

Edit the SSH daemon configuration:

sudo nano /etc/ssh/sshd_config

Set or confirm these values:

PermitRootLogin no
PasswordAuthentication no

Restart SSH to apply changes:

sudo systemctl restart ssh

Step 7 – Update All Packages

Keep the system current:

sudo apt update && sudo apt upgrade -y

Step 8 – Configure the Timezone

Set your server’s timezone (example: UTC):

sudo timedatectl set-timezone UTC
timedatectl

Conclusion

Your Ubuntu 26.04 LTS server now has a non-root sudo user, UFW firewall enabled, root SSH login disabled, and all packages up to date. From here you can install a web server, database, or any application stack.

Links

Newsletter

Contact

Initial Server Setup with Ubuntu 26.04 LTS