Introduction
Whether you just got a new VPS or set up a bare metal server, this guide walks you through every step to get Ubuntu 24.04 LTS production-ready. By the end, you will have a secure, optimized server with a non-root user, SSH key authentication, and firewall configured.
Prerequisites
- A fresh Ubuntu 24.04 LTS server (VPS or bare metal)
- Root access via SSH or console
- A local machine with a terminal (Linux/Mac) or PuTTY (Windows)
Step 1 — Connect to Your Server
Connect to your server as root using SSH:
ssh root@YOUR_SERVER_IP
If using an SSH key:
#ssh -i ~/.ssh/id_rsa root@YOUR_SERVER_IP
Step 2 — Update System Packages
Always start by updating all packages to the latest versions:
#apt update && apt upgrade -y
Expected output:
Reading package lists… Done
Building dependency tree… Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Step 3 — Set the Correct Hostname
Set a proper hostname for your server. Replace ‘infratoai-server’ with your preferred name:
hostnamectl set-hostname infratoai-server
Verify it was set correctly:
#hostnamectl
Static hostname: infratoai-server
Operating System: Ubuntu 24.04.1 LTS
Kernel: Linux 6.8.0-31-generic
Step 4 — Create a New Non-Root User
Running as root is a security risk. Create a regular user and add it to the sudo group:
#adduser yourusername
#usermod -aG sudo yourusername
#Verify the user is in the sudo group:
#groups yourusername
#yourusername : yourusername sudo
Step 5 — Set Up SSH Key Authentication
On your LOCAL machine, generate an SSH key pair if you don’t have one:
#ssh-keygen -t ed25519 -C ‘your@email.com’
Copy the public key to your server:
ssh-copy-id yourusername@YOUR_SERVER_IP
Test that key login works before disabling password login:
ssh yourusername@YOUR_SERVER_IP
Step 6 — Harden SSH Configuration
Edit the SSH daemon configuration file:
#nano /etc/ssh/sshd_config
Find and change these lines:
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
Port 2222 # Optional: change default port
Restart SSH to apply changes:
systemctl restart sshd
Step 7 — Configure UFW Firewall
Enable and configure the UFW firewall:
#ufw allow 2222/tcp # Allow your new SSH port
#ufw allow 80/tcp # HTTP
#ufw allow 443/tcp # HTTPS
#ufw enable
Check firewall status:
#ufw status verbose
Status: active
To Action From
— —— —-
2222/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
Step 8 — Set the Correct Timezone
Set your server timezone:
#timedatectl set-timezone Asia/Kolkata
Verify:
#timedatectl
Local time: Thu 2025-01-16 14:30:00 IST
Time zone: Asia/Kolkata (IST, +0530)
Step 9 — Enable Automatic Security Updates
Install unattended-upgrades to automatically apply security patches:
#apt install unattended-upgrades -y
#dpkg-reconfigure –priority=low unattended-upgrades
Select Yes when prompted. This keeps your server patched without manual work.
Step 10 — Final Verification Checklist
- SSH in as your new user (not root) — confirm it works
- Run: sudo apt update — confirm sudo works
- Run: ufw status — confirm firewall is active
- Run: systemctl status sshd — confirm SSH is running
- Run: timedatectl — confirm correct timezone
Troubleshooting
Problem: Locked out after disabling password authentication
If you get locked out, access your server via the hosting provider’s console (Hostinger, AWS, etc.) and re-enable PasswordAuthentication yes in /etc/ssh/sshd_config, then set up keys properly.
Problem: UFW blocking everything
If you lose SSH after enabling UFW, disable it via console: ufw disable — then add the correct rules before re-enabling.
What’s Next?
Now that your server is set up and secured, here are the recommended next steps:
- Install Docker on Ubuntu 24.04 → (link to your next tutorial)
- Set Up Prometheus + Grafana Monitoring → (link)
- Install Kubernetes with kubeadm → (link)
This tutorial is part of the InfratoAI Linux series. Questions? Leave a comment below.