Quick reference for web server admin on a Ubuntu system.

Connect via SSH

$ ssh root@<server_ip>

Add a non-root user

Add a new user and add to the sudo group.

$ adduser <user>
$ usermod -G sudo <user>

Generate SSH keys

On the local machine, use

$ ssh-keygen

to create a key pair stored in ~/.ssh by default. Then, copy the public key contents to the server.

$ cd ~/.ssh
$ cat id_rsa.pub

In a new terminal window connect to the server with your new user and paste the contents as a new line into the authorized_keys file. This file won’t exist if it is the first time setting up SSH so create it:

$ ssh <user>@<server_ip>
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
$ cd ~/.ssh
$ nano authorized_keys

Set permissions for this file:

$ chmod 600 authorized_keys

Shell Commands Quick Ref

To move around filesystem,

$ cd /absolute/path
$ cd ../relative/path

For listing files, use the -la flags to list all files with details:

$ ls -la

Copy files:

$ cp path/to/file path/to/new/file

Move or rename a file:

$ mv filename new_filename
$ mv file new/file

Move or rename a directory:

$ mv dirname new/path/dirname
$ mv dirname new_dirname

Transfer files with SFTP

$ sftp <user>@<ip_address>

Then use normal commands but to have the effect on the local filesystem precede it with an l:

$ lpwd
$ lls
$ lcd

Then to send a file or directory from the local machine to server:

$ put <local_file>
$ put -r <local_directory>

Which will put the file or directory (the -r flag specifies recursive, so all contents will be transfered) to the current directory on the server.

To download a file or directory from the server:

$ get <remote_file>
$ get -r <remote_directory>

When done issue exit.

Disable Password Authentication

Log in to the server and edit sshd_config:

$ ssh <user>@<ip_address>
$ sudo nano /etc/ssh/sshd_config

Find the line containing PasswordAuthentication and set to no.
Also find the line containing PermitRootLogin and set to no.

Then restart SSH:

$ sudo systemctl reload sshd

Firewall

To use the Ubuntu firewall, ufw:

$ sufo ufw status

A common operation is to allow a specific program through (e.g. a web server). To see the available applications for such a commands, run:

$ sudo ufw app list

And then to enable one enter as the argument for allow:

$ sudu ufw allow OpenSSH
$ sudo ufw allow 'Nginx HTTP'

You can also enter a specific port or connection type:

$ sudo ufw allow 443
$ sudo ufw allow http

To enable or disable the firewall altogether, use enable or disable:

$ sudo ufw enable
$ sudo ufw disable