LightYear
/Docs
DocsGetting StartedInitial Server Setup on Ubuntu 22.04

Initial Server Setup on Ubuntu 22.04

Perform essential post-deployment configuration: create a non-root user, configure UFW, and enable automatic security updates.

beginner
10 min read
LightYear Docs Team
Updated April 24, 2026
ubuntusetupsecurityufwusers
Ready to get started?

After deploying a new Ubuntu 22.04 server, you should perform a few essential configuration steps before putting it into production. This guide covers creating a non-root user, configuring a basic firewall, and enabling automatic security updates.

Prerequisites

  • A running Ubuntu 22.04 server
  • SSH access as root

Step 1 — Update the System

Connect to your server and update all packages:

>_BASH
$apt update && apt upgrade -y
OUTPUT
Hit:1 http://archive.ubuntu.com/ubuntu jammy InRelease
Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
...
Reading package lists... Done
Building dependency tree... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Step 2 — Create a Non-Root User

Running as root is a security risk. Create a regular user with sudo privileges:

>_BASH
$adduser deploy

Follow the prompts to set a password. Then add the user to the sudo group:

>_BASH
$usermod -aG sudo deploy

Step 3 — Copy SSH Key to the New User

>_BASH
$rsync --archive --chown=deploy:deploy ~/.ssh /home/deploy

Test the new user in a separate terminal before logging out of root:

>_BASH
$ssh deploy@YOUR_SERVER_IP

Step 4 — Disable Root SSH Login

Edit the SSH daemon configuration:

>_BASH
$nano /etc/ssh/sshd_config

Find and update these lines:

INI
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes

Restart SSH:

>_BASH
$systemctl restart sshd

[!WARNING] Ensure you can log in as your new user with SSH key authentication before disabling root login. Otherwise you may lock yourself out.

Step 5 — Configure UFW Firewall

Install and configure UFW (Uncomplicated Firewall):

>_BASH
$ufw allow OpenSSH
$ufw enable
OUTPUT
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Check the status:

>_BASH
$ufw status verbose
OUTPUT
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp (OpenSSH)           ALLOW IN    Anywhere

Step 6 — Enable Automatic Security Updates

>_BASH
$apt install unattended-upgrades -y
$dpkg-reconfigure --priority=low unattended-upgrades

Select Yes when prompted to automatically download and install stable updates.

Step 7 — Set the Timezone

>_BASH
$timedatectl set-timezone America/New_York

Verify:

>_BASH
$timedatectl
OUTPUT
               Local time: Thu 2026-04-24 10:00:00 EDT
           Universal time: Thu 2026-04-24 14:00:00 UTC
                 RTC time: Thu 2026-04-24 14:00:00
                Time zone: America/New_York (EDT, -0400)

Next Steps

Your server is now configured with basic security hardening. Continue with:

Was this article helpful?

Your cookie choices for this website

This site uses cookies and related technologies, as described in our privacy policy, for purposes that may include site operation, analytics, and enhanced user experience. You may choose to consent to our use of these technologies, or manage your own preferences. Cookie policy