Getting Started with Ubuntu Server 24.04 LTS

Last updated: March 2026 • 10 min read

Ubuntu Server 24.04 LTS (Noble Numbat) provides a stable, secure foundation for your server. This guide walks through initial setup, security hardening, and essential configuration after deployment.

First Login

After deployment, you'll receive root credentials. Connect via SSH:

ssh root@your-server-ip

Important

Change the root password immediately on first login:

passwd

Step 1: Create a User Account

Running as root is dangerous. Create a regular user with sudo access:

adduser username
usermod -aG sudo username

Log out and back in as your new user.

Step 2: Update the System

Fresh installs need security updates:

sudo apt update
sudo apt upgrade -y
sudo apt autoremove -y

Enable automatic security updates:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

Step 3: Set Up SSH Keys

SSH keys are more secure than passwords. Generate on your local machine:

ssh-keygen -t ed25519 -C "your-email@example.com"

Copy to your server:

ssh-copy-id username@your-server-ip

Test login, then disable password authentication:

sudo nano /etc/ssh/sshd_config

Set these values:

PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin no

Restart SSH:

sudo systemctl restart sshd

Before Closing This Session

Open a new terminal and verify you can SSH in with your key. If something goes wrong, you'll still have this session to fix it.

Step 4: Configure the Firewall

UFW (Uncomplicated Firewall) is the easiest way to secure network access:

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable

For web servers, allow HTTP and HTTPS:

sudo ufw allow http
sudo ufw allow https

Check status:

sudo ufw status verbose

Step 5: Set the Hostname

Give your server a recognizable name:

sudo hostnamectl set-hostname myserver
sudo nano /etc/hosts

Update the entry for 127.0.1.1:

127.0.1.1 myserver.example.com myserver

Step 6: Set the Timezone

Correct timezone ensures logs are accurate:

sudo timedatectl set-timezone America/New_York

List available timezones:

timedatectl list-timezones

Step 7: Install Essential Packages

These utilities are useful on every server:

sudo apt install -y \
  curl \
  wget \
  git \
  htop \
  tmux \
  vim \
  ufw \
  fail2ban \
  unattended-upgrades

What Each Package Does

curl, wget — Transfer data from URLs
git — Version control
htop — Interactive process viewer
tmux — Terminal multiplexer (persistent sessions)
vim — Text editor
ufw — Firewall management
fail2ban — Brute-force protection
unattended-upgrades — Automatic security updates

Step 8: Configure Fail2Ban

Fail2Ban blocks repeated failed login attempts:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Default settings protect SSH. Check status:

sudo fail2ban-client status sshd

Step 9: Set Up Swap (Optional)

If your server has limited RAM, add swap space:

sudo fallocate -l 2G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

Make it permanent:

echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

Step 10: Install Docker (Optional)

Docker simplifies application deployment:

curl -fsSL https://get.docker.com | sudo sh
sudo usermod -aG docker $USER

Log out and back in to apply group membership.

Verify Your Setup

Run through this checklist:

✓ Root password changed
✓ User account created with sudo access
✓ System updated
✓ SSH keys configured
✓ Password authentication disabled
✓ Firewall enabled (SSH allowed)
✓ Hostname set
✓ Timezone configured
✓ Essential packages installed
✓ Fail2Ban running

Next Steps

Set up SSL certificates for HTTPS
Harden server security with additional measures
Deploy applications with Docker
Configure a reverse proxy for web services