Firewall setup⚓︎
How to setup the UFW Ubuntu Firewall Configure after installing your application?
Ufw (uncomplicated firewall)⚓︎
Status: inactive
check ports in use⚓︎
-t TCP ports
-u UDP ports
-n numerical addresses instead of hosts
-l listening ports
-p PID and name of listener's process
source: check listening ports
setup your firewall⚓︎
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
Default outgoing policy changed to 'allow'
(be sure to update your rules accordingly)
enable ufw⚓︎
So far, the ufw has been disabled. As long as the port you use to access the server is allowed, you should be ok to log back in.
However, you can test if you can log in by opening a separate terminal window, without closing the one you are in.
Once you are sure of your settings:
● ufw.service - Uncomplicated firewall
Loaded: loaded (/.../ufw.service; enabled; vendor preset: e>
Active: active
...
deeper dive on configuring firewall rules with UFW
configured ports list⚓︎
this command will list the ports you have configured
Update⚓︎
When you log in, remember to update your server's software.
Hit:1 http://us.archive.ubuntu.com/ubuntu focal InRelease
Get:2 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease [128 kB]
...
All packages are up to date.
If the message above mentions that packages could be upgraded, run the command below.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
...
Do you want to continue? [Y/n]
You should see a progress bar at the bottom.
If you get a message to restart services in order to update Kernel. Hit enter. It will list which ones need to be restarted. Hit enter again.
It will display a list of items and say that nothing needs to be restarted, nor is anything outdated.
Next: Install Ditto.
System restart required⚓︎
When you login, aside from updates your server may request a restart.
log in, again
Restart from scratch⚓︎
Learning about tech means learning to make mistakes and trying again.
If you reinstall your server to try this process again from scratch, on the same server IP, you will get a scary warning like this one:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
from your terminal
# Host 111.111.11.11 found:
/route/ updated
Original contents retained as /route-for-old-keys
If you still cannot log in after that. The error message will give you a directory path at the bottom. The last numbers after the colon indicate the line you need to find and delete.
/thedirectory/path/it/gives/you/known_hosts:21
cd /thedirectory/path/it/gives/you
Ctrl + O to save
Ctrl + X to exit the window
sources:
How to Fix Warning Remote Host Identification Has Changed
Removing an SSH Public Key for user