Note to Self

Build a non-production Ubuntu server VM

This is the procedure I go through to set up a Ubuntu server VM to try something out. It flies in the face of any best practice of keeping a server secure, and that's by design.

Usually, this will be a VirtualBox VM running on a Linux host (I have a pretty beefy main machine with a 12-core AMD CPU and 32 gigabytes of RAM that can support a few of these running).

Current as of Ubuntu 22.04 LTS “Jammy Jellyfish” for the server VM and VirtualBox 6.1.38 running on Linux as the host environment.

Before installation

Select a reasonable number of cores, amount of RAM and disk space. (I usually use 2 cores, 4 GB RAM and 32 GB of disk space unless the software I want to use needs more.)

Switch off audio.

Select “bridged networking”.

Note the MAC address of the network interface as you will need that in the next step.

Create an entry in your hosts database and assign a host address, so DHCP will configure it correctly. (If you don't have a hosts database, add it to your DNS and DHCP configuration manually.)

Add to your SSH configuration on your main machine by adding the following section to .ssh/config (substituting the name of the server for $server and the name of your SSH private key file, preferably one with no password set on the corresponding private key, for $ssh_private_key_file respectively):

Host $server $server.domain
User $server
StrictHostKeyChecking no
CheckHostIP no
IdentityFile $ssh_private_key_file

Optional: add to secondary zone (then add to the SSH configuration as well).

During installation

Select English as the language and German as the keyboard layout. (In my case, anyway.) I don't configure the disk as an LVM group (I don't see what that would be good for here.)

Use the server name as the user name and password.

Select installation of the OpenSSH server.

After installation

Configure SSH access from your main machine (substituting as above, $ssh_public_key is the corresponding public key to the private key in the file you used above):

ssh $server sh -c "\"mkdir -p .ssh && echo '$ssh_public_key' > .ssh/authorized_keys && chmod -R go= .ssh\""

Now you can log into your server without a password or passphrase. Do that.

Fix the default editor:

sudo update-alternatives --set editor /usr/bin/vim.basic

Should that fail (maybe you are applying this guidance to a desktop install), install the vim package and repeat. Edit the sudo file so the middle section looks like this (the changes are: rename group to adm , add the NOPASSWD: option and switch the sections as shown):

# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL

# Members of the adm group may gain root privileges
%adm ALL=(ALL) NOPASSWD: ALL

Check the time zone with timedatectl . It should be set to “Etc/UTC”. If it isn’t, set it:

sudo timedatectl set-timezone Etc/UTC

Edit /etc/default/motd-news to set ENABLED to 0 .

Create an executable file ~/bin/apt-upd.sh with the following content and run it:

#! /bin/sh

sudo apt-get update
while ! sudo apt-get full-upgrade -yuf 
do
        sleep 10
done
sudo apt-get autoremove -y
sudo apt-get autoclean
if [ -e /var/run/reboot-required ]
then
    sudo shutdown -r now
fi

EUI-64 IPv6 generation should be enabled by default; check by doing a ping6 $server , preferably from another machine.

I also suggest installing the mosh package. Mosh is an extension to ssh that can perform better under certain circumstances.