Ubuntu LTS Set-Up – The Stuff We Use

It is not every day that I have to set up a fresh install of Ubuntu, and I end up forgetting and having to repeat research on specific “tweaks”. I am now using this page as my own reference.

SSHd

install ssh
- apt install openssh-server
- systemctl enable ssh
create public key in ~/.ssh/authorized_keys

configure SSHd

ensure the “main” /etc/ssh/sshd_config has the Include /etc/ssh/sshd_config.d/*.conf directive at the very first active/non-commented line

create /etc/ssh/sshd_config.d/00-default.conf with the following

# enable tunnelled password authentication
PasswordAuthentication yes
ChallengeResponseAuthentication yes

# enable public key authentication w/possible less secure RSA keys
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes=+ssh-rsa
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2

# use local PAM
UsePAM yes

# disable root login
PermitRootLogin no
PermitEmptyPasswords no

# enforce pubkey THEN password requirement:
AuthenticationMethods publickey,password

X11Forwarding yes
AllowAgentForwarding no
AllowTcpForwarding no
PrintMotd no

ensure existing ‘root’ SSH session/alternate root access in case of required rollback
restart SSHd with systemctl restart ssh – any configuration issues would prevent service from restarting
test SSH log in with authorized public key then password

Window Manager and GUI

install a GUI/desktop for Ubuntu server
- apt install lightdm
- apt install ubuntu-desktop

systemd-networkd

tired of those 120s boot delays while the network waits for DHCP?
following this fix:
- sudo systemctl disable systemd-networkd-wait-online.service
- sudo systemctl mask systemd-networkd-wait-online.service
also mark all unneeded interfaces as optional e.g. in /etc/netplan/nn-whatever.yaml:
to find out which services are impacted:
- sudo systemctl show -p WantedBy network-online.target

Repository Maintenance

upgrading from old versions may have “remnant” repositories lurking around
- show the what is in the encoded /etc/apt/trusted.gpg file: apt-key --list
  - manually remove individual entries (using the fingerprint): apt-key del "xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx"
- check the sources in /etc/apt/sources.list.d
- check the trusted sources in /etc/apt/trusted.gpg.d
- check sources in /etc/apt/sources.list:
  - show what is in /etc/apt/sources.list: add-apt-repository --list
  - manually remove individual entries (using entire line): add-apt-repository --remove "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main"

Fix Broken/Partial/Stuck Package Installs

try any of the following in order:
- sudo dpkg --configure -a
- sudo apt-get install -f
- delete pending actions: sudo rm -fr /var/lib/dpkg/updates/*

Serial Console

trying to get Ubuntu to pipe everything through the serial console that may be available on your motherboard is a two-step process:
1. getting GRUB to redirect everything (although tooling to do an install outright from console-only is out of scope here):
  - make a backup before doing anything: sudo cp /etc/default/grub /etc/default/grub.bak
  - sudo vi /etc/default/grub and add/edit the following lines:
```
GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=ttyS4,115200n8"
GRUB_TERMINAL_INPUT="console serial"
GRUB_TERMINAL_OUTPUT="console gfxterm serial"
GRUB_SERIAL_COMMAND="serial --port=mmio,0xdf519000 --speed=115200 --word=8 --parity=no --stop=1"
```
    - note that the --port argument is usually replaced with --unit; I only document this parameter here in reference with another page – check the manual for more information
  - update grub (sudo update-grub), and after step #2 below, reboot!
2. getting Ubuntu to stick to the baud rate for a specific serial port (the “generic” agetty’s --keep-baud does not seem to work!)
  - create a copy of the serial-getty@tty.service file specific to the serial port (which in my example, is ttyS4):
    - sudo cp /lib/systemd/system/serial-getty\@.service /lib/systemd/system/serial-getty\@ttyS4.service
  - sudo vi /lib/systemd/system/serial-getty\@ttyS4.service and edit the agetty command line to force the baud rate
    - e.g. changing ExecStart=-/sbin/agetty -o '-p -- \\u' --keep-baud 115200,57600,38400,9600 - $TERM to ExecStart=-/sbin/agetty -o '-p -- \\u' 115200 - $TERM
  - link the new service file: ln -s /lib/systemd/system/serial-getty@ttyS4.service /etc/systemd/system/getty.target.wants/
  - then reload systemctl and start the service:
    - systemctl daemon-reload
    - systemctl start serial-getty@ttyS4.service

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.