First Login to Your Ubuntu 18.04 Server Safely (Root & SSH)

First Login to Your Ubuntu 18.04 Server Safely (Root & SSH)

Logging In to a Fresh Ubuntu 18.04 Server Without Breaking Anything

A while back, I spun up a new Ubuntu 18.04 server late at night, half-asleep after putting my kids to bed.
I typed ssh root@something, saw a scary message about “authenticity can’t be established”, and my brain yelled: “Did I just get hacked?”

Turns out, that message was totally normal.
The real problem was: I didn’t have a simple, safe checklist for that very first login as root.

This article is for you if:

  • You just created a new Ubuntu 18.04 server
  • You see only the root account and you’re not sure what to do next
  • SSH warnings and password prompts are making you nervous

We’ll walk through logging into your server as root step by step, explain what the warnings mean, and prepare you for the next step: creating a safer user with limited privileges.


1. Understand What Root Is (and Why You Should Be Careful)

On a brand-new Ubuntu 18.04 server, there’s usually only one account ready to go: root.
root is the super admin of the system.
It can do anything, including destroying the whole OS with a single bad command.

Because of that power, you really don’t want to use root for everyday work.
It’s way too easy to mistype something and wipe files, break services, or lock yourself out.

The recommended pattern is:

  • Use root only for first login and initial setup
  • Then create a normal user
  • Give that normal user permission to run admin commands (using tools like sudo or su)

In this guide, we focus on that very first login as root.
In the next logical step (not fully covered by the source text), you’d set up your safer user.


2. Gather What You Need Before You SSH In

Before you touch the terminal, make sure you have these two things:

  1. Your server’s public IP address
    This is the address you use to connect from your computer to the server.
    Your hosting provider usually shows it on the control panel or dashboard.
  2. A way to authenticate as root
    You will use either:
  3. The root account password, or
  4. The SSH private key for the root account (if you configured SSH key authentication when setting up the server)

If you didn’t set up an SSH key, you’ll be logging in with the root password.
If your SSH key is protected with a passphrase, you’ll need that passphrase too.

Safety tip:
Keep your root password and SSH private key somewhere secure.
Anyone with those can take over your server.


3. Connect to the Server as Root via SSH

Now we actually connect.
You’ll need a terminal on your local machine:

  • On Linux or macOS: use the built-in Terminal
  • On Windows: you can use something like PowerShell with OpenSSH installed, or any SSH client that supports the same command syntax

Step-by-step: SSH into the server

  1. Open your terminal.
  2. Run this command (replace your_server_ip with your real IP):
ssh root@your_server_ip
  1. Press Enter.

This tells your computer: “Open an SSH connection to the server at your_server_ip using the root user.”

If nothing happens and it hangs for a long time, double-check:

  • The IP address is correct
  • The server is actually running
  • Your network or firewall isn’t blocking SSH (port 22 by default)

4. Handle the Host Authenticity Warning (It’s Normal)

The first time you connect, SSH will almost certainly show something like:

The authenticity of host ‘your_server_ip’ can’t be established.

This is expected on a fresh connection.
Your computer has never seen this server before, so it doesn’t have its host key saved.
SSH is basically saying: “Hey, I don’t know this machine yet. Are you sure this is correct?”

At this point, you:

  • Confirm that the IP is indeed your server
  • If you’re confident, type yes and press Enter

Once you accept, your system will remember this server so you won’t see that same warning (for that address and host key) next time.


5. Enter Your Password or SSH Key Passphrase

After the host key question, SSH will try to authenticate you.
What you see next depends on how your server is configured.

Case A: Using password authentication

If your server is set to use password login for root, you’ll see a prompt like:

root@your_server_ip's password:

Do this:

  1. Type the root password (the one your provider gave you, or the one you set).
  2. Press Enter.

Note:

  • You won’t see any characters while typing (no stars, nothing) — that’s normal for terminals.
  • If you type it wrong, you’ll be asked again.

Case B: Using SSH key authentication

If you’re authenticating with an SSH key and the key has a passphrase, you’ll see something like:

Enter passphrase for key '/path/to/your/private/key':

In that case:

  1. Type your key’s passphrase.
  2. Press Enter.

This is separate from your server’s root password.
The passphrase protects your private key on your local machine.

First-time login password change

The first time you log in with a password, your server may force you to change the root password.
That’s a good security measure.

The flow usually looks like this:

  1. You log in with the initial root password.
  2. The system asks for a new password.
  3. You type the new password twice.

Pick something strong and unique.
Write it down in a secure password manager.


6. Confirm You’re Logged In as Root

If everything went fine, your terminal should now show a prompt with root in it.
The exact look depends on your server, but it’ll be something like:

root@servername:~#

Key points:

  • You’re now running commands as root, with full admin powers.
  • Any mistakes can affect the whole system, so type carefully.

From here, the next recommended step (as mentioned in the source) is:

  • Create a regular system user
  • Configure that user so it can run admin commands when needed (using tools like sudo or su)

That way, you spend most of your time as a safer, limited user and only escalate when necessary.


7. Safety Tips While You’re Still Using Root

Until you set up a regular user, you’ll be doing a few things as root.
Here are some quick habits that help prevent accidents:

  1. Double-check destructive commands
    Commands that remove files or change system configs deserve an extra look before pressing Enter.
  2. Avoid copy-pasting blindly
    Especially from random forums.
    Each server can have different paths or assumptions.
  3. Finish your initial setup soon
    Don’t live in root forever.
    Use it to bootstrap the system, then switch to a normal user for daily work.

8. What to Do Next After First Login

The source text stops right after root login and says:

In the next step, you’ll set up a new system user account with reduced privileges, and configure this user to run administrative commands via su…

So your mental checklist after this guide should be:

  • ✔ Log in as root via SSH
  • ✔ Confirm password or SSH key works
  • ⏭ Next: create a non-root user with limited privileges

That next step usually involves:

  • Creating a new user account
  • Granting it permission to run admin commands (e.g., via su or a similar mechanism)
  • Using that user for normal operations instead of root

The important part for now: you know how to log in as root safely and intentionally, instead of guessing your way through scary SSH messages.


If this saved you time, bookmark CrushEdge for more fixes.

No Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.