Utah High Desert Amateur Radio Club
← Back to Linux How-Tos

Ubuntu & Ubuntu Server

Ubuntu is a Debian-based Linux distribution built for predictabilityPredictable systems behave the same way before and after updates, which is exactly what you want for remote radio and infrastructure sites., broad hardware support, and a fixed release cadence. On servers it is one of the most widely deployed platforms for cloud and VPS hosting, making it a natural fit for the always-on services UHDARC runs.

Beginner-safe Ops-grade Mobile-first UHDARC Reference
How to use this guide Read top to bottom the first time, then use it as a reference. The three core topics for infrastructure are LTS vs interim releases, cloud / VPS deployments, and system hardening. Each has its own section below.

What Ubuntu Is

Ubuntu is a complete operating system built on top of DebianDebian is the upstream distribution Ubuntu is based on. Ubuntu inherits Debian's .deb package format and much of its tooling, then adds a fixed release schedule and commercial backing.. It is developed and commercially backed by Canonical, and ships on a predictable schedule with clearly defined support windows. Under the hood it uses the same Linux kernelThe kernel is the core of the OS. It manages hardware (CPU, memory, disks, network) and lets programs run safely. and APTAPT is the package manager Ubuntu inherits from Debian. You use it to install, update, and remove software with commands like apt update and apt install. package tooling you would recognize from Debian.

For a newcomer: Ubuntu is the base layer that makes a machine usable. It boots the system, manages users and services, and enforces security policy. On top of that you add what you actually need — web servers, radio bridges, SDR tooling, dashboards, databases, and VPNs.

Who Ubuntu is for

  • Operators who want a fixed, dependable release schedule
  • Cloud and VPS deployments (it is the default on most providers)
  • People who want strong documentation and a huge community
  • Mixed fleets where the same OS runs on desktops and servers

What Ubuntu is not

  • A bleeding-edge rolling release
  • A drop-in replacement for every Debian-only workflow
  • A substitute for good backups and operational discipline

Historical Background

Ubuntu launched in 2004 to make Debian's stability more accessible with a predictable, time-based release schedule. Where Debian releases "when it's ready," Ubuntu commits to a new version every six months and a Long Term Support (LTS) release every two years.

Because Ubuntu is Debian-derived, most Debian knowledge transfers directly: the same package format, the same apt commands, a very similar filesystem layout. The main differences are the release cadence, some default choices, and Canonical's commercial support options.

Key takeaway If you already understand Debian, you already understand most of Ubuntu. The big thing to learn is Ubuntu's release model — which is the next section.

LTS vs Interim Releases

Ubuntu version numbers are just the year and month of release. 24.04 came out in April 2024; 24.10 in October 2024. Every two years, the April release is a Long Term SupportAn LTS release gets 5 years of standard security and maintenance updates (extendable further with Ubuntu Pro). LTS versions always end in .04 of an even year, e.g. 20.04, 22.04, 24.04. (LTS) release with five years of support. Everything in between is an interim releaseInterim (non-LTS) releases ship every six months and are supported for only 9 months. They get newer software sooner, but you must upgrade frequently to stay supported..

AspectLTS (e.g. 24.04)Interim (e.g. 24.10)
ReleasedEvery 2 years (April)Every 6 months
Support window5 years (standard)9 months
Software ageStable, slightly olderNewer packages
Upgrade pressureLow — upgrade every few yearsHigh — upgrade twice a year
Best forServers, infrastructure, remote sitesTesting newer software, desktops
UHDARC recommendation For anything that runs unattended — a VPS, a bridge, a dashboard, a repeater-site box — use the latest LTS. You get five years of security updates and far fewer forced upgrades. Save interim releases for desktops or lab machines where you want the newest software and don't mind frequent upgrades.

Checking what you're running

lsb_release -a          # shows your release + codename
cat /etc/os-release     # same info, machine-readable
hostnamectl             # OS + kernel + machine details

Ubuntu Server & System Structure

"Ubuntu Server" is the same Ubuntu without a desktop environment. No graphical interface, fewer installed packages, lower memory use — you administer it entirely over SSHSSH (Secure Shell) is the encrypted remote login protocol. You connect from your computer's terminal with: ssh user@server-address.. This is what you want on a VPS or a headless site box.

The filesystem layout is the standard Linux one you'd see on Debian: configuration lives under /etc, logs under /var/log, services are managed by systemdsystemd is the init system that starts, stops, and supervises background services. You control it with systemctl, e.g. systemctl status ssh., and your own files live under /home.

Server vs Desktop

  • No GUI — smaller attack surface, less to update
  • Lower RAM and disk footprint
  • Managed over SSH, ideal for remote sites
  • Same packages available via apt

Where things live

  • /etc — configuration files
  • /var/log — system and service logs
  • /home — user files
  • /etc/systemd — service definitions

Cloud & VPS Deployments

Ubuntu Server is the default image on nearly every cloud and VPS provider, which is exactly why it's worth knowing. When you spin up a new server, the provider boots an Ubuntu image and (usually) runs cloud-initcloud-init is the tool that configures a fresh cloud instance on first boot — setting the hostname, creating your user, installing your SSH key, and running any startup scripts you provide. to set it up: hostname, your login user, and your SSH key.

Typical first connection

After the provider gives you an IP address, you connect from your own terminal. Most providers either create a user for you or use root for the first login:

ssh ubuntu@YOUR_SERVER_IP      # many clouds use the 'ubuntu' user
# or
ssh root@YOUR_SERVER_IP        # some providers start with root

Practical notes for VPS hosting

  • Pick the LTS image. On a remote VPS you want the long support window, not a 9-month interim.
  • Add your SSH key at creation. Most providers let you paste a public key so you never need a password.
  • Set the timezone if your logs need to match local time: sudo timedatectl set-timezone America/Denver.
  • Snapshot before big changes. Cloud providers let you snapshot the whole disk — cheap insurance before an upgrade.
Why this matters for UHDARC Cloud/VPS boxes are where always-on services live — relays, reflectors, dashboards, and bridges that need to be reachable around the clock. Ubuntu LTS on a VPS is a dependable, well-documented foundation for exactly that kind of service.

First 15 Minutes After Install

A short, repeatable checklist for any fresh Ubuntu Server. Do these in order before installing your actual services.

1. Update everything

sudo apt update
sudo apt upgrade -y

2. Create your own user (if you're logged in as root)

adduser yourname
usermod -aG sudo yourname       # grant admin (sudo) rights

3. Set up SSH key login & the timezone

ssh-copy-id yourname@YOUR_SERVER_IP   # run this from YOUR computer
sudo timedatectl set-timezone America/Denver

4. Set the hostname so logs are clear

sudo hostnamectl set-hostname my-server-name
Do this before going live Update, a non-root sudo user, and SSH-key login are the three things that should be done on every box before it runs anything important. The hardening section below builds on these.

System Hardening Basics

Hardening means reducing the ways a system can be attacked. None of this is exotic — it's the standard baseline for any server exposed to the internet. Do these in order.

1. Enable the firewall (UFW)

UFWUFW (Uncomplicated Firewall) is Ubuntu's friendly front-end for the system firewall. It lets you allow or block ports with simple commands. ships with Ubuntu. Allow SSH first (so you don't lock yourself out), then enable it:

sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status verbose

2. Use SSH keys, then disable password login

Once your key login works, turn off password authentication so brute-force attempts can't succeed. Edit /etc/ssh/sshd_config:

PasswordAuthentication no
PermitRootLogin no
sudo systemctl restart ssh

Confirm you can still log in with your key in a second terminal before closing your current session — that way a mistake won't lock you out.

3. Turn on automatic security updates

sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades

4. Block repeated intruders with fail2ban

fail2banfail2ban watches your logs for repeated failed logins and temporarily bans the offending IP address. It dramatically cuts down SSH brute-force noise. bans IPs after repeated failed logins:

sudo apt install fail2ban -y
sudo systemctl enable --now fail2ban

The hardening checklist

  • Firewall on, only needed ports open
  • SSH key login only — passwords off
  • Root SSH login disabled
  • Automatic security updates enabled
  • fail2ban watching for brute force

Good habits beyond the basics

  • Keep a current backup or snapshot
  • Use a non-standard approach to remote access where practical (e.g. a VPN/Tailscale)
  • Review /var/log/auth.log occasionally
  • Remove software you don't actually use

Common Beginner Mistakes

  • Running an interim release on a server. It falls out of support in 9 months. Use LTS.
  • Enabling the firewall before allowing SSH. This locks you out of a remote box instantly. Always ufw allow OpenSSH first.
  • Disabling password login before testing the key. Verify key login in a second session first.
  • Working as root all the time. Create a normal user with sudo instead.
  • Skipping updates. A fresh image is already behind on security patches — update on day one.
  • No backups. Snapshot before upgrades and major changes.

Ubuntu vs Debian (Practical)

They're closely related — Ubuntu is built from Debian — so the day-to-day commands are nearly identical. The differences are about release cadence and defaults, not fundamentals.

AspectUbuntuDebian
Release scheduleFixed: every 6 months, LTS every 2 yearsWhen ready (roughly every 2 years)
Support window5 years (LTS)~3 years + LTS extensions
Package format.deb / apt.deb / apt
Default softwareNewer, more out-of-box defaultsConservative, minimal defaults
Commercial supportCanonical (Ubuntu Pro)Community-driven
Cloud/VPS presenceDefault image almost everywhereWidely available, slightly less common as default
Bottom line Pick Ubuntu LTS when you want a fixed schedule, the default cloud image, and a long support window. Pick Debian when you want the most conservative defaults and a community-run base. Both are excellent for infrastructure — and skills transfer between them.

Essential Commands (Plain English)

CommandWhat it does
sudo apt updateRefresh the list of available package updates
sudo apt upgradeInstall available updates
sudo apt install <name>Install a piece of software
systemctl status <svc>Check whether a service is running
sudo systemctl restart <svc>Restart a service
journalctl -u <svc>View a service's logs
sudo ufw statusShow firewall rules
lsb_release -aShow your Ubuntu version
df -hShow disk space
free -hShow memory usage

FAQ

Should I use Ubuntu or Debian for my radio server?

Either works well. Choose Ubuntu LTS if you want a fixed release schedule and the default cloud image; choose Debian for the most conservative defaults. Skills and commands transfer between them.

Which Ubuntu version should I install on a VPS?

The latest LTS. It gives you five years of security updates and avoids the frequent forced upgrades of interim releases.

How do I know if I'm on an LTS release?

Run lsb_release -a. If the version ends in .04 of an even year (20.04, 22.04, 24.04), it's an LTS.

Do I need a desktop on a server?

No. Use Ubuntu Server (no GUI) and administer it over SSH. It uses less memory and has a smaller attack surface.

What's the single most important hardening step?

SSH key-only login with passwords disabled, combined with the firewall allowing only the ports you need. That eliminates the most common attack — password brute-forcing.

Quick Glossary

TermMeaning
LTSLong Term Support — a release with 5 years of updates
Interim releaseA 6-month release supported for only 9 months
APTThe package manager (apt) used to install/update software
systemdThe init system that manages background services
SSHEncrypted remote login to a server
UFWUncomplicated Firewall — Ubuntu's simple firewall tool
cloud-initFirst-boot configuration tool for cloud/VPS instances
fail2banBans IPs after repeated failed logins
VPSVirtual Private Server — a rented virtual machine in the cloud