# setup-hetzner-docker-server > Initialize a fresh Hetzner Ubuntu server with a non-root user configured for Docker application deployment. Sets up secure SSH access, Docker permissions, and a dedicated data directory. - Author: Zhe Li - Repository: zheli/agent-skills - Version: 20260206161054 - Stars: 0 - Forks: 0 - Last Updated: 2026-02-06 - Source: https://github.com/zheli/agent-skills - Web: https://mule.run/skillshub/@@zheli/agent-skills~setup-hetzner-docker-server:20260206161054 --- --- name: setup-hetzner-docker-server description: Initialize a fresh Hetzner Ubuntu server with a non-root user configured for Docker application deployment. Sets up secure SSH access, Docker permissions, and a dedicated data directory. allowed-tools: [Bash] --- # Hetzner Server Initial Setup with Docker ## Purpose Initialize a fresh Hetzner Ubuntu server with a non-root user configured for Docker application deployment. This skill sets up secure SSH access, Docker permissions, and a dedicated data directory. ## Prerequisites - Fresh Hetzner server running Ubuntu (tested on 24.04 LTS) - Root SSH access to the server - Docker already installed on the server - SSH public key(s) added to root's authorized_keys ## When to Use This Skill Use this skill when you need to: - Set up a new Hetzner server for hosting Docker applications - Create a non-root user with Docker and sudo access - Secure SSH access by disabling password authentication - Prepare a server for automated deployments ## Customization Variables Before running commands, replace these placeholders: - ``: The IP address of your Hetzner server - ``: A secure temporary password for the ubuntu user - `ubuntu`: Replace with different username if needed (default: ubuntu) - `/data`: Replace with different data directory path if needed (default: /data) ## Steps ### 1. Create Non-Root User ```bash # Create user with home directory and bash shell ssh root@ 'useradd -m -s /bin/bash ubuntu' # Set temporary password (user should change on first use) ssh root@ 'echo "ubuntu:" | chpasswd' # Verify user creation ssh root@ 'id ubuntu' ``` ### 2. Create Data Directory ```bash # Create /data directory with proper ownership and permissions ssh root@ 'mkdir -p /data && chown ubuntu:ubuntu /data && chmod 755 /data' # Verify directory setup ssh root@ 'ls -ld /data' ``` ### 3. Configure Passwordless Sudo ```bash # Create sudoers drop-in file for ubuntu user ssh root@ 'echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu' # Set correct permissions on sudoers file ssh root@ 'chmod 440 /etc/sudoers.d/ubuntu' # Verify sudoers configuration ssh root@ 'cat /etc/sudoers.d/ubuntu' ``` ### 4. Add User to Docker Group ```bash # Add ubuntu user to docker group ssh root@ 'usermod -aG docker ubuntu' # Verify group membership ssh root@ 'id ubuntu' # Should show: groups=1000(ubuntu),988(docker) or similar ``` ### 5. Setup SSH Key Access ```bash # Create .ssh directory for ubuntu user ssh root@ 'mkdir -p /home/ubuntu/.ssh' # Copy root's authorized_keys to ubuntu user ssh root@ 'cp /root/.ssh/authorized_keys /home/ubuntu/.ssh/authorized_keys' # Set correct ownership and permissions ssh root@ 'chown -R ubuntu:ubuntu /home/ubuntu/.ssh && chmod 700 /home/ubuntu/.ssh && chmod 600 /home/ubuntu/.ssh/authorized_keys' # Verify SSH setup ssh root@ 'ls -la /home/ubuntu/.ssh/' ``` ### 6. Disable SSH Password Authentication ```bash # Create SSH config drop-in file to disable password auth ssh root@ 'echo "PasswordAuthentication no" > /etc/ssh/sshd_config.d/50-disable-password-auth.conf' # Verify configuration ssh root@ 'cat /etc/ssh/sshd_config.d/50-disable-password-auth.conf' ``` ### 7. Restart SSH Service ```bash # Restart SSH service (on Ubuntu 24.04, service name is 'ssh', not 'sshd') ssh root@ 'systemctl restart ssh' # Verify SSH service status ssh root@ 'systemctl status ssh | head -n 10' ``` ### 8. Verification ```bash # Test all configurations in one command ssh ubuntu@ ' whoami && echo "---SSH login successful---" && sudo -n whoami && echo "---Sudo without password successful---" && docker ps 2>&1 | head -n 5 && echo "---Docker command successful---" && ls -ld /data && echo "---/data access successful---" && touch /data/test-file && rm /data/test-file && echo "---/data write test successful---" ' ``` ## Expected Results After running all steps, you should have: - ✓ Non-root user `ubuntu` with UID 1000 - ✓ `/data` directory owned by ubuntu:ubuntu - ✓ Ubuntu user can run sudo commands without password - ✓ Ubuntu user can run docker commands without sudo - ✓ SSH key-based authentication working for ubuntu user - ✓ SSH password authentication disabled - ✓ All configurations verified and working ## Security Notes - **Temporary Password**: Set a secure temporary password. User should change it on first use (though SSH keys are preferred) - **SSH Keys**: Ensure you have SSH key access working before disabling password authentication - **Passwordless Sudo**: Appropriate for automation/admin users but understand the security implications - **Docker Group**: Docker group membership grants root-equivalent access to the system - **Root Access**: Keep root SSH access via keys as backup ## Troubleshooting - **SSH service name**: On Ubuntu 24.04+, the service is named `ssh` not `sshd` - **Docker group GID**: May vary by system (e.g., 988, 999, etc.) - **Existing users**: If ubuntu user exists, use `usermod` instead of `useradd` - **SSH lockout**: Always test SSH key login before disabling password auth - **Sudoers syntax**: Test with `visudo -c` to check syntax before applying ## References - Hetzner Cloud Documentation: https://docs.hetzner.com/cloud/ - Ubuntu Server Guide: https://ubuntu.com/server/docs - Docker Post-Installation Steps: https://docs.docker.com/engine/install/linux-postinstall/