Setting Up Ubuntu Server on Intel Mac Minis
This guide will walk you through setting up Ubuntu Server on Intel-based Mac Minis, configuring static IP addresses, and securing SSH access. Whether you’re new to Linux or have some experience, this step-by-step tutorial will help you get your servers up and running.
ℹ️ This is the guide I wished I had when I first set up my server. It’s a bit verbose, but it’s should get the job done.
What You’ll Find Here
- How to create a bootable Ubuntu Server USB drive
- How to install Ubuntu Server on Mac Minis
- How to configure static IP addresses (and why you need them)
- How to set up secure SSH access with key-based authentication
- Basic security hardening for your servers
Prerequisites
- Intel-based Mac Mini (this guide is specifically for Intel Macs)
- USB drive (8GB or larger)
- Basic familiarity with terminal/command line (optional, we’ll explain each step but you will feel more comfortable if you have some experience)
- Access to your network router configuration (optional, for advanced setup)
Step 1: Download Ubuntu Server
- Go to https://ubuntu.com/download/server
- Download the latest LTS (Long Term Support) version
- Save the
.iso
file to your computer
Why LTS? LTS versions receive security updates for 5 years, making them more stable for server use.
Step 2: Create Bootable USB Drive
- Download and install Balena Etcher
- Insert your USB drive
- Open Balena Etcher
- Select the Ubuntu Server
.iso
file you downloaded - Select your USB drive
- Click “Flash” and wait for completion
Important: This will erase everything on your USB drive. Make sure you don’t have important data on it.
Step 3: Install Ubuntu Server on Mac Mini
-
Insert the bootable USB into your Mac Mini
-
Power on the Mac Mini while holding the Option key
-
You’ll see a boot menu - select the Ubuntu installation option
-
Follow the installation wizard:
- Choose your language
- Select keyboard layout
- Skip network configuration (we’ll do this manually later for better control)
- Use entire disk for installation
- Create your user account (remember this username - you’ll need it later)
- Skip additional software installation for now
-
After installation completes, remove the USB drive and reboot
Why skip network configuration? Manual network setup gives us more control and helps us understand what’s happening.
Step 4: Configure Static IP Address
What is a static IP and why do we need it? A static IP means your server will always have the same IP address on your network. This makes it easier to connect to remotely and ensures other devices can always find it.
Some guide on choosing an IP address: If you already know what IP address you want to use, you can skip this step and go to the next one. If you don’t know, here’s a guide on choosing an IP address:
Understanding IP Addresses and Where to Get Them
Important: You can’t just use any IP address! The numbers must match your specific network setup.
How to Find Your Network Information
Option 1: Check Your Current Computer’s Network Settings
On Mac/Linux, run in terminal:
ip route | grep default
ifconfig | grep inet
On Windows, run in Command Prompt:
ipconfig
Look for:
- Gateway/Router IP (usually ends in .1, like 192.168.1.1)
- Your current IP (this shows what range your network uses)
- Subnet mask (usually 255.255.255.0, which equals /24)
Option 2: Check Your Router’s Admin Panel
- Open a web browser
- Go to your router’s IP (usually 192.168.1.1 or 192.168.0.1)
- Log in with admin credentials
- Look for “Network Settings” or “LAN Settings”
- Find the IP range and DHCP settings
Option 3: Ask Your Network Administrator
- In office/enterprise environments (like your DevOps team case)
- They’ll provide you with:
- Available IP address to use
- Gateway/router IP
- DNS servers
- Subnet mask
Choosing the Right IP Address
For Home Networks:
- Most home routers use these ranges:
192.168.1.x
(gateway: 192.168.1.1)192.168.0.x
(gateway: 192.168.0.1)10.0.0.x
(gateway: 10.0.0.1)
Pick an IP that’s:
- In the same range as your network
- NOT in the DHCP range (to avoid conflicts)
- NOT already used by another device
Example: If your router is 192.168.1.1 and gives out DHCP from .2 to .50, choose something like 192.168.1.100
For Office/Enterprise Networks:
- Always ask your IT team or DevOps first
- They manage IP allocation and have specific ranges for servers
- They may have firewall rules that depend on specific IP ranges
- Using wrong IPs can cause network conflicts
What Each Number Means
Using 192.168.1.100/24
as an example:
192.168.1
= Your network identifier.100
= Your specific device number/24
= Subnet mask (means first 24 bits are for network, last 8 for devices)
The gateway (like 192.168.1.1) is your router - it connects your local network to the internet.
DNS Servers
- Home users: Can use public DNS like 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare)
- Enterprise users: Ask your IT team - they might have specific DNS servers you must use
Run these commands on your Mac Mini server:
First, check your network interface:
ip a
This will show you the network interfaces on your server. You should see something like this:
enp1s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic enp1s0f0
In this example, the network interface is enp1s0f0
.
Pay attention to the state of the interface. If it’s DOWN
, you need to bring it up.
If the interface is DOWN
, bring it up with the following command:
sudo ip link set enp1s0f0 up
Once the interface is up, you can set a static IP address.
Set a static IP address, for this example, we’ll use 192.168.1.100/24
(replace with your network’s IP range):
sudo ip a a 192.168.1.100/24 dev enp1s0f0
Add a default route to your router:
sudo ip r a default via 192.168.1.1
Test connectivity to your router:
ping 192.168.1.1
Important: Make sure the number of packets sent equals packets received. Press Ctrl+C to stop.
Make the configuration permanent:
Create a network configuration file:
sudo nano /etc/systemd/network/10-ethernet.network
Add this content (adjust IP addresses for your network):
[Match]
Name=enp1s0f0
[Network]
DHCP=no
Address=192.168.1.100/24
Gateway=192.168.1.1
DNS=8.8.8.8
DNS=8.8.4.4
[Route]
Gateway=192.168.1.1
How to use nano editor:
- Type or paste the content above
- Press
Ctrl + X
to exit - Press
Y
to save changes - Press
Enter
to confirm the filename
IP Address Explanation:
192.168.1.100
- Your server’s IP address192.168.1.1
- Your router’s IP address (gateway)/24
- Subnet mask (means first 24 bits are for network, last 8 for devices)- DNS servers
8.8.8.8
and8.8.4.4
are Google’s public DNS servers
Restart the network service:
sudo systemctl restart systemd-networkd
Verify your configuration:
ip addr show enp1s0f0
ip route show
Step 5: Install and Configure SSH Server
What is SSH? SSH (Secure Shell) lets you connect to your server remotely from another computer, so you don’t need to plug in a keyboard and monitor every time.
Install SSH server:
sudo apt update
sudo apt install openssh-server
Start and enable SSH service:
sudo systemctl start ssh
sudo systemctl enable ssh
Check that SSH is running:
sudo systemctl status ssh
You should see “active (running)” in green.
Step 6: Set Up SSH Key Authentication
Why use SSH keys instead of passwords? SSH keys are much more secure than passwords and can’t be brute-forced easily.
Run these commands on your LOCAL computer (not the server):
Generate an SSH key pair:
ssh-keygen -t ed25519
Just press Enter for all prompts to use default settings.
Copy your public key to the server (replace username
and IP address):
scp ~/.ssh/id_ed25519.pub [email protected]:~/
You’ll need to enter your server password one last time.
Run these commands on your SERVER:
Create SSH directory with proper permissions:
mkdir -p ~/.ssh
chmod 700 ~/.ssh
Add your public key to authorized keys:
cat ~/id_ed25519.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
Remove the temporary key file:
rm ~/id_ed25519.pub
Permission Numbers Explained:
700
= Owner can read, write, execute; no one else can access600
= Owner can read and write; no one else can access
Test SSH connection from your LOCAL computer (make sure you use the username you set during installation and the IP address you set in the previous step):
ssh [email protected]
You should now connect without entering a password!
Step 7: Secure SSH Configuration
Why disable password authentication? Once key-based authentication works, disabling passwords prevents brute-force attacks.
Run on your SERVER:
Edit SSH configuration:
sudo nano /etc/ssh/sshd_config
Find and modify these lines (or add them if they don’t exist):
PasswordAuthentication no
UsePAM no
What these settings do:
PasswordAuthentication no
- Disables password login, forces key-only accessUsePAM no
- Disables Pluggable Authentication Modules for additional security
Restart SSH service:
sudo systemctl restart ssh
Test from your LOCAL computer:
ssh [email protected]
You should still connect successfully with your key.
Adding More SSH Keys (Optional)
If you want to connect from multiple computers:
On your SERVER:
nano ~/.ssh/authorized_keys
Add each new public key on a separate line, then:
chmod 600 ~/.ssh/authorized_keys
You’re Done!
ℹ️ Your server is now ready for whatever projects you have in mind. Remember to keep it updated and monitor its security regularly.