Firstly, login via SSH to the web-server, setting up [email protected], with the SSH keys set up during server creation. Most provider, like linode or Hertzner allow users to do so.
If you want to change root password, just run
Now, let’s add a new user with
where linodeadmin is the username you want to set. Ubuntu will ask for password. Set it up, leaving the other fields empty.
Now assign sudo privileges to linodeadmin with
usermod -aG sudo linodeadmin
Now switch to the newly created user with
su - linodeadmin
We will now setup SSH login for our newly created user. Let’s start creating the .ssh folder with
Now we paste a newly-generated SSH public key into authorized_keys file, with
sudo nano ~/.ssh/authorized_keys
Make sure to set it up in just one line!
Now run the following commands to set up correct permissions.
chmod 700 ~/.ssh sudo chmod 600 ~/.ssh/authorized_keys sudo chown $USER:$USER ~/.ssh -R
Now, it’s time to secure our server SSH logins, editing /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config
We’re going to change default SSH port, from 22 to 2226 (just as an example; we could use any other port, making sure the system is listening on those ports). Then, we’ll add the authorized_key file in the conf.file and, ultimately, set “RootLogin” to no, in order to forbid root login via SSH. I would also suggest setting up “useDNS no”.
Just add these lines to the file will do the job:
Port 2224 PermitRootLogin no AuthorizedKeysFile %h/.ssh/authorized_keys UseDNS no
Write out and save the file. Then restart the sshd service.
sudo service ssh restart
Let’s now SSH again into our server with our newly created user at [email protected]:2224 – setting up the private key as auth method.