How to add new user and remote root login - kdaisho/Blog GitHub Wiki

Leaving root user login available isn't good practice when it comes to server setup. Root is one of most common name so they're always going to try to break it. Today I'm going to walk through how to add new user then remove root user login.

  • First, login to your server using root
  • Then update your server apt update then apt upgrade (upgrade might take a few minutes)

Create new user

  • adduser daisho
  • Enter new UNIX password (you can skip this if you are going to set up ssh key)
  • You can leave blank the rest: entering user information

Switch user

  • su daisho

Verify if daisho has superuser access (auth.log is available only to superusers)

  • cat /var/log/auth.log you will get permission denied

Again with "sudo"

  • sudo cat /var/log/auth.log this should be successful

Setting user permissions

  • Go to home directory: cd ~
  • Create .ssh directory: mkdir -p ~/.ssh
  • Create authrized_keys file and paste PUBLIC key (generated in your local machine)
  • If you have multiple public keys, just paste them in the same file on new line

Try to login as new user

  • Exit: exit (probably need twice because first exit exits you from new user then you need to exit from root user)
  • Login ssh daisho@167.**.***.*** This should let you login without password prompt. But if you are required password. remove password from daisho login: sudo passwd -d `whoami`

Disabling the root user

  • First make sure authorized_keys file is read and writable by new users. This may not need depending on your computer settings. (I did this as root user) chmod 644 ~/.ssh/authorized_keys
  • Disable root permission by modifying ssh daemon config. The daemon is a program that's always running in the background.
  • sudo vim /etc/ssh/sshd_config
  • Set PermitRootLogin yes to PermitRootLogin no
  • Restart SSH daemon sudo service sshd restart

Test

  • If you did everything correctly, attempt to login with this ssh root@167.**.***.*** returns Permission denied.

Last but not the least

  • Don't forget to change owner from root to new user. sudo chown -R $USER:$USER /var/www and sudo chwon -R $USER:$USER /var/repo

Because I totally forgot this, my Git Hooks stopped working and took me half a day to fix everything :(