Let's create a new user and then setup some security.
- New User
# login first
sudo adduser zymawy
# Create password
# Skip extra field
# Set Y to save the new user
# Become new user zymawy
sudo su zymawy
# Head to home directory
cd ~/
# See the file path
pwd # /home/ubuntu- Setup SSH Key Authentication We can re-use the SSH key we created to allow us to log in as user root.
On our Mac, we can get the public key into our clipboard again:
# On our host (Macintosh):
cat ~/.ssh/id_rsa.pub | pbcopyThen over in the server, add that public key to user zymawy's authorized_keys file:
cd ~
mkdir .ssh
vim .ssh/authorized_keys- Disallow Root Login
First, we want user
zymawyto be able to use sudo commands, so we don't need the root user to perform administrative tasks.
We can do this easily in Ubuntu by adding the user zymawy
to the group sudo or admin (More explanation on that within the video).
# Append (-a) secondary group (-G) "admin" to user "zymawy"
usermod -aG admin zymawyThen log out, and log back in as user zymawy and you'll be able to use sudo commands.
Next, let's secure our server further and disallow root login.
Now that user zymawy can do administrative tasks (things requiring super user access),
let's edit the SSH daemon configuration to change this.
We'll do two things:
Disallow password based authentication
Disallow root user login
Do to that, we update the file
/etc/ssh/sshd_config and change the following:
# Disallow root login over ssh
PermitRootLogin no
# Disallow password authentication
PasswordAuthentication noThen restart the SSH daemon:
sudo service ssh restartAnd you're all set!