Let's create a new user and then setup some security.
- New User
# login first
sudo adduser zymawy
# Create password
# Skip extra field
# Set Y to save the new user
# Become new user zymawy
sudo su zymawy
# Head to home directory
cd ~/
# See the file path
pwd # /home/ubuntu
- Setup SSH Key Authentication We can re-use the SSH key we created to allow us to log in as user root.
On our Mac, we can get the public key into our clipboard again:
# On our host (Macintosh):
cat ~/.ssh/id_rsa.pub | pbcopy
Then over in the server, add that public key to user zymawy
's authorized_keys
file:
cd ~
mkdir .ssh
vim .ssh/authorized_keys
- Disallow Root Login
First, we want user
zymawy
to be able to use sudo commands, so we don't need the root user to perform administrative tasks.
We can do this easily in Ubuntu by adding the user zymawy
to the group sudo or admin (More explanation on that within the video).
# Append (-a) secondary group (-G) "admin" to user "zymawy"
usermod -aG admin zymawy
Then log out, and log back in as user zymawy
and you'll be able to use sudo commands.
Next, let's secure our server further and disallow root login.
Now that user zymawy
can do administrative tasks (things requiring super user access),
let's edit the SSH daemon configuration to change this.
We'll do two things:
Disallow password based authentication
Disallow root
user login
Do to that, we update the file
/etc/ssh/sshd_config
and change the following:
# Disallow root login over ssh
PermitRootLogin no
# Disallow password authentication
PasswordAuthentication no
Then restart the SSH daemon:
sudo service ssh restart
And you're all set!