The problem with logging in as root
is that if your password or ssh key pair are compromised, then someone will gain root
level access to your server, and will then be able to do whatever they want.
You need to create a separate user for logging in.
Running the below command will create a new user called username
, but replace username
with a different one (e.g., crusemm
, or whatever works for you).
root@servername:~# adduser username
The command will ask numerous questions, but the most important one is the password. The password will not be used for logging in through ssh
, because that login option will be disabled in a later step.
The password will be used to perform maintenance functions on the server, but protects from attackers gaining root
access to the server because they have limited ability to brute-force from the server’s command line. It is recommended to use a password of at least 16 characters with upper-case, lower-case, numbers, and at least one symbol, but high entropy is less of a requirement because the server will not allow brute-forcing as viable option for discovering a password.
Linux manages permissions through users
and groups
. This access is for reading, writing, and executing files and directories on the server.
Your username
should be a member of the sudo
group and the adm
group:
root@servername:~# adduser username sudo
root@servername:~# adduser username adm
The most important of the two is sudo
. Users in this group make use of the sudo
command, which will execute commands after it with root
level privileges.
Add your public key to the username
profile:
root@servername:~# mkdir /home/username/.ssh
root@servername:~# nano /home/username/.ssh/authorized_keys
Set permissions so that sshd
will allow username
to log in:
root@servername:~# chown -R username:username /home/username/
root@servername:~# chmod 750 /home/username/
root@servername:~# chmod 600 /home/username/.ssh/authorized_keys
(Note, it has been a long time since I used PuTTY, so maybe some things have changed.)
From your PuTTY window, click the upper left-hand corner and select ‘New session…’ from the drop-down menu. Log in using the same key used before but use username
for logging in instead of root
.
Please confirm if you are able to log in with username
and we can go through editing sshd_config
by seeing the following command prompt, home directory, and creating the test file:
username@servername:~$ ll
total 24K
drwxr-x--- 3 username username 4.0K Nov 21 15:53 ./
drwxr-xr-x 4 root root 4.0K Nov 21 15:51 ../
-rw-r--r-- 1 username username 220 Nov 21 15:51 .bash_logout
-rw-r--r-- 1 username username 3.7K Nov 21 15:51 .bashrc
-rw-r--r-- 1 username username 807 Nov 21 15:51 .profile
drwxr-xr-x 2 username username 4.0K Nov 21 15:53 .ssh/
username@servername:~$ sudo touch test
[sudo] password for username:
username@servername:~$ ll test
-rw-r--r-- 1 root root 0 Nov 21 15:50 test
username@servername:~$ sudo rm test
Otherwise, please post any issues you are having with completing the above instructions.