How to add new user and remote root login
Daisho Komiyama edited this page Jul 28, 2020
·
7 revisions
Leaving root user login available isn't good practice when it comes to server setup. Root is one of most common name so they're always going to try to break it. Today I'm going to walk through how to add new user then remove root user login.
- First, login to your server using root
- Then update your server
apt update
thenapt upgrade
(upgrade might take a few minutes)
adduser daisho
- Enter new UNIX password (you can skip this if you are going to set up ssh key)
- You can leave blank the rest: entering user information
su daisho
-
cat /var/log/auth.log
you will get permission denied
-
sudo cat /var/log/auth.log
this should be successful
- Go to home directory:
cd ~
- Create
.ssh
directory:mkdir -p ~/.ssh
- Create authrized_keys file and paste PUBLIC key (generated in your local machine)
- If you have multiple public keys, just paste them in the same file on new line
- Exit:
exit
(probably need twice because firstexit
exits you from new user then you need to exit from root user) - Login
ssh daisho@167.**.***.***
This should let you login without password prompt. But if you are required password. remove password from daisho login:sudo passwd -d `whoami`
- First make sure
authorized_keys
file is read and writable by new users. This may not need depending on your computer settings. (I did this as root user)chmod 644 ~/.ssh/authorized_keys
- Disable root permission by modifying ssh daemon config. The daemon is a program that's always running in the background.
sudo vim /etc/ssh/sshd_config
- Set
PermitRootLogin yes
toPermitRootLogin no
- Restart SSH daemon
sudo service sshd restart
- If you did everything correctly, attempt to login with this
ssh root@167.**.***.***
returnsPermission denied
.
- Don't forget to change owner from root to new user.
sudo chown -R $USER:$USER /var/www
andsudo chwon -R $USER:$USER /var/repo
Because I totally forgot this, my Git Hooks stopped working and took me half a day to fix everything :(