You can improve the security of your remote Linux servers by disabling authentication with the root user and creating a new user to connect to the server. Before beginning, please note that this article will not cover generating a new SSH key. Ensure that you already have an SSH key and a connection to the server as the root user.
Connect To Your Linux Server With Root User
Create New User
When you run the following command, you will be asked to provide a password and extra informations, so follow the instructions on your terminal.
Add New User To Sudo Group To Give Sudo Privileges
sudo is a special group that have grant to execute command on your server without needing root user, so add your new user this group.
usermod -aG sudo your-new-user-name
Introduce New User To Your Local Machine
Your local device doesn't regocnize the new user, so go to your local terminal and copy your public ssh key manually.
Create .ssh File To Add Your SSH Key To Linux Server
On your remote linux server, switch the users and create a file to save ssh key copied on your local machine.
-- Switch Users su your-new-user-name
-- Create a file to store the public ssh key. sudo mkdir ~/.ssh
-- Open the file and paste your SSH key you copied in your local machine. sudo nano ~/.ssh/authorized_keys
After pasting the ssh key, press control X, type y and press enter to save. Now you are able to connect to the server with root and the new user. But let's take a look at how to disable root login.
Configure Your SSH Settings In Ubuntu Linux Server
-- Connect with the root user to the server ssh root@your-ip-address
-- Open the config file in edit mode and set no to PermitRootLogin nano /etc/ssh/sshd_config
Restart SSHD Service
service sshd restart
Test Your SSH Connection To Ubuntu Linux Server
- With Root User
Now you can test connecting to the server with the root user from different terminal. You should receive the following message.
- With New User
In this article we have shown how to disable the root user login and create a new user to connect to the remote linux server for improving the server's security.
Thank you for reading