Once you’ve ssh into the VPS as a root user, it’s time to add more users to the system. One for the day to day stuff, and one for server management related stuff. The first will be what we consider an unprivileged user, the other sometimes referred to as a sudo user.
As user root, type:
Go through the steps, generally you can just press enter until you’re done. But of course, the one asking for a password, set one.
root@server:~# adduser floris Adding user `floris' ... Adding new group `floris' (1000) ... Adding new user `floris' (1000) with group `floris' ... Creating home directory `/home/floris' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for floris Enter the new value, or press ENTER for the default Full Name : Room Number : Work Phone : Home Phone : Other : Is the information correct? [Y/n] root@server:~#
Note: By default you can ssh into the box on the default port, using the password. I do recommend to check my other blog post about how to configure the server to no longer allow root to login, to grant access to (certain) accounts to login, and to require an ssh key to login instead of a password. For now, I am going to skip that in this blog post.
Repeat the adduser step until you’ve added all the users you want. We will be using floris as the example to add as a super user.
The users now have regular account privileges, we need to escalate at least one that we can sudo with and have as the one to manage the server.
In Ubuntu 18 there’s a default sudo group, we need to add the user to this group and they will be able to prefix commands with sudo to run them as a super user.
usermod -aG sudo floris
And we’re done.
root@server:~# usermod -aG sudo floris root@server:~#
You can check who the sudo users are with this command:
root@server:~# getent group sudo | cut -d: -f4 floris root@server:~#
Now you can stay logged in as root, then open another tab in your terminal and make a new ssh connection to the server using this newly created user. The new user/pass combo should work.
You can also type the following to see if your new user can sudo up:
sudo su -
It will look like this, the password is your sudo user password, not your root password.
floris@server:~$ sudo su - [sudo] password for floris: root@server:~# exit floris@server:~$
Okay, the next step in my opinion would be to change the default port on ssh, install a firewall and block all ports, except the ones you really need. But that’s something for another blog post.