This article helps you change the following items if your cloud provider didn't do that for you.
- Create your own account instead of root.
- Disable password login and force to use SSH key to log in.
- Disable root account.
Before starting the process, make sure you have a valid SSH key-pair locally.
Fist, connect to the server. (With root password).
you@local $ ssh root@server
Add a new user for you. (With password)
root@server $ sudo adduser anduin Adding user `anduin' ... Adding new group `anduin' (1000) ... Adding new user `anduin' (1000) with group `anduin' ... Creating home directory `/home/anduin' ... Copying files from `/etc/skel' ... New password: Retype new password: passwd: password updated successfully Changing the user information for anduin Enter the new value, or press ENTER for the default Full Name : Room Number : Work Phone : Home Phone : Other : Is the information correct? [Y/n] Y
Give the user root privilege.
root@server $ usermod -aG sudo anduin
Test the new user's privilege.
root@server $ su - anduin anduin@server $ sudo ls [password]
Back to your local machine. Copy the SSH public key to your server.
you@local $ ssh-copy-id anduin@server anduin@server's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'anduin@server'" and check to make sure that only the key(s) you wanted were added.
And test if you can connect to it.
you@local $ ssh anduin@server
Now disable root sign in and password authentication.
anduin@server $ sudo vim /etc/ssh/sshd_config
no to disable the root user login. And change
no to prevent the password login.
To skip password for your account, consider execute:
anduin@server $ sudo visudo
And add the following line at the end of the file:
anduin ALL=(ALL) NOPASSWD:ALL
Reboot the server.
anduin@server $ sudo reboot
And now the server can only access from you and can not log it in through password or the root account.