This article helps you change the following items if your cloud provider didn't do that for you.
- Create your own account instead of root.
- Disable password login and force to use SSH key to log in.
- Disable root account.
- Enable
sudo
without password.
Before starting the process, make sure you have a valid SSH key-pair locally.
Fist, connect to the server. (With root password).
you@local
$ ssh root@server
Add a new user for you. (With password)
root@server
$ sudo adduser anduin
Adding user `anduin' ...
Adding new group `anduin' (1000) ...
Adding new user `anduin' (1000) with group `anduin' ...
Creating home directory `/home/anduin' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for anduin
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
Give the user root privilege.
root@server
$ usermod -aG sudo anduin
Test the new user's privilege.
root@server
$ su - anduin
anduin@server
$ sudo ls
[password]
Back to your local machine. Copy the SSH public key to your server.
you@local
$ ssh-copy-id anduin@server
anduin@server's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'anduin@server'"
and check to make sure that only the key(s) you wanted were added.
And test if you can connect to it.
you@local
$ ssh anduin@server
Now disable root sign in and password authentication.
anduin@server
$ sudo vim /etc/ssh/sshd_config
Change: PermitRootLogin
to no
to disable the root user login. And change PasswordAuthentication
to no
to prevent the password login.
To skip password for your account, consider execute:
anduin@server
$ sudo visudo
And add the following line at the end of the file:
anduin ALL=(ALL) NOPASSWD:ALL
Reboot the server.
anduin@server
$ sudo reboot
And now the server can only access from you and can not log it in through password or the root account.