Best-practice for authentication after creating a new Linux server

This article helps you change the following items if your cloud provider didn't do that for you.

Create your own account instead of root.
Disable password login and force to use SSH key to log in.
Disable root account.
Enable sudo without password.

Before starting the process, make sure you have a valid SSH key-pair locally.

Fist, connect to the server. (With root password).

you@local 
$ ssh root@server

Add a new user for you. (With password)

root@server
$ sudo adduser anduin
Adding user `anduin' ...
Adding new group `anduin' (1000) ...
Adding new user `anduin' (1000) with group `anduin' ...
Creating home directory `/home/anduin' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for anduin
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] Y

Give the user root privilege.

root@server
$ usermod -aG sudo anduin

Test the new user's privilege.

root@server
$ su - anduin

anduin@server
$ sudo ls
[password]

Back to your local machine. Copy the SSH public key to your server.

you@local 
$ ssh-copy-id anduin@server
anduin@server's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'anduin@server'"
and check to make sure that only the key(s) you wanted were added.

And test if you can connect to it.

you@local 
$ ssh anduin@server

Now disable root sign in and password authentication.

anduin@server
$ sudo vim /etc/ssh/sshd_config

Change: PermitRootLogin to no to disable the root user login. And change PasswordAuthentication to no to prevent the password login.

To skip password for your account, consider execute:

anduin@server
$ sudo visudo

And add the following line at the end of the file:

anduin ALL=(ALL) NOPASSWD:ALL

Don't forget to delete the obsolete user if the provider created it. (Don't delete the root user)

anduin@server
$ sudo deluser default

Reboot the server.

anduin@server
$ sudo reboot

And now the server can only access from you and can not log it in through password or the root account.

Other configuration

Finally, you can still do some further configuration. Like switching the timezone to UTC:

To switch to UTC, simply execute sudo dpkg-reconfigure tzdata, scroll to the bottom of the Continents list and select Etc or None of the above; in the second list, select UTC. If you prefer GMT instead of UTC, it's just above UTC in that list.

To benchmark the CPU:

anduin@server
$ sudo apt-get install sysbench
$ sysbench cpu run

let today = new Beginning();

Other configuration