This article helps you change the following items if your cloud provider didn't do that for you.

  • Create your own account instead of root.
  • Disable password login and force to use SSH key to log in.
  • Disable root account.
  • Enable sudo without password.

Before starting the process, make sure you have a valid SSH key-pair locally.

Fist, connect to the server. (With root password).

you@local 
$ ssh root@server

Add a new user for you. (With password)

root@server
$ sudo adduser anduin
Adding user `anduin' ...
Adding new group `anduin' (1000) ...
Adding new user `anduin' (1000) with group `anduin' ...
Creating home directory `/home/anduin' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for anduin
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] Y

Give the user root privilege.

root@server
$ usermod -aG sudo anduin

Test the new user's privilege.

root@server
$ su - anduin

anduin@server
$ sudo ls
[password]

Back to your local machine. Copy the SSH public key to your server.

you@local 
$ ssh-copy-id anduin@server
anduin@server's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'anduin@server'"
and check to make sure that only the key(s) you wanted were added.

And test if you can connect to it.

you@local 
$ ssh anduin@server

Now disable root sign in and password authentication.

anduin@server
$ sudo vim /etc/ssh/sshd_config

Change: PermitRootLogin to no to disable the root user login. And change PasswordAuthentication  to no to prevent the password login.

To skip password for your account, consider execute:

anduin@server
$ sudo visudo

And add the following line at the end of the file:

anduin ALL=(ALL) NOPASSWD:ALL

Reboot the server.

anduin@server
$ sudo reboot

And now the server can only access from you and can not log it in through password or the root account.