Creating a regular user

Adding a new user:

adduser andrew

Assign a password to the new user:

passwd andrew

Enter a strong password, and repeat it again to verify it.

Adding root privileges

To avoid having to log out of our normal user and log back in as the root account, we can set up what is known as “super user” or root privileges for our normal account. This will allow our normal user to run commands with administrative privileges by putting the word sudo before each command.

To add these privileges to our new user, we need to add the new user to the “wheel” group. By default, on CentOS 7, users who belong to the “wheel” group are allowed to use the sudo command.

As root, run this command to add your new user to the wheel group:

gpasswd -a andrew wheel

Adding public key authentication

Setting this up will increase the security of a server by requiring a private SSH key to log in.

To start using this method, we need to copy our public key to a new server.

If our local machine has the ssh-copy-id script installed, we can use it to install out public key to any user that we have login credentials for.

ssh-copy-id andrew@8.8.8.8

After providing a password at the prompt, our public key will be added to the remote user’s .ssh/authorized_keys file. The corresponding private key can now be used to log into the server.

The ssh-copy-id method will not work on DigitalOcean if an SSH key was selected during Droplet creation. This is because DigitalOcean disables password authentication if an SSH key is present, and the ssh-copy-id relies on password authentication to copy the key.

Or we can do it manually. Firstly, we are copying the public key:

cat ~/.ssh/id_rsa.pub

Then we are going to the server and logging in using our user:

su - andrew

Creating a new directory called .ssh and restricting its permissions with the following commands:

mkdir .ssh && chmod 700 .ssh

And adding the public key to:

vi .ssh/authorized_keys

Now restrict the permissions of the authorized_keys file with this command:

chmod 600 .ssh/authorized_keys

Now we cah user the private key as authentication.

Disabling root login

Open the SSH configuration file:

vi /etc/ssh/sshd_config

To disable remote root logins, we need to specify:

PermitRootLogin no

Reload SSH:

systemctl reload sshd