When you just set up your server with Debian 9 you want to create a new user and grant sudo privileges to him. So we’ll guide you through this process. ###
Step 1. Login to server
Firstly we should login to the remote server with root user:
1
local$ ssh root@<remot_server_ip>
Step 2. Create new user
After login as root user we able to create our new user test with the following command:
1
adduser test
Step 3. Grant privileges
After creating a new user with regular privileges we want to grant root privileges for administrative tasks. For that purpose, you will add sudo keyword at the beginning of a command.
So to grant sudo privileges just type this command:
1
usermod -a -G sudo test
Step 4. Add public key authentication
The recommended step is securing your login to the server with a public-private key pair.
To generate a new SSH key we will use ssh-keygen on Mac:
1
local$ ssh-keygen -t rsa -b 4096 -C "email@example.com"
When prompted to “Enter a file in which to save the key,” press Enter. This accepts the default file location (/Users/username/.ssh/id_rsa).
At the prompt, type a secure passphrase.
This generates a private key, id_rsa, and a public key,id_rsa.pub, in the .ssh directory of the username’s home directory. Note: The private key should not be shared with anyone who should not have access to your server!
Step 5. Install SSH key
I prefer using a manual method, but you can choose another method with ssh-copy-id.
To do it manually, output public key to terminal and copy your public key to clipboard:
1
local$ cat ~/.ssh/id_rsa.pub
5.1. Add public key to remote user
On the server we should login as root user through our test user:
1
su - test
Create .ssh directory and restrict permissions:
1
2
mkdir .ssh
chmod 700 .ssh
Open authorized_keys file in the .ssh dir with editor:
1
nano .ssh/authorized_keys
Insert public key which we already copied to the clipboard.
Save and exit (in the nano editor press Ctrl + X, then Y and Enter).
And we have to restrict the permissions of the authorized_keys file:
1
chmod 600 .ssh/authorized_keys
And type following command once to return our root user:
1
exit
Now you can try to login as new user (ssh test@<remot_server_ip>). Note: Only if a login is successful we can move to the next step.
Step 6. Configure SSH
To configure server a bit more we will disable remote root login by modifying its SSH daemon configuration file.
Open configuration in an editor:
1
nano /etc/ssh/sshd_config
Find following line:
1
#PermitRootLogin yes
And change property to ‘no’ to disable root login:
1
PermitRootLogin no
Save and exit.
6.1. Reload SSH
To reaload ssh for applying our configuration file use command:
1
systemctl restart ssh
Note! Before exit you have to be sure that you can login as newly created user, becasue remote root login already disabled.
If you haven’t tested login as a new user yet, use the current command on your local machine:
1
local$ ssh test@<remot_server_ip>
If everything goes ok you can now disconnect from the server:
1
exit
The next step will be installation firewall like UFW to secure your server a bit more.