After create new ubuntu server, we’ll need to:
- Disable ssh login for root user
- Disable password login
1. Create new user
adduser <username>
Add user to sudo
group:
usermod -aG sudo <username>
or add this line to file /etc/sudoers.d/90-cloud-init-users
(sudo without password)
<username> ALL=(ALL) NOPASSWD:ALL
2. Add ssh key for new user
Add ssh key to file /home/<username>/.ssh/authorized_keys
3. Disable root login and password based login
Edit file /etc/ssh/sshd_config
, Find ChallengeResponseAuthentication
and set to no
:
ChallengeResponseAuthentication no
Next, find PasswordAuthentication
set to no
too:
PasswordAuthentication no
Search for UsePAM and set to no, too:
UsePAM no
Finally look for PermitRootLogin
and set it to no
too:
PermitRootLogin no
PermitRootLogin prohibit-password
Save and close the file. Reload or restart the ssh server on Linux:
service ssh restart