How to Create a Sudo User in Ubuntu

In this article, we’re going to show you how you can create sudo users on your Ubuntu Cloud Server. We’ll also discuss:

• Why You Should Create Sudo Users
  • How to Create a New User on Ubuntu
  • How to Log in with SSH Keys

This article refers to an older version of Ubuntu, please refer to the full guide on how to create a sudo user in Ubuntu 20.

Why You Should Create Sudo Users

Your cloud server account lets you instantly log in as the most powerful user: root. This allows you the option of using the root user for setting up your VPS environment to your individual specifications. But, using the root user can be hazardous: one wrong command can destroy your account. For this reason, it is generally considered a best practice to use a unique user account with “superuser”, or, sudo privileges instead of the root account for your regular maintenance and admin tasks.

Below, we will walk you through the whole process of creating the user, adding the necessary privileges, and locking up your root user in the hopes of preventing unwarranted access.

How to Create a New User on Ubuntu

Note: the first step is completed on your local computer. If you’ve added your SSH key to your account this login will succeed without a password. Where necessary below substitute username with the username you want to use on your account.

1. Log into your server as the root user, replacing “example.com” with your primary domain:

   ssh [email protected]

2. Run this command as the root user to create the user account

   useradd username

3. Fill in a secure password and you can skip the other prompts if you want
4. To add the new user to the “sudo” group, run this command as the root user

   usermod -a -G sudo username

We have now created a user account we can use for every day administrative tasks.

But, in order to access higher level commands, you will need to add the word sudo at the beginning of your command line, for example:

 $ sudo apt-get update

How to Log in with SSH Keys

Password authentication is automatically disabled to protect your cloud server from brute force password-based cyber attacks. Because of this, you must use SSH keys to gain access to your cloud server. We have full guides on how to create SSH keys you can install on your account for the root user, but adding an SSH key for the user we just created requires a few more steps.

1. Switch to new user (which is still logged in from above)

   su username

2. Edit the SSH configuration file

   sudo nano /etc/ssh/sshd_config

3. Add sudo to the line that begins with AllowGroups:

   - AllowGroups wheel root

   + AllowGroups wheel root sudo

4. Add sudo to the line that begins with PermitRootLogin:

   - PermitRootLogin without-password

   + PermitRootLogin no

5. Change directory to home

   cd

6. Make .ssh directory

   mkdir .ssh

7. Change into .ssh directory and create authorized_keys file

   nano authorized_keys

8. Paste your public key into the authorized_keys file
9. Change permissions for the .ssh directory

   chmod 700 ~/.ssh

10. Change permissions for the authorized_keys file

    chmod 600 ~/.ssh/authorized_keys

11. Make sure to restart your SSH service:

    sudo service ssh restart

You will now be able to log into your Ubuntu server with your new user account, and root user logins through SSH are no longer permitted. However, before closing out of this terminal session, let’s test out what we’ve done. Leave the current session open just in case there’s an issue with the user you’ve created. Open a new terminal window and test your login with:

ssh [email protected]

If you are logged into your system without a problem then you’ve completed this tutorial perfectly. Let us know below if you have any questions or comments about this task or the Ubuntu distro.

Learn more with our Cloud Server Hosting Product Guide.