In this article, you will learn how to create a new user with “sudo” privileges in Ubuntu 20 as an alternative to using your root user account. This is an ideal procedure for VPS host, dedicated server host, or bare metal server hosting.
If you don’t need cPanel, don't pay for it. Only pay for what you need with our scalable Cloud VPS Hosting.
CentOS, Debian, or Ubuntu No Bloatware SSH and Root Access
Why Create a Sudo User?
Your cloud server VPS gives you instant access to the “root” user account, which holds all the power over your system, even the power to delete critical system files. Likewise, using your root user account to make changes to your system can be inconvenient when creating files that must be shared with other users or the world — like the public files of your website.
There are some similarities and distinctions between the sudo user and the cPanel user, for traditional VPS users. Those of you familiar with managed VPS hosting with cPanel will be familiar with how the cPanel account doubles as an SSH user with appropriate access. However, the cPanel user is not strictly a “sudo” user who can invoke root privileges as needed.
For this reason, it is often recommended that you avoid using the root user for everyday tasks. As an alternative, you can create a personal user account and add “super user” privilege. With your own “sudo” account, you can run commands as root by appending sudo to the command:
sudo <command>
Add a Sudo User
First, log into your server as root:
ssh [email protected]
Run the adduser command followed by the name of your new user:
adduser <user>
Fill in a secure password. For the rest of the rest of the prompts, like “Full Name,” “Room Number,” etc. you can put in actual values or press Enter to skip and answer “Yes”.
Finally, add the new user to the “sudo” group by running this command:
usermod -aG sudo <user>
You have now succeeded in creating a sudo user. To test the account, you can switch to it:
su <user>
You will see a success message indicating that you have switched to your sudo user:
To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details."
How to Log In With SSH Key
As you recall when first logging into your server as root, you had to provide a public key in the Account Management Panel, which will be used to authenticate your login, since password authentication is disabled by default.
Now that you have a sudo user, you can add your public key to new user account and actually disallow root login for added security.
Remember, even if you disallow root login, you can always assume the root user using the su command above.
Whil still logged in as the sudo user, edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config
Add sudo to the line that begins with AllowGroups:
Before:
AllowGroups wheel root
After:
AllowGroups wheel root sudo
Update the line that begins with PermitRootLogin (if you want to disallow root login):
- PermitRootLogin without-password + PermitRootLogin no
Change directory to home:
cd
Make an .ssh directory:
mkdir .ssh
Change into the .ssh directory:
cd .ssh
Create an authorized_keys file:
nano authorized_keys
Paste your public key in the authorized_keys file.
Change permissions on the authorized_keys file:
chmod 600 authorized_keys
Change into the home directory again with cd and change permissions on the .ssh directory:
chmod 700 .ssh
Finally, make sure to restart the SSH service:
sudo service ssh restart
Well done! You should now be able to log into your server using the new sudo user. To test this out, open a new terminal session and give the login a try:
ssh <user>@example.com
If you are logged into your system without a problem then you have completed this tutorial perfectly.
