There are many reasons why you may prefer to create a sudo user in your Debian system as an alternative to the root user for your cloud VPS or bare metal server hosting. For initial installation and system configuration, and depending on your comfort level, using the root user is a quick and easy way to get up and running. However, for day to day usage and maintenance of your system it is considered a best practice to have a sudo user available and disallow root access. This is also recommended for security purposes. In this article, you will learn how to create a sudo user in your Debian 10 system and how to disallow root access going forward.
- Reasons For Creating a Sudo User?
- Add a Sudo User to Your Debian System
- How to Log Into Sudo User With SSH Key
If you don’t need cPanel, don't pay for it. Only pay for what you need with our Cloud VPS solutions.
CentOS, Debian, or Ubuntu No cPanel Bloat SSH Key Management
Reasons For Creating a Sudo User?
As mentioned above, there are many reasons for creating a sudo user, but most significantly, creating a sudo user:
- Makes your system more secure
- Makes user-specific actions easier to accomplish
- Mitigates catastrophic user errors
- Allows your user to run root-level commands as needed, prepended with
Add a Sudo User to Your Debian System
With the following commands you will effectively create a new sudo user on your system and be able to switch into that user.
First, log into your system with the default root user. In order to accomplish this, you will have already added an SSH key to your server via the Account Management Panel. Be sure to replace “example.com” with your primary domain or dedicated IP address:
ssh [email protected]
Once you are logged into the server, you can begin by creating the new user account with the
You will be prompted with several form fields. You can fill these out or optionally skip through them using your Enter key. However, you must create a strong password for the user. (Even though you will later be using SSH to log into the server, it is still good practice to create this strong password.)
Next, it’s time to grant “sudo” privileges to the user, for which you can run the following command:
usermod -aG sudo <user>
Now you have successfully created a new user on your Debian system with sudo privileges. You are now able to switch from your root user to the new user using the
How to Log Into Sudo User With SSH Key
Remember, even if you disallow root login, you can always assume the root user using the
su command above.
To configure your new user for instant login via SSH, you must simply edit the SSH configuration file to
- Allow sudo users to log in with a key
- (Optionally) disable root login via SSH (most secure)
You can use any text editor to edit the SSH configuration file, but for the examples that follows the
nano text editor will be used:
sudo nano /etc/ssh/sshd_config
Change the following line:
- AllowGroups wheel root
To allow to
+ AllowGroups wheel root sudo
Change the “PermitRootLogin” line from “without-password” to a value of “no”.
- PermitRootLogin without-password + PermitRootLogin no
cd command to chagne into your home directory:
Make a directory called “.ssh”:
Change into the “.ssh” directory:
Create a file called “authorized_keys” and paste your local SSH public key into the file:
Change permissions of this file to 600:
chmod 600 authorized_keys
Changing back to home directory, it’s also a good idea to change permissions of the “.ssh” directory to 700:
chmod 700 ~/.ssh
Now, you can go ahead and restart the SSH service:
sudo service ssh restart
If you have completed all of these steps you can now log directly into your server with the sudo user from your local machine:
Well done! You now have a sudo user you can use to administer your Debian server without the security hazards of a dangling root user. If you have any comments or questions about this procedure please drop them below.
Reach your users with a VPS server in USA.