In this article, we’re going to show you how you can create users on your CentOS 7 Cloud VPS. This is a task you will want to complete as soon as possible in the VPS setup phase, because you are advised against using the default “root” user account for your daily tasks. Below, we will also show you how to disallow root user logins to help secure your server.
How to Create a New User in CentOS
Remember that we are currently assuming the root user when first logging into the VPS. With a superuser account, these commands would require that you add “sudo” at the beginning of the command line in order to run properly.
Be sure to substitute your custom username in place of “username” as used below.
- Create the user with this command:
- Assign a secure password for this user:
- Add user to the wheel group:
usermod -a -G wheel username
Now we have a new user who belongs to the “wheel” group. Being in the wheel group means that the user can assume root privileges when necessary by adding “sudo” before any command that requires elevated privileges.
Disallow Root Logins
As an extra security step, you can disallow root logins over SSH. In order to do this, you can log in again as the root user or stayed logged in from the session above in order to edit your SSH configuration file.
- Edit the configuration file with the nano text editor:
- Edit the line that begins with PermitRootLogin:
- PermitRootLogin without-password
+ PermitRootLogin no
- Save and exit the file
- Restart your SSH service:
systemctl reload sshd
How to Login with SSH Keys
This is very important to set up because your account automatically disables password authentication. This means you will need to log in with SSH keys in order to use your new user.
- Switch to your new user if still logged in as root:
- Change directory to home
- Make .ssh directory
- Change into .ssh directory and create authorized_keys file
- Paste your public key into the authorized_keys file
- Change permissions for the .ssh directory
chmod 700 ~/.ssh
- Change permissions for the authorized_keys file
chmod 600 ~/.ssh/authorized_keys
Make sure to test your new login in a separate terminal window before logging out of the root user.