How to Create a New User in CentOS 7

In this article, we’re going to show you how you can create users on your CentOS 7 Cloud VPS. This is a task you will want to complete as soon as possible in the VPS setup phase, because you are advised against using the default “root” user account for your daily tasks. Below, we will also show you how to disallow root user logins to help secure your server.

How to Create a New User in CentOS

Remember that we are currently assuming the root user when first logging into the VPS. With a superuser account, these commands would require that you add “sudo” at the beginning of the command line in order to run properly.

Be sure to substitute your custom username in place of “username” as used below.

  1. Create the user with this command:
    adduser username
  2. Assign a secure password for this user:
    passwd username
  3. Add user to the wheel group:
    usermod -a -G wheel username

Now we have a new user who belongs to the “wheel” group. Being in the wheel group means that the user can assume root privileges when necessary by adding “sudo” before any command that requires elevated privileges.

Disallow Root Logins

As an extra security step, you can disallow root logins over SSH. In order to do this, you can log in again as the root user or stayed logged in from the session above in order to edit your SSH configuration file.

  1. Edit the configuration file with the nano text editor:
    nano /etc/ssh/sshd_config
  2. Edit the line that begins with PermitRootLogin:
    - PermitRootLogin without-password
    + PermitRootLogin no
  3. Save and exit the file
  4. Restart your SSH service:
    systemctl reload sshd

How to Login with SSH Keys

This is very important to set up because your account automatically disables password authentication. This means you will need to log in with SSH keys in order to use your new user.

  1. Switch to your new user if still logged in as root:
    su username
  2. Change directory to home
    cd
  3. Make .ssh directory
    mkdir .ssh
  4. Change into .ssh directory and create authorized_keys file
    nano authorized_keys
  5. Paste your public key into the authorized_keys file
  6. Change permissions for the .ssh directory
    chmod 700 ~/.ssh
  7. Change permissions for the authorized_keys file
    chmod 600 ~/.ssh/authorized_keys

Make sure to test your new login in a separate terminal window before logging out of the root user.

Leave a Reply