How to Create a Sudo User in Debian 8

Your Cloud VPS Hosting account is automatically configured for SSH key authentication. All you need to do is add your public key through your AMP account. This will allow you to log in as the root user. But we recommend creating a unique user account as an alternative to the root user for your every day administrative tasks. In this article, we’re going to show you how you can create users on your Debian Cloud VPS. We’ll also discuss:

  • Why you should create users as an alternative to using root
  • How to create a sudo user in Debian
  • How to log in with an SSH key (by default, passwords are not acceptable)

Why You Should Create Users

When you first log into your Cloud VPS, you will only be able to assume the root user. As your first action, we recommend creating a unique user for yourself and anyone else who is going to be managing the system with you.

Below, we will walk you through the whole process from creating the user, adding necessary “sudo” privileges, and disabling root login over SSH.

How to Create a New User in Debian

Below, you will see how to create your Debian user. Make sure to substitute username with the username you want to use on your account.

  1. Log into your server as the root user, replacing “example.com” with your primary domain:
    ssh root@example.com
  2. Run this command as the root user to create the user account
    useradd username
  3. Fill in a secure password (required) and the extra fields (optional)
  4. To add the new user to the “sudo” group, run this command as the root user
    usermod -a -G sudo username

We have now created a new user with sudo privileges. However, in order to run root-level commands, you will just need to add the word sudo at the beginning of your command line, for example:

 sudo apt-get update

How to Log in with SSH Keys

Password authentication is automatically disabled for security reasons. This means you must use SSH keys to gain access to your Cloud VPS. We have full guides on how to create SSH keys you can install on your account for the root user, but adding an SSH key for the user we just created requires a few more steps.

  1. Switch to new user (still logged in as root from above)
    su username
  2. Edit the SSH configuration file
    sudo nano /etc/ssh/sshd_config
  3. Add sudo to the line that begins with AllowGroups:
    - AllowGroups wheel root
    + AllowGroups wheel root sudo
  4. Add sudo to the line that begins with PermitRootLogin:
    - PermitRootLogin without-password
    + PermitRootLogin no
  5. Change directory to home
    cd
  6. Make .ssh directory
    mkdir .ssh
  7. Change into .ssh directory and create authorized_keys file
    nano authorized_keys
  8. Paste your public key into the authorized_keys file
  9. Change permissions for the .ssh directory
    chmod 700 ~/.ssh
  10. Change permissions for the authorized_keys file
    chmod 600 ~/.ssh/authorized_keys

You will now be able to log into Debian with your new user account, and root user logins through SSH are no longer permitted. But, before ending this terminal session, let’s test out the new user login. Open a new terminal window and test your login with:

ssh username@example.com

If you are logged into your system without a problem then you have successfully created your Debian user account. You can repeat this process as many times as necessary to add other users to your system. Let us know below if you have any questions or comments.

Leave a Reply