Server configuration

Server Configuration

In this section we will cover:

1. Logging In

2. Creating a new user

3. Disable root login

4. Disable password login

Logging in

When you provision a new server, you will be provided a username, password, and ip address. Generally that username will be root. Let’s log in with them now in the form of ssh username@ip .

1. Initiate login to server

SSH into the server

2. Type Yes

3. Enter password

Logged into root

You are now logged into root. However, we do NOT want this as an option, so let’s fix it.

Create New User

Since we no longer want to be able to log in as root, we’ll first need to create a new user to log into.

1. Create a new user

You’re going to want to choose a unique username here, as the more unique, the harder it’ll be for a bad actor to guess. We’re going to use mellamo .

$ adduser mellamo

You will then be prompted to create a password and fill in information. Don’t worry about the information, but make sure your password is complicated!

2. Give them sudo privileges

sudo is the name for “master” privileges, so we need to modify the user to add them to that group.

$ usermod mellamo -aG sudo

3. Verify user has sudo access

$ su - mellamo$ sudo ls /root

Disable Root Login

Disabling root login takes away an easy method for hackers to get in. The easiest way of accessing remote servers or VPSs is via SSH and to block root user login under it, you need to edit the /etc/ssh/sshd_config file.

1. From the remote server, open /etc/ssh/sshd_config

$ sudo nano /etc/ssh/sshd_config

2. Save and exit sshd_config, then restart the service.

$ sudo systemctl restart sshd

Copy SSH key

1. Return to you local machine.

$ exit

2. Copy your ssh key to the server

$ ssh-copy-id mellamo@{ip address}

3. Confirm you can login with just your SSH key

$ ssh mellamo@104.149.129.250

Done! You can now log in exclusively with your SSH key.

Disable Password Login

Now that you can log in with just your ssh key, you should now disable password login.

1. Return to your remote server, and open /etc/ssh/sshd_config again

$ sudo nano /etc/ssh/sshd_config

2. Find ChallengeResponseAuthentication and set to no:

bbChallengeResponseAuthentication no

3. Next, find PasswordAuthentication set to no too:

PasswordAuthentication no

4. Search for UsePAM and set to no, too:

UsePAM no

5. Save and exit sshd_config, then restart the service.

$ sudo systemctl restart sshd

Congratulations! You can only login with your ssh key now. Be sure to back it up in case something happens to your machine!