For a increased usability, it is recommended to have a non-privileged user for operation of the your Linux VPS. This helps against erronous commands or copy/pasting. Before you go ahead and just create it, you should know there are a few details about the new user that can be defined at creation time:
[email protected]:~# passwd Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
If any of the user’s characteristics should not be default, above are some options. Let’s create a password for our “newuser”.
[email protected]:~# useradd Usage: useradd [options] LOGIN useradd -D useradd -D [options] Options: -b, --base-dir BASE_DIR base directory for the home directory of the new account -c, --comment COMMENT GECOS field of the new account -d, --home-dir HOME_DIR home directory of the new account -D, --defaults print or change default useradd configuration -e, --expiredate EXPIRE_DATE expiration date of the new account -f, --inactive INACTIVE password inactivity period of the new account -g, --gid GROUP name or ID of the primary group of the new account -G, --groups GROUPS list of supplementary groups of the new account -h, --help display this help message and exit -k, --skel SKEL_DIR use this alternative skeleton directory -K, --key KEY=VALUE override /etc/login.defs defaults -l, --no-log-init do not add the user to the lastlog and faillog databases -m, --create-home create the user's home directory -M, --no-create-home do not create the user's home directory -N, --no-user-group do not create a group with the same name as the user -o, --non-unique allow to create users with duplicate (non-unique) UID -p, --password PASSWORD encrypted password of the new account -r, --system create a system account -R, --root CHROOT_DIR directory to chroot into -s, --shell SHELL login shell of the new account -u, --uid UID user ID of the new account -U, --user-group create a group with the same name as the user -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping
To test this, ssh to localhost as “newuser”:
[email protected]:~# passwd newuser Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
Ok. We have a new user and we are able to log that user in via ssh. Step four – Hardening Linux SSH server security a bit This consists of few points: – Deny root logon – Deny password authentication and allow RSA key auth only – Change ssh port from 22 to a port above the reserved range (1-1024). Change the directive “PermitRootLogin” directive in sshd_config to “no”. Following links describe the other two points: https://vpsie.com/activating-ssh-key-authentication-generating-key-pair/ https://vpsie.com/secure-linux-vps-ssh-hardening/ Now restart ssh daemon and the settings should be changed. And these are the basic initial steps to configure your new Linux VPS server. You can start deploying and configuring server applications from the repository of your distribution.
[email protected]:~# ssh [email protected] [email protected]'s password: $ Connection to localhost closed.
You can actually try those server basic steps on our platform in few minutes utilizing our PCS (Private Cloud Solution) which allows you to have VPSie(s) on a private network – NAT – Port forward – traffic control for inbound and outbound – multiple gateway IPs which you could use for the load-balancing and failover.