How to Add a New User With SSH to Your VPS
One of the first steps when setting up a VPS is to add a new non-root user with an SSH key and disable root authentication and password authentication.
In this article, we’ll see exactly how to do this for a VPS with a Linux-based OS (Ubuntu).
Prerequisite
Table of Contents:
- Create a new user
- Create an SSH key
- Save the session in Putty for an easier connection
- Disable root & password login
- Apply a theme color to your Putty session (optional)
1. Create a new user
When you start a new VPS, you usually connect to it as a root user for the first time and create a separate user that you will use in the future for security reasons.
If you are the system administrator, this user that you will create for yourself will be a superuser, and to increase the security, you will also disable root and password authentication and use only SSH keys.
Once connected to the VPS as root you can run the following commands to add a new user.
The password you will be prompted to add can be used to authenticate and authorize superuser commands (sudo)
2. Create an SSH key
To create a new SSH key we’ll use PuTTYgen.
For an extra layer of security, we will also add a passphrase to our SSH key. In this way, anyone who wants to use the SSH key must also enter the passphrase. This is useful in terms of security in case it ever happens that the SSH key is leaked.
A good rule of thumb here is to always use a passphrase unless you require it for any kind of automated procedure.
Once the SSH key pair is generated we can add it to our VPS.
For this, we need to run the following commands.
Here are a few remarks about the video:
- replace
georgianwith the username you provided when running theadduser usernamecommand; nanois a light-weight command line text editor for Unix and Linux that we’ll use to add our public SSH key; to PASTE the SSH key you can useright-clickand to save and exit you can useCTRL+X;
3. Save the session in Putty for a faster connection
Here’s how to connect to the VPS as a newly added user using the SSH key.
Here are the steps visible in the video above:
- In the field
Host Name (or IP address)write the IP of your VPS. - In the
Saved Sessionssection, type the label with which you want to save this session. - In the left menu under the tab Connection -> Data, fill in the Auto-login username field with the name you used while creating the user.
- In Connection -> SSH -> Auth add the private SSH key.
- In the left menu, return to the Session tab and click Save to save this information, and then click Open.
For a future connection, you can simply select this session in the Saved Sessions section of the Session tab and click Open.
The path to the private SSH key must always be available while connecting to the VPS using this session saved in Putty. Thus, it is recommended that you place the SSH key in a well-defined directory on your computer so that you do not accidentally delete it.
4. Disable root & password login
This step comes as an extra layer of security and is optional, but recommended.
Here we will disable root authentication so that no one can log in as a root user either using SSH or password and we will also disable password login for everyone, so our VPS will only allow SSH connections for non-root users.
To do this, you must perform the following:
The systemctl command is a tool to control the systemd system and service and is used by most of the new Linux operating systems.
5. Apply a theme color to your Putty session
The last step is completely optional and comes only as an enhancement of the Putty Session, namely the addition of a thematic color.
You can download the themes from this Github repository and follow the instructions from the following video to apply one.
Simply open the theme file, .reg, that you like, and type the name of the Putty session you want to apply the theme to, and then double click on the file.
You can determine which changes will be applied based on the contents of the theme file.
One problem that will arise by applying this theme is that the right-click PASTE will be disabled, but you can easily enable it back by going to the Window -> Selection tab from the left menu and switch from xterm to Windows or Compromise.
Notice that you first need to click on the Load button before updating the session and then click Save, in order to save this change.
