Ubuntu Server Best Practices: Create 'ubuntu' User, SSH Keys, Disable Root Login
Harden an Ubuntu server by creating a non-root user with SSH key-based access, disabling root login, and configuring sudo privileges.
Ubuntu Server Best Practices: Create 'ubuntu' User, SSH Keys, Disable Root Login
This guide covers creating a non‑root user (ubuntu), enabling SSH key authentication, disabling password and root logins, and granting sudo privileges.
Important: Always keep an active SSH session while changing SSH settings to avoid lockout. Test new access in a separate terminal before closing the root session.
1) Create the ubuntu User
Login as root and create the user (without an initial password):
sudo adduser ubuntu --disabled-password
Switch to the new user and set up SSH directory:
sudo su - ubuntu
mkdir -p ~/.ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
Add your public key (from PuTTYgen or ssh-keygen) into authorized_keys:
nano ~/.ssh/authorized_keys
# paste your public key here, then save
2) Test SSH Login with the New User
From your local machine, open a new terminal and connect using the ubuntu user:
ssh ubuntu@your_server_ip
Confirm that you can log in successfully before proceeding.
3) Harden SSH Configuration
Edit SSH daemon config:
sudo nano /etc/ssh/sshd_config
Ensure the following settings:
PasswordAuthentication no
PermitRootLogin no
Restart SSH to apply changes:
sudo service sshd restart
# or on some systems: sudo systemctl restart ssh
Now only key‑based authentication is allowed and root login via SSH is disabled.
4) Optional: Passwordless sudo for ubuntu
If you want the ubuntu user to run sudo without password prompts:
sudo visudo
Add this line at the end:
ubuntu ALL=(ALL) NOPASSWD:ALL
Save and exit. For stricter security, consider limiting to specific commands instead of ALL.
5) Verify and Cleanup
- Open a new SSH session as
ubuntuto verify access (ssh ubuntu@server). - Ensure you can run administrative commands:
sudo whoami(should printroot). - Keep your root session open until you’ve verified everything works.
Notes
- If using cloud images (e.g., Ubuntu on AWS), a default user may already exist (like
ubuntuorec2-user). You can adapt the steps to that user instead of creating a new one. - If locked out, use provider console access to revert SSH changes.
This setup improves security by removing root SSH access and enforcing key‑based authentication.
Post Details
Navigation
Related posts
Essential Security Practices to Protect Your Web Applications
Practical, easy-to-apply security improvements for any online project — from security headers, rate limiting, login protection, to safe file uploads and more.
Read more →Automated MongoDB Backup to S3 with Shell Script on Ubuntu
Learn how to create an automated MongoDB backup system using shell scripts that dump databases, compress them, and upload to AWS S3 with automatic cleanup.
Read more →Deploy Next.js on Ubuntu with Git, PM2, Nginx, and Certbot
Production-ready guide to deploy a Next.js app on Ubuntu using Git for code, PM2 for process management, Nginx as reverse proxy, and Certbot for HTTPS.
Read more →