Initialize Ubuntu Droplet in DigitalOcean

This is a simple instruction on how to initialize Ubuntu Droplet in DigitalOcean. We will use Ubuntu 16.04 32 bit in this case.

We have to useĀ a normal user instead of the root account. Normally the root account should be disabled. First, we have to add a user by executing the following command. Let’s assume the intended username is john.

adduser john

Then we need to add the above user account into sudo group by executing the following command.

gpasswd -a john sudo

Assuming you generated an SSH key pair using the previous step, use the following command at the terminal of your local machine to print your public key (id_rsa.pub):

cat ~/.ssh/id_rsa.pub

This should print your public SSH key. Please copy it to your clipboard.

Add Public Key to New Remote User

To enable the use of SSH key to authenticate as the new remote user, you must add the public key to a special file in the user’s home directory.

On the server, as the root user, enter the following command to switch to the new user (substitute your own user name):

su - demo

Now you will be in your new user’s home directory.

Create a new directory called .ssh and restrict its permissions with the following commands:

mkdir .ssh
chmod 700 .ssh

Now open a file in .ssh called authorized_keys with a text editor. We will use nano to edit the file:

nano .ssh/authorized_keys

Now insert your public key (which should be in your clipboard) by pasting it into the editor.

Hit CTRL-X to exit the file, then Y to save the changes that you made, then ENTER to confirm the file name.

Now restrict the permissions of the authorized_keys file with this command:

chmod 600 .ssh/authorized_keys

Now that we have our new account, we can secure our server a little bit by modifying its SSH daemon configuration (the program that allows us to log in remotely) to disallow remote SSH access to the rootaccount.

Begin by opening the configuration file with your text editor as root:

nano /etc/ssh/sshd_config

Next, we need to find the line that looks like this:

/etc/ssh/sshd_config (before)
PermitRootLogin yes

Here, we have the option to disable root login through SSH. This is generally a more secure setting since we can now access our server through our normal user account and escalate privileges when necessary.

Modify this line to “no” like this to disable root login:

/etc/ssh/sshd_config (after)
PermitRootLogin no

Disabling remote root login is highly recommended on every server!

When you are finished making your changes, save and close the file using the method we went over earlier (CTRL-X, then Y, then ENTER).

Now that we have made our change, we need to restart the SSH service so that it will use our new configuration.

Type this to restart SSH:

service ssh restart

Now, before we log out of the server, we should test our new configuration. We do not want to disconnect until we can confirm that new connections can be established successfully.

Open a new terminal window on your local machine. In the new window, we need to begin a new connection to our server. This time, instead of using the root account, we want to use the new account that we created.

For the server that we showed you how to configure above, you would connect using this command. Substitute your own user name and server IP address where appropriate:

ssh demo@SERVER_IP_ADDRESS

Note: If you are using PuTTY to connect to your servers, be sure to update the session’s port number to match your server’s current configuration.

You will be prompted for the new user’s password that you configured. After that, you will be logged in as your new user.

Remember, if you need to run a command with root privileges, type “sudo” before it like this:

sudo command_to_run

If all is well, you can exit your sessions by typing: exit