Initialize Ubuntu Droplet in DigitalOcean
This is a simple instruction on how to initialize Ubuntu Droplet in DigitalOcean. We will use Ubuntu 16.04 32 bit in this case.
We have to use a normal user instead of the root account. Normally the root account should be disabled. First, we have to add a user by executing the following command. Let’s assume the intended username is john.
Then we need to add the above user account into sudo group by executing the following command.
gpasswd -a john sudo
Assuming you generated an SSH key pair using the previous step, use the following command at the terminal of your local machine to print your public key (id_rsa.pub):
This should print your public SSH key, which should look something like the following:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBGTO0tsVejssuaYR5R3Y/i73SppJAhme1dH7W2c47d4gOqB4izP0+fRLfvbz/tnXFz4iOP/H6eCV05hqUhF+KYRxt9Y8tVMrpDZR2l75o6+xSbUOMu6xN+uVF0T9XzKcxmzTmnV7Na5up3QM3DoSRYX/EP3utr2+zAqpJIfKPLdA74w7g56oYWI9blpnpzxkEd3edVJOivUkpZ4JoenWManvIaSdMTJXMy3MtlQhva+j9CgguyVbUkdzK9KKEuah+pFZvaugtebsU+bllPTB0nlXGIJk98Ie9ZtxuY3nCKneB+KjKiXrAvXUPCI9mWkYS/1rggpFmu3HbXBnWSUdf firstname.lastname@example.org
Select the public key, and copy it to your clipboard.
Add Public Key to New Remote User
To enable the use of SSH key to authenticate as the new remote user, you must add the public key to a special file in the user’s home directory.
On the server, as the root user, enter the following command to switch to the new user (substitute your own user name):
su - demo
Now you will be in your new user’s home directory.
Create a new directory called .ssh and restrict its permissions with the following commands:
chmod 700 .ssh
Now open a file in .ssh called authorized_keys with a text editor. We will use nano to edit the file:
Now insert your public key (which should be in your clipboard) by pasting it into the editor.
Hit CTRL-X to exit the file, then Y to save the changes that you made, then ENTER to confirm the file name.
Now restrict the permissions of the authorized_keys file with this command:
chmod 600 .ssh/authorized_keys
Now that we have our new account, we can secure our server a little bit by modifying its SSH daemon configuration (the program that allows us to log in remotely) to disallow remote SSH access to the rootaccount.
Begin by opening the configuration file with your text editor as root:
Next, we need to find the line that looks like this:
Here, we have the option to disable root login through SSH. This is generally a more secure setting since we can now access our server through our normal user account and escalate privileges when necessary.
Modify this line to “no” like this to disable root login:
Disabling remote root login is highly recommended on every server!
When you are finished making your changes, save and close the file using the method we went over earlier (CTRL-X, then Y, then ENTER).
Now that we have made our change, we need to restart the SSH service so that it will use our new configuration.
Type this to restart SSH:
service ssh restart
Now, before we log out of the server, we should test our new configuration. We do not want to disconnect until we can confirm that new connections can be established successfully.
Open a new terminal window on your local machine. In the new window, we need to begin a new connection to our server. This time, instead of using the root account, we want to use the new account that we created.
For the server that we showed you how to configure above, you would connect using this command. Substitute your own user name and server IP address where appropriate:
Note: If you are using PuTTY to connect to your servers, be sure to update the session’s port number to match your server’s current configuration.
You will be prompted for the new user’s password that you configured. After that, you will be logged in as your new user.
Remember, if you need to run a command with root privileges, type “sudo” before it like this:
If all is well, you can exit your sessions by typing: exit