New VPS Setup

Setting up new user

First create a new user

sudo adduser username

Then add user to sudo and docker groups

sudo usermod -aG sudo username && sudo usermod -aG docker username

You can then also switch and verify with

su - username 
# And then run
whoami

Make sure to replace "username" with your desired username. The adduser command will prompt you to set a password and provide optional information like full name and phone number.

Configure SSH

Now we will disable root account login and only allow login via SSH-Key authentication for the newly created user

First, generate SSH keys on your local machine if you haven't already:

ssh-keygen -t ed25519 -C "your_email@example.com"

Copy your public key to the server:

ssh-copy-id username@your_server_ip

Or manually add it to authorized_keys:

mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "your_public_key_content" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Make the following changes to disable root login and password authentication:

# Disable root login
PermitRootLogin no
# Disable password authentication
PasswordAuthentication no
ChallengeResponseAuthentication no
# Allow only key-based authentication
PubkeyAuthentication yes
# Optional: Change SSH port (for additional security)
# Port 2222

Alternatively to enable root login but only via ssh

# Enable root login but only via SSH key
PermitRootLogin prohibit-password

This setting allows root login but only with SSH key authentication, not with passwords. It's generally more secure to use a non-root user with sudo privileges, but this option is available if needed.

Restart the SSH service to apply changes:

sudo systemctl restart sshd
# Depending on OS it might also be
sudo systemctl restart ssh

Important: Before logging out, test the new configuration in a new terminal session to ensure you can still access the server. This prevents lockouts.

ssh username@your_server_ip