Admin User

The admin user will be your remote access user for maintenance, upgrades, etc. Use this user instead of root going forward.

Create the admin user (and record the password somewhere secure).

adduser admin

Then add the admin user to sudoers (enabling the sudo command for this user). Update the sudoers file.

/etc/sudoers

Defaults env_reset Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" root ALL=(ALL:ALL) ALL %admin ALL=(ALL) NOPASSWD: ALL %sudo ALL=(ALL:ALL) ALL #includedir /etc/sudoers.d

Lock down this server so that only the admin user can access it. Change or add these lines to your SSH config:

/etc/ssh/sshd_config

PermitRootLogin no PasswordAuthentication yes AllowUsers admin

Restart SSH.

service ssh restart

Switch to the admin user now, and create an RSA key. Change the comment to reflect the name of this server, e.g. "admin@app-server". Press [enter] when prompted to accept the default location.

su - admin
ssh-keygen -t rsa -C "admin@build-server" -qN ""

Finally, you should have a RSA key on your local machine (if you don't, you should make one!). Copy your public key to the authorized keys of the admin user. This will allow you to log in from your local machine without using a password.

echo "yourpublickey" >> ~/.ssh/authorized_keys

Admin User

Admin User

/etc/sudoers

/etc/ssh/sshd_config

results matching ""

No results matching ""