It's best practice to not use the root account whenever possible, instead using another local user account that has rights to elevate to root when necessary. This guide will go over how to do this, as well as disable direct root logins.

Follow the steps below to create a local user account that has administrative rights on Ubuntu 18.04 (this may also work on other distros), and then disallow direct root logins.

As you begin this guide, we assume you're currently logged in as root. If you are not, you may need to prefix your commands with sudo.

  1. Run adduser username. Replace username with your username of choice.
  2. Follow the prompts to create a password (you won't see the password as you type it, but it's typing), enter a full name, and just hit enter past all the other questions about room number, phones, and other. Type y when the prompt asks you if the information is correct. Hit Enter or return on your keyboard.
  3. Run usermod -aG sudo username to add your new username to the sudo group, which gives you administrative rights on the droplet.
  4. Run su username to log in as your new user.
  5. Run cd ~ to head to your new user's home directory.
  6. Run mkdir .ssh && cd .ssh && touch authorized_keys to create the file where you will add your public SSH key to this user, which will allow you to log in.
  7. Run nano authorized_keys to open the authorized_keys file in the nano text editor. Copy your public SSH key to your keyboard and then right click anywhere in the text editor to paste it. Remove any line breaks at the end. Hit Ctrl/Cmd+X and then type y and hit Enter or return on your keyboard to save the file.
  8. Now run sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config to disallow remote root logins.
  9. Finally, run sudo systemctl restart sshd.service to restart the SSH service and apply your changes.
  10. Test your changes by opening a new terminal while leaving the existing one open and attempting to log in using the new username you just created. Once you've verified everything works, you can close out both sessions.

You've now disallowed remote root logins and created a local user account that you can use in the future to execute commands on your droplet. Note that if you want to do anything that requires elevation, you'll need to type sudo before the command (and your password after you hit Enter/return, depending on your configuration).


I'm Nick Bentley – message me on Twitter and check out my website.