This guide provides a step-by-step walkthrough for creating a new user account on a Debian server, granting them sudo privileges, and setting up SSH key-based authentication for secure remote access.
First, log in to your server as a user with sudo privileges (like the root user).
Use the adduser command to create the new user. This command is interactive and will prompt you to set a password and fill in some optional user information. Replace newuser with the desired username.
sudo adduser newuser
For the new user to be able to perform administrative tasks, they need to be added to the sudo group.
sudo usermod -aG sudo newuser
This command adds the newuser to the sudo group, allowing them to execute commands with sudo.
To enhance security, we will set up SSH key-based authentication, which is more secure than using passwords.
If you don't already have an SSH key pair, generate one on your local machine (not the server).
ssh-keygen -t rsa -b 4096
This will create a private key (id_rsa) and a public key (id_rsa.pub) in your ~/.ssh directory.
Now, copy your public key to the new user's home directory on the server. The ssh-copy-id command is the easiest way to do this. Replace newuser and your_server_ip accordingly.
ssh-copy-id newuser@your_server_ip
You will be prompted for the newuser's password that you set in Step 1.
If ssh-copy-id is not available, you can do it manually.
First, display your public key on your local machine:
cat ~/.ssh/id_rsa.pub
Copy the output. Now, on the server, switch to the new user:
su - newuser
Create the .ssh directory and the authorized_keys file:
mkdir -p ~/.ssh
touch ~/.ssh/authorized_keys
Now, paste your public key into the authorized_keys file. You can use a text editor like nano:
nano ~/.ssh/authorized_keys
Finally, set the correct permissions to ensure SSH works correctly:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Exit back to your sudo user session:
exit
You should now be able to SSH into the server as the new user without a password.
ssh newuser@your_server_ip
After confirming that key-based authentication is working, it's a good practice to disable password-based authentication to improve security.
Open the SSH configuration file with nano:
sudo nano /etc/ssh/sshd_config
Find the PasswordAuthentication line and change its value to no:
PasswordAuthentication no
Also, it's often recommended to disable root login over SSH. Find the PermitRootLogin line and change it to no:
PermitRootLogin no
Save and close the file. To apply the changes, restart the SSH service:
sudo systemctl restart sshd
Your server is now more secure, and you can use the new user account for your administrative tasks.