Step One — Root Login
To log into your server initially, you will need to know your server’s public IP address and the password for the “root” user’s account. For servers on DigitalOcean, you will receive an email with your server credentials and the server’s IP address.
The root user is the administrative user in a Linux environment that has very broad privileges. Because of the heightened privileges of the root account, you are actually discouraged from using it on a regular basis. This is because part of the power inherent with the root account is the ability to make very destructive changes, even by accident.
In this guide, we’ll help you set up an alternative user account with a reduced scope of influence for day-to-day work. We’ll teach you how to gain increased privileges during the times when you need them. The first step is to log into your server, and the only account we start out with is the root account. We can connect to the server by using the ssh
command in the terminal. The command will look like this:
ssh root@server_ip_address
You will most likely see a warning in your terminal window that looks like this:
The authenticity of host '123.123.123.123 (123.123.123.123)' can't be established.
ECDSA key fingerpring is
79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0.
Are you sure you want to continue connecting (yes/no)?
Here, your computer is basically telling you that it doesn’t recognize your remote server. Since this is your first time connecting, this is completely expected. Go ahead and type “yes” to accept the connection. Afterwards, you’ll need to enter the password for the root account.
Step Two — Change Your Password
You are not likely to remember the password that is currently set for your root account. You can change the password to something you will remember more easily by typing:
passwd
It will ask you to enter and confirm your new password. During this process, you will not see anything show up on your screen as you type. This is intentional and is there so that people looking over your shoulder cannot guess your password by the number of characters.
Step Three — Create a New User
At this point, we’re prepared to add the new user account that we will use to log in from now on. I’m going to name my user “demo”, but you can select whatever name you’d like:
adduser demo
You will be asked a few questions, starting with the account password. Fill out the password and, optionally, fill in any of the additional information if you would like. This is not required and you can just hit “ENTER” in any field you wish to skip.
Step Four — Root Privileges
To avoid having to log out of our normal user and log back in as the root account, we can set up what is known as “sudo” privileges for our normal account. This will allow our normal user to run commands with administrative privileges by putting the word “sudo” before each command. To add these privileges to our new account, we need to use a command called visudo
. This will open a configuration file:
visudo
Scroll down until you find a section that deals with user privileges. It will look similar to this:
# User privilege specification
root ALL=(ALL:ALL) ALL
While this might look complicated, we don’t need to worry about that. All we need to do is add another line below it that follows the format, replacing “demo” with the user you created:
# User privilege specification
root ALL=(ALL:ALL) ALL
demo ALL=(ALL:ALL) ALL
After this is done, press CTRL-X to exit. You will have to type “Y” to save the file and then press “ENTER” to confirm the file location.
Step Five — Configure SSH (Optional)
Now that we have our new account, we can secure our server a little bit by modifying the configuration of SSH (the program that allows us to log in remotely). Begin by opening the configuration file with your text editor as root:
nano /etc/ssh/sshd_config
Continue reading this guide at Digital Ocean. This article has been used as an example of an Ecko WordPress theme. This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.