Part One – User Accounts
Clean droplet by DigitalOcean is too clean and completely not secured. In this article you found a number of actions to do to make your droplet a little safer from basic hacking tools.
Setup User Accounts
By default you are the root user on a server. If anyone finds out access to your account it’ll be the worst thing that may happen with the server, because root user can do anything with the server without any additional passwords.
So, first of all you need to create regular user.
To make any actions with a server you need to login to the server with ssh.
If you created the server with SSH key you will logged in without password, else you need to check out digitalocean account email for root password.
After you logged in you can execute any shell commands on your server.
Now, create a new user account (for example, called – demo):
# adduser demo
On executing server asks you for full account name, password and etc.
To allow server modification by newly created user you need to add him root privileges:
# gpasswd -a demo sudo
Public Key Authentication
If you want to enable SSH login without password you need to add your public key to authorized_keys of your server user.
So, switch current ssh user to your newly created user with command:
# su - demo
Now you need to create a .ssh folder and a authorized_keys file to enable public key authentication.
$ mkdir .ssh $ chmod 700 .ssh
Create authorized_keys file and copy your public key into.
$ nano .ssh/authorized_keys $ chmod 600 .ssh/authorized_keys $ exit
Now you can login to server with your new account.