ubuntu

Setup a DigitalOcean Droplet with Ubuntu 14.04 onboard

Part One – User Accounts

Introduction

Clean droplet by DigitalOcean is too clean and completely not secured. In this article you found a number of actions to do to make your droplet a little safer from basic hacking tools.

Setup User Accounts

By default you are the root user on a server. If anyone finds out access to your account it’ll be the worst thing that may happen with the server, because root user can do anything with the server without any additional passwords.

So, first of all you need to create regular user.

Regular user

To make any actions with a server you need to login to the server with ssh.

>ssh root@SERVER_IP_ADDRESS

If you created the server with SSH key you will logged in without password, else you need to check out digitalocean account email for root password.

After you logged in you can execute any shell commands on your server.

Now, create a new user account (for example, called – demo):

# adduser demo

On executing server asks you for full account name, password and etc.

Root privileges

To allow server modification by newly created user you need to add him root privileges:

# gpasswd -a demo sudo

Public Key Authentication

If you want to enable SSH login without password you need to add your public key to authorized_keys of your server user.

So, switch current ssh user to your newly created user with command:

# su - demo

Now you need to create a .ssh folder and a authorized_keys file to enable public key authentication.

$ mkdir .ssh
$ chmod 700 .ssh

Create authorized_keys file and copy your public key into.

$ nano .ssh/authorized_keys
$ chmod 600 .ssh/authorized_keys
$ exit

Now you can login to server with your new account.

Reference