1. Creating a New User

The user creation is performed from the command line as follows:

AlmaLinux / Debian:

sudo useradd -m -s /bin/bash new_user sudo passwd new_user

Selitykset:

useradd: Creates a user account.

-m: Creates a home directory for the user.

-s /bin/bash: Sets the default shell for the user to bash.

passwd new_user: Sets the password for the new user.

2. Logging in with the New User and Disabling Root Login

To allow only regular users to log in via SSH, root login should be disabled. This enhances the system's security because attackers cannot directly use the root account via SSH. Instead, the user can log in and use the sudo command to gain administrative rights when necessary.

2.1. Disabling Root Login

Open the SSH server configuration file:

sudo nano /etc/ssh/sshd_config

Find and modify the following lines:

PermitRootLogin no PasswordAuthentication yes

PermitRootLogin no: Disables root login via SSH.

PasswordAuthentication yes: Ensures users can log in using a password, but this will later be changed to RSA key authentication.

Save and close the file, then restart the SSH service:

sudo systemctl restart sshd

3. Setting up an RSA Key for the User and Disabling Password Login

Using an RSA key is a more secure way to log in via SSH because it is not susceptible to password-based attacks like brute force. We will set up an RSA key for the user and disable password-based login.

3.1. Create SSH Keys

If you don't already have SSH keys, generate them using ssh-keygen:

ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa

This creates a 4096-bit RSA key and generates two files:

id_rsa (private key)

id_rsa.pub (public key)

3.2. Copy the Public Key to the Server

Use the ssh-copy-id command to add the public key to the server:

ssh-copy-id -i ~/.ssh/id_rsa.pub new_user@server_ip

This adds the public key to the user's ~/.ssh/authorized_keys file on the server.

3.3. Disable Password Login

Go back to the SSH configuration file and modify the PasswordAuthentication line as follows:

PasswordAuthentication no

This disables password-based login to the server. The user can only log in using the RSA key.

Save the file and restart the SSH service:

sudo systemctl restart sshd

4. Changing the SSH Port

The default SSH port is 22, but changing it can improve security by reducing automated attacks.

4.1. Change the SSH Port

Open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find the following line and change it to the port you desire:

Port 2222

Alternatively, you can choose any port that is not already in use.

4.2. Allow the New Port in the Firewall

If you are using the firewalld firewall, add the new port to the allowed list:

sudo firewall-cmd --zone=public --add-port=2222/tcp --permanent sudo firewall-cmd --reload

If you are using ufw (typically used on Debian):

sudo ufw allow 2222/tcp sudo ufw reload

4.3. Restart the SSH Service

Finally, restart the SSH service:

sudo systemctl restart sshd
Was this answer helpful? 4 Users Found This Useful (7 Votes)

Most Popular Articles

How to backup Debian 11

Here is a simple and easy-to-follow method to backup your Debian 11 server:   1. Create a...
How to install GUI on Debian10/11

In this article I will show you how to install desktop to your Debian10/11   1. First log in to...
Graafisen työpöydän asennus Almalinux 9

Hei, tässä artikkelissa näytän, kuinka voit asentaa graafisen ulkoasun Almalinux 9 versiolle....
UFW basics

UFW (Uncomplicated Firewall) is a software that provides a user interface for managing the...
How to install a desktop on a Ubuntu server?

Hey, in this article I will show you how to install GUI on your Ubuntu server.   1. First log...