How to Create a Non-Root User and Disable Root SSH Access in Ubuntu
Learn how to create a non-root user on Ubuntu for improved security. Follow these simple steps to add a new user, grant sudo privileges, and disable root SSH access to secure your server.
When managing an Ubuntu server, one of the first and most critical security steps is to create a non-root user and disable direct root access. The root account has unrestricted access to the system, meaning any accidental command execution or security breach can have catastrophic consequences. Using a non-root user with sudo privileges limits potential damage by requiring authentication for administrative tasks.
Additionally, allowing direct SSH access for the root user poses a significant security risk, as attackers frequently target root logins in brute-force attacks. Disabling root SSH access and using a non-root user significantly reduces the risk of unauthorized access and improves overall system security.
Here’s how you can create a non-root user, grant them administrative privileges, and disable root SSH access.
Step 1: Log in as Root
If you've just set up your Ubuntu server, log in via SSH using:
ssh root@your_server_ip
If you're working on a local machine, simply open a terminal.
Step 2: Create a New Non-Root User
Run the following command to create a new user, replacing yourusername with your preferred username:
adduser yourusername
You'll be prompted to set a password and optionally provide additional user details.
Step 3: Grant Sudo Privileges to the New User
To allow the new user to run administrative commands, add them to the sudo group:
usermod -aG sudo yourusername
Step 4: Verify the New User's Privileges
Switch to the new user:
su - yourusername
Then, test sudo access by running:
sudo whoami
If the command returns root, the setup is successful, and the user has the necessary administrative rights.
Step 5: Disable Root SSH Access
Now that your non-root user is set up, it's important to disable root SSH access to enhance security.
Open the SSH configuration file using a text editor like nano:
sudo nano /etc/ssh/sshd_config
Locate the following line:
PermitRootLogin yes
Change it to:
PermitRootLogin no
Save the file (press CTRL + X, then Y, and hit Enter).
Restart the SSH service for changes to take effect:
sudo systemctl restart ssh
Step 6: Test Your New SSH Access
Before closing your current session, open a new terminal and test SSH access using your non-root user:
ssh yourusername@your_server_ip
If you can log in and use sudo commands, your setup is complete.
Conclusion
Now you have a secure non-root user with sudo access, and SSH access for the root user is disabled. This significantly reduces security risks, making your Ubuntu server more resilient against unauthorized access and attacks. For additional security, consider using SSH key authentication instead of passwords.