Secure SSH and enable sudo

By default, a fresh Ubuntu installation allowes a root user to connect by password. That’s a big security risk because of two points - working with root users and working with passwords. Way better is to work with sudo and to disable password authentication for SSH - and use certificates instead.

This tutorials guides you through the required steps to do so.

Start with adding a user:

adduser my_user

Add user to sudo group:

usermod -a -G sudo my_user

If you want to authenticate using ssh keys, run this command from your client (where the ssh key is stored) – replace my_user and my_server.example.com:

ssh-copy-id my_user@my_server.example.com

Now we have to disable SSH login for the user root. Edit /etc/ssh/sshd_config:

nano /etc/ssh/sshd_config

And set PermitRootLogin to no and PasswordAuthentication to no:

PermitRootLogin no
PasswordAuthentication no

Now, restart SSH:

sudo service ssh restart

End the current ssh connection by typing exit and reconnect as the newly created user.

ssh my_user@my_server.example.com