Ubuntu – Create a new SSH user on Ubuntu Server


Just created a new virtual Ubuntu server and I'm in the process of hardening it for production use. I currently have a root account. I want to do the following:

  • Create a new user (let's call them jim for the rest of this). I want them to have a /home/ directory.
  • Give jim SSH access.
  • Allow jim to su to root but not perform sudo operations.
  • Turn off root SSH access.
  • Move SSHd off to a non-standard port to help stop brute-attacks.

My problem lies with the first two items. I've already found useradd but for some reason, I can't log in as a user created with it over SSH. Do I need to beat SSHd to allow this?

Best Answer

Edit (as root) /etc/ssh/sshd_config. Append the following to it:

Port 1234
PermitRootLogin no
AllowUsers jim

Port 1234 causes SSH to listen on port 1234. You can use any unused port from 1 to 65535. It's recommended to choose a privileged port (port 1-1024) which can only be used by root. If your SSH daemon stops working for some reason, a rogue application can't intercept the connection.

PermitRootLogin disallows direct root login.

AllowUsers jim allows user jim to login through SSH. If you do not have to login from everywhere, you can make this more secure by restricting jim to an IP address (replace with your actual IP address):

AllowUsers jim@

Changes to the configuration file /etc/ssh/sshd_config are not immediately applied, to reload the configuration, run:

sudo service ssh reload
Related Question