In this article, we’re going to show you how you can create a new user in CentOS Cloud Servers. This is a task you will want to complete as soon as possible during your initial VPS setup phase, because you are advised against using the default “root” user account for your daily tasks. Below, we will also show you how to:
How to Create a New User in CentOS
Remember that we are currently assuming the root user when first logging into the VPS. Without a superuser account, these commands would require that you add “sudo” at the beginning of the command line in order to run properly.
Be sure to substitute your custom username in place of “username” as used below.
- Create the user with this command:
adduser username
- Assign a secure password for this user:
passwd username
- Add the user to the wheel group:
usermod -a -G wheel username
Now we have a new user who belongs to the “wheel” group. Being in the wheel group means that the user can assume root privileges when necessary by adding “sudo” before any command that requires elevated privileges.
Disallow Root Logins
As an extra security step after you create a new user, you can disallow root logins over SSH. In order to do this, you can log in again as the root user or stay logged in from the session above in order to edit your SSH configuration file.
- Edit the configuration file with your preferred text editor (Nano, Vim, Vi, etc.):
nano /etc/ssh/sshd_config
- Edit the line that begins with PermitRootLogin:
- PermitRootLogin without-password
+ PermitRootLogin no
- Save and exit the file.
- Restart your SSH service:
systemctl reload sshd
How to Login with SSH Keys
This is very important to set up because your account automatically disables password authentication. This means you will need to log in with SSH keys in order to use your new user.
- Switch to your new user if still logged in as root:
su username
- Change directory to home:
cd
- Make an .ssh directory:
mkdir .ssh
- Navigate into the new .ssh directory and create an authorized_keys file:
nano authorized_keys
- Paste your public key into the authorized_keys file. This would be everything in the .pub file from your current SSH key.
- Change permissions for the .ssh directory:
chmod 700 ~/.ssh
- Change permissions for the authorized_keys file:
chmod 600 ~/.ssh/authorized_keys
Next Steps
Make sure to test your new login in a separate terminal window before logging out of the root user. If there are any issues, you can resolve them in that terminal session. Once you’ve completed this task, consider taking additional steps to secure your Linux server. Change the default SSH port from 22 to uncommonly used port to defend against malicious port scans and SSH-based cyber attacks. Learn how to audit your web server logs or implement a security event management application to track SSH login attempts. Find some valuable CentOS hardening guides.
Learn more system administration tasks with our Cloud Server Hosting Product Guide.