Server Setup: Creating and Using ubuntu User on DigitalOcean (Ubuntu 24.04 LTS)
This document explains how to migrate from root login to a secure, non-root user named ubuntu, and why each command is used.
1. Create the ubuntu user
adduser ubuntu
Creates a normal Linux user.
The password is used only for sudo, not SSH (if key-based login is enabled).
2. Grant sudo privileges
usermod -aG sudo ubuntu
Adds the user to the sudo group so administrative commands can be run safely.
Verify:
groups ubuntu
Expected:
ubuntu : ubuntu sudo users
3. Copy SSH keys from root to ubuntu
rsync --archive --chown=ubuntu:ubuntu /root/.ssh /home/ubuntu
What this does
- Copies SSH configuration and keys from
root - Preserves permissions and structure
- Forces correct ownership for SSH to work
Why this is required
SSH rejects keys if they are owned by another user or have unsafe permissions.
4. Fix permissions (critical for SSH)
chmod 700 /home/ubuntu/.ssh
chmod 600 /home/ubuntu/.ssh/authorized_keys
SSH will refuse to authenticate if these permissions are too open.
5. Test login as ubuntu
Open a new terminal:
ssh ubuntu@SERVER_IP
Verify identity:
whoami
Verify sudo:
sudo whoami
Expected output:
root
6. Disable root SSH login (recommended)
Edit SSH config:
sudo nano /etc/ssh/sshd_config
Set:
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
Restart SSH:
sudo systemctl restart ssh
7. (Optional) Lock root account completely
sudo passwd -l root
Prevents root from logging in locally or remotely.
Final Security State
| Item | Status |
|---|---|
| Root SSH login | Disabled |
| Primary admin user | ubuntu |
| Authentication | SSH key only |
| Privilege escalation | sudo |
| OS | Ubuntu 24.04 LTS |
Best Practice Notes
- Never deploy apps as root
- Use
sudoonly when required - Keep SSH key-only authentication
- Rotate keys periodically
File: server-setup.md