When you first create a new Debian 8 server, there are a few configuration steps that you should take early on as part of the basic setup. This will increase the security and usability of your server and will give you a solid foundation for subsequent actions.
Step One - Root Login
To log into your server initially, you will need to know your server's public IP address and the password for the "root" user's account. For servers on DigitalOcean, you will receive an email with your server credentials and the server's IP address.
The root user is the administrative user in a Linux environment that has very broad privileges. Because of the heightened privileges of the root account, you are actually discouraged from using it on a regular basis. This is because part of the power inherent with the root account is the ability to make very destructive changes, even by accident.
We'll teach you how to gain increased privileges during the times when you need them. The first step is to log into your server, and the only account we start out with is the root account. We can connect to the server by using the
ssh command in the terminal. The command will look like this:
You will most likely see a warning in your terminal that looks like this:
The authenticity of host '220.127.116.11 (18.104.22.168)' cant be established. ECDSA key fingerpring is 79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0. Are you sure you want to continue connecting (yes/no)?
Here, your computer is basically telling you that it doesn't recognize your remote server. Since this is your first time connecting, this is completely expected. Go ahead and type "yes" to accept the connection. Afterwards, you'll need to enter the password for the root account.
Step Two - Change Your Password
You are not likely to remember the password that is currently set for your root account. You can change the password to something you will remember more easily by typing:
It will ask you to enter and confirm your new password. During this process, you will not see anything show up on your screen as you type. This is intentional and is there so that people looking over your shoulder cannot guess your password by the number of characters.
Step Three - Create a New User
At this point, we're prepared to add the new user account that we will use to log in from now on. I'm going to name my user "demo", but you can select whatever name you'd like:
You will be asked a few questions, starting with the account password. Fill out the password and, optionally, fill in any of the additional information if you would like. This is not required and you can just hit "ENTER" in any field you wish to skip.
Step Four - Root Privileges
To avoid having to log out of our normal user and log back in as the root account, we can set up what is known as "sudo" privileges for our normal account. This will allow our normal user to run commands with administrative privileges by putting the word "sudo" before each command.
To add these privileges to our new account, we need to use a command called
visudo. This will open a configuration file.Scroll down until you find a section that deals with user privileges. It will look similar to this:
# User privilege specification root ALL=(ALL:ALL) ALL
While this might look complicated, we don't need to worry about that. All we need to do is add another line below it that follows the format, replacing "demo" with the user you created:
# User privilege specification root ALL=(ALL:ALL) ALL demo ALL=(ALL:ALL) ALL
After this is done, press CTRL-X to exit. You will have to type "Y" to save the file and then press "ENTER" to confirm the file location.
Step Five - Configure SSH (Optional)
Now that we have our new account, we can secure our server a little bit by modifying the configuration of SSH (the program that allows us to log in remotely). Begin by opening the configuration file with your editor as root:
Continue reading this guide at Digital Ocean. This article has been used as an example of an Ecko Ghost theme. This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.