1.1 Create a non-root user

For security, we would like to login in SSH via a non-root user

• adduser vpsadmin

  set password and follow prompts

• install sudo

  apt update
  apt install sudo

• add vpsadmin to sudo list

  visudo

  under User Privilege Specification, add

  vpsadmin ALL=(ALL) NOPASSWD: ALL

• save Ctrl + oand exit Ctrl + x (in nano)

• ⚠️Critical Security Risk To add vpsadmin to the sudo group in a safer way, I suggest

  usermod -aG sudo vpsadmin

  This requires your password everytime, but the attacker won't instantly gain full root control of your server without needing a password.

• verify the user has sudo access (optional)

  su - vpsadmin
  sudo whoami

  It should prompt for your password and output "root"

---

1.2 Switch SSH login port

• vim /etc/ssh/sshd_config

• pick a number from $1024<P<65535$, and set it as your port
• find #Port 22, uncomment it, and change it to your port
  • example:

    Port 3145

• save :w and exit :q (in vim)

  :wq

• restart ssh service

  systemctl restart ssh

• (important) test the new port before closing your current ssh session
  • open a new terminal on your local machine and try:

    ssh -p 3145 vpsadmin@YOUR_SERVER_IP

  • if it fails, do not logout from the old session (check firewall / provider rules first)

---

1.3 Disable Root Login

• open /etc/ssh/sshd_config via vim

  vim /etc/ssh/sshd_config

• find PermitRootLogin yes, uncomment it (if necessary), and change it to no to disable direct root access

  PermitRootLogin no

• save and exit

  :wq