Tutorial

Initial Server Setup with Debian 7

Published on November 4, 2013
author

Adam LaGreca

Initial Server Setup with Debian 7

The Basics

After you have deployed your new droplet, it is important to create a new user and provide it with root privileges. This not only makes your virtual server more secure, but also prevents any drastic system damage/change that can happen when operating as root.

1) Root Login

Once you know your IP address, login as the "root" user from the command line.

ssh root@xxx.xxx.xx.xx

Prompt: Are you sure you want to continue connecting (yes/no)?

Go ahead and type yes.

Potential Warning

If you happen to receive a "man in the middle" warning, this is most likely because another fingerprint is associated with the virtual server's IP. To fix this, simply remove the files in the .ssh/known_hosts directory by utilizing the "remove" command:

rm .ssh/known_hosts

Retry logging in as the root user.

2) Change Your Password

Currently, you do not have a root password with your freshly registered droplet. The next step is to change it to one of your choice from the command line:

passwd

It will ask you to type and confirm a password of your choice.

3) Create a New User

In this step, we will make a new user and give them all of the root capabilities.

You can make your username whatever you wish. Here, we'll be using "demo"-- simply replace it with your chosen username when applicable.

adduser demo

After you set the password, you do not need to enter any further information about the new user. You can leave all the following lines blank if you wish.

4) Root Privileges

As of yet, only root has all of the administrative capabilities. We are going to give the new user the root privileges.

When you perform any root tasks with the new user, you will need to use the phrase “sudo” before the command. This is a helpful command for a few reasons, primarily in that it prevents the user from making any system-destroying mistakes and stores all the commands run with sudo to the file ‘/var/log/secure' (which can be reviewed later if needed).

Let’s go ahead and edit the sudo configuration. This can be done by using a text editor:

visudo

Find the section called user privilege specification. It will look like this:

# User privilege specification
root    ALL=(ALL:ALL) ALL

Add the following line right below the root privilege specification, granting all the

permissions to your new user:

demo    ALL=(ALL:ALL) ALL

Type ‘cntrl x’ then 'y' to save and exit the file. Hit 'enter' to return to the command line.

5) SSH as New User

At the moment, you are still logged into the root directory. In the future, login to your server directly with your newly setup username:

ssh demo@xxx.xxx.xx.xx

However, since you are already logged into your server as root, you can save time by using the sudo command to change over to your new user.

su demo

Remember, although you are now logged into your new username, you are still operating in the root directory. Simply use the cd command in order to switch over to your username's home directory.

Now you're all set!

See More

You can also find the tutorial to install the LAMP stack on the server here or the LEMP stack here.

By Adam LaGreca

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about our products

About the authors
Default avatar
Adam LaGreca

author

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
6 Comments


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Kamal Nasser
DigitalOcean Employee
DigitalOcean Employee badge
November 18, 2013

@sergeax: Thanks, updated.

easy peasy… or, whatever

How about disallowing remote root login in /etc/ssh/sshd_config (set PermitRootLogin to no)

Removing the entire known_hosts file from your local computer will take away your ability to notice host key changes on every other remote machine you ssh to.

Instead, use ssh-keygen -R xxx.xxx.xx.xx to remove the known_hosts entry for just the IP that you want to forget.

You do realize that there’s no sudo or visudo in a Debian installation, right? Ubuntu has visudo and sudo but not Debian. If you want Debian set up like Ubuntu, you have to install sudo and do the configuration from there.

apt-get install sudo (I believe)

I’m sitting on a fresh Debian 8 VPS, checking just to make sure and there’s no visudo from root. I thought to double-check this because I’m new to Debian and was just reading last week about the philosophy difference in the use of sudo vs just logging in as root.

BTW, have you seen the great t-shirts that say, “# I am root?” Funny stuff! :-)

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Join the Tech Talk
Success! Thank you! Please check your email for further details.

Please complete your information!

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.