After you have deployed your new droplet, it is important to create a new user and provide it with root privileges. This not only makes your virtual server more secure, but also prevents any drastic system damage/change that can happen when operating as root.
Once you know your IP address, login as the "root" user from the command line.
ssh root@xxx.xxx.xx.xx
Prompt: Are you sure you want to continue connecting (yes/no)?
Go ahead and type yes.
If you happen to receive a "man in the middle" warning, this is most likely because another fingerprint is associated with the virtual server's IP. To fix this, simply remove the files in the .ssh/known_hosts directory by utilizing the "remove" command:
rm .ssh/known_hosts
Retry logging in as the root user.
Currently, you do not have a root password with your freshly registered droplet. The next step is to change it to one of your choice from the command line:
passwd
It will ask you to type and confirm a password of your choice.
In this step, we will make a new user and give them all of the root capabilities.
You can make your username whatever you wish. Here, we'll be using "demo"-- simply replace it with your chosen username when applicable.
adduser demo
After you set the password, you do not need to enter any further information about the new user. You can leave all the following lines blank if you wish.
As of yet, only root has all of the administrative capabilities. We are going to give the new user the root privileges.
When you perform any root tasks with the new user, you will need to use the phrase “sudo” before the command. This is a helpful command for a few reasons, primarily in that it prevents the user from making any system-destroying mistakes and stores all the commands run with sudo to the file ‘/var/log/secure' (which can be reviewed later if needed).
Let’s go ahead and edit the sudo configuration. This can be done by using a text editor:
visudo
Find the section called user privilege specification. It will look like this:
# User privilege specification root ALL=(ALL:ALL) ALL
Add the following line right below the root privilege specification, granting all the
permissions to your new user:
demo ALL=(ALL:ALL) ALL
Type ‘cntrl x’ then 'y' to save and exit the file. Hit 'enter' to return to the command line.
At the moment, you are still logged into the root directory. In the future, login to your server directly with your newly setup username:
ssh demo@xxx.xxx.xx.xx
However, since you are already logged into your server as root, you can save time by using the sudo command to change over to your new user.
su demo
Remember, although you are now logged into your new username, you are still operating in the root directory. Simply use the cd command in order to switch over to your username's home directory.
Now you're all set!
You can also find the tutorial to install the LAMP stack on the server here or the LEMP stack here.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Please correct last hyperlink to correct one: https://www.digitalocean.com/community/articles/how-to-install-linux-nginx-mysql-php-lemp-stack-on-debian-7
@sergeax: Thanks, updated.
easy peasy… or, whatever
How about disallowing remote root login in /etc/ssh/sshd_config (set PermitRootLogin to no)
Removing the entire
known_hosts
file from your local computer will take away your ability to notice host key changes on every other remote machine you ssh to.Instead, use
ssh-keygen -R xxx.xxx.xx.xx
to remove the known_hosts entry for just the IP that you want to forget.You do realize that there’s no sudo or visudo in a Debian installation, right? Ubuntu has visudo and sudo but not Debian. If you want Debian set up like Ubuntu, you have to install sudo and do the configuration from there.
apt-get install sudo (I believe)
I’m sitting on a fresh Debian 8 VPS, checking just to make sure and there’s no visudo from root. I thought to double-check this because I’m new to Debian and was just reading last week about the philosophy difference in the use of sudo vs just logging in as root.
BTW, have you seen the great t-shirts that say, “# I am root?” Funny stuff! :-)