Re: [bitfolk] Adding a new user

Hello, On Tue, Sep 14, 2021 at 09:01:35AM +0100, Andres Muniz wrote: Seems okay only a couple of comments: - I don't know why it's saying "ssh root@server_address" as the first step when root login is normally disabled on ubuntu, and then it doesn't use root login anywhere else in the instructions anyway - it just uses sudo. - Creating ~/.ssh and editing ~/.ssh/authorized_keys: It might be worth mentioning that the permissions on these files/directory need to be quite tight. Depending on what your user's umask is, creating them may leave them as "other" readable and then sshd will ignore them. I tend to recursively remove all group and other permissions after creating authorized_keys: $ chmod -Rc go= ~/.ssh Or if doing this for another user: $ sudo chmod -Rc go= ~user/.ssh R - recursive c - show changes go= - set group and other permissions to nothing I would echo the other comments about securing SSH. If possible it would be really good to turn off password access and only allow access by SSH public keys. The most common form of compromise here is still brute force SSH dictionary attack. It only takes someone to set their password to something weak, or for example if someone were to add a user "mysite" with password "mysite" never intended to log in only to hold files for a web site. That has happened before (there are better ways to do that though). Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting