Running all commands as root is a security risk. A mistake as root can cause irreversible damage. This guide creates a non-root user with sudo privileges for day-to-day server management.
Step 1 — Create the User
>_BASH
$adduser deployOUTPUT
Adding user 'deploy' ...
Adding new group 'deploy' (1001) ...
Adding new user 'deploy' (1001) with group 'deploy' ...
Creating home directory '/home/deploy' ...
New password:
Retype new password:
passwd: password updated successfully
Full Name []: Deploy User
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] YStep 2 — Grant Sudo Privileges
>_BASH
$usermod -aG sudo deployVerify the group membership:
>_BASH
$groups deployOUTPUT
deploy : deploy sudoStep 3 — Copy SSH Key to the New User
>_BASH
$rsync --archive --chown=deploy:deploy ~/.ssh /home/deployVerify the key was copied:
>_BASH
$ls -la /home/deploy/.ssh/OUTPUT
total 16
drwx------ 2 deploy deploy 4096 Apr 24 10:00 .
drwxr-xr-x 3 deploy deploy 4096 Apr 24 10:00 ..
-rw------- 1 deploy deploy 571 Apr 24 10:00 authorized_keysStep 4 — Test the New User
Open a new terminal and test the connection:
>_BASH
$ssh deploy@YOUR_SERVER_IPTest sudo access:
>_BASH
$sudo apt updateOUTPUT
[sudo] password for deploy:
Hit:1 http://archive.ubuntu.com/ubuntu jammy InReleaseStep 5 — Disable Root Login
Once you have confirmed the new user works, disable root SSH login:
>_BASH
$sudo nano /etc/ssh/sshd_configINI
PermitRootLogin no>_BASH
$sudo systemctl restart sshd[!IMPORTANT] Always test the new user in a separate terminal before disabling root login. If you lock yourself out, you will need to use the LightYear console to regain access.