Create a sudo user Create a dedicated administrator account, configure SSH keys, and reduce root exposure on your HolyCloud VPS. ~8 min read Beginner #ssh #sudo #user #security Create a sudo user On a HolyCloud Linux VPS, initial access is often as root via password or key provided at provisioning. For production, create a personal admin user, enable sudo, and set up key authentication before restricting root login. Prerequisites A HolyCloud Linux VPS (Ubuntu 22.04/24.04 or Debian 12) with root SSH access Your local SSH public key (~/.ssh/id_ed25519.pub or id_rsa.pub) An open SSH session: do not close root until the new user is tested Optional: snapshot from the HolyCloud customer area before major changes Tip: always keep a root session open during migration; an SSH key mistake can lock you out. Step 1: create the user Replace admin with your chosen name (lowercase, no spaces). adduser admin Answer the prompts (strong password recommended). On recent Debian/Ubuntu, the account is created with a home directory and primary group. Step 2: grant sudo rights usermod -aG sudo admin Check group membership: groups admin The sudo group (Ubuntu/Debian) or wheel (some other distros) allows privilege elevation. Step 3: configure SSH key authentication From your local machine, copy your public key (use the IP shown in the HolyCloud customer area): ssh-copy-id -i ~/.ssh/id_ed25519.pub admin@VOTRE_IP_VPS Or manually on the server (connected as root): mkdir -p /home/admin/.ssh chmod 700 /home/admin/.ssh nano /home/admin/.ssh/authorized_keys chmod 600 /home/admin/.ssh/authorized_keys chown -R admin:admin /home/admin/.ssh Paste one line per public key (ssh-ed25519 AAAA...). Step 4: test login and sudo Without closing the root session, open a new terminal: ssh admin@VOTRE_IP_VPS sudo whoami Output should be root. If sudo asks for a password, enter admin's password. Step 5: harden SSH (disable root — after testing) Once admin + SSH key work, edit SSH config: sudo nano /etc/ssh/sshd_config Set (or add): PermitRootLogin no PasswordAuthentication no PubkeyAuthentication yes Reload the service: sudo systemctl reload sshd Important: if you disable PasswordAuthentication without a valid key for admin, you will lose access. Test a second SSH session first. Verification id admin sudo -l -U admin grep -E '^(PermitRootLogin|PasswordAuthentication)' /etc/ssh/sshd_config admin is in the sudo group SSH as admin works with the key Direct root@IP login is refused after PermitRootLogin no Need help? Root password reset: VNC/KVM console or reinstall from the customer area IP or firewall: check rules in the HolyCloud panel and that port 22 (or your custom SSH port) is allowed Support: ticket from the customer area with VPS ID and logs (journalctl -u ssh -n 50) Continue reading Previous article Configure UFW Read Next article Encrypted backups with Borg Read
FR