How to add SSH users to your VPS [2021]

 VPS Hosting

Your VPS hosting is capable of having many users on it through SSH, not just through the VPS panel. By default, your VPS only has one user for accessing your system and that is the root user. The root user has full control of the server, and that can be very insecure. The best thing you can do to protect your VPS and everything on your best VPS Hosting is to create multiple non-root users to only be allowed to manage certain parts of your VPS.

A SSH user is just a user account on Linux, The user account can work with any application that uses PAM. Here are a few examples of what a user can do on your VPS depending on what you have configured.
* Log in and run non-administrative programs on the VPS
* View information about the VPS, and configure non-admin user related settings
* Have access to admin privileges if added to the sudo group
* Send and Receive email if a basic email server is configured
* SOCKS5 Proxy over SSH
* Access web control panels like Cockpit and/or Webmin
* Access any other application on the server that uses PAM for user management

Adding the User

To create a user, you could either run the adduser command on Ubuntu based systems for quick and easy user creation or the useradd command which will work on most other distributions. Then run the passwd user command and enter their password and then again to confirm. Even though it does not show up it is there. The passwd command is also used to change passwords. They can now SSH into your server.

running the useradd and passwd commands on the VPS running on ElixirNode's VPS hosting.

Setting Up Their Home Directory

The following commands will setup a user’s home directory
mkdir /home/username This creates the home folder
usermod -d /home/username username This sets the home directory for the user (replace username with your chosen username). This is the default home directory scheme for all users on most distributions so you may see the no change message.
chown -R username:group /home/username/ This command changes the ownership of the directory to a user and group. In this case set the directory to be owned by the user who we set the home directory for. The group can be the same as the username if you do not need multiple user groups accessing the files

Creating a home directory for the new SSH user using the commands mentioned above

Group Management

In order to create a group run sudo groupadd -g id name For example I ran sudo groupadd -g 2018 elixirnode Now that the group is created we can use the usermod command to add users to that group. i.e usermod -aG groupname username so for me it would be usermod -aG elixirnode sshGuide -a is for append and the -G is to add as a subgroup. If you want this to be the user’s primary group use the -g switch in the usermod command. You can also substitute the username and groupname with their respective IDs. In order to remove a user from a group, you need to overwrite it with the usermod -G command. Please note this will erase ALL of the subgroups the user is in so you will have to add the user back to the group(s) manually.

Creating a new group and adding the user created in the beginning of the article to the new group.

Securing SSH

Some things you can do to protect your server is to disable password logins and use a key-pair based login at least for the users that have sudo access. Another program you can install is fail2ban which is a program that automatically sets temporary bans or permanently bans on IPs that get the password wrong more than 3 times per 10 minutes (or to whatever you set it). There are many different guides online on how to do this but I suggest you follow the guide that is for your SSH client.

If you have any questions or need any further help, contact us!

Was this article helpful?

Sign up to be alerted of new articles!

We will let you know of any new articles that we publish so that you may benefit from the many upcoming tutorials we have planned for you.