Do you recommend to create a new user and not allow root user access for security reason?

Question

For security reasons, I read that I should create a new user and disallow root access by ssh.

Is it a good idea?
Please let me know your opinion.
If it is a good idea please let me know a link to how to do it with Ubuntu 20.04.

Answer 1

bobbyiliev April 4, 2021

Hi there,

Yes, I would strongly recommend that. It is a good security practice.

Here is a step by step guide that you could follow to do your initial server setup:

https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-20-04

If you prefer video tutorials, you could take a look at this tutorial here:

Regards,
Bobby

Initial Server Setup with Ubuntu 20.04

by Brian Boucheron

When you first create a new Ubuntu 20.04 server, you should perform some important configuration steps as part of the basic setup. These steps will increase the security and usability of your server, and will give you a solid foundation for subsequent actions.

Reply Report

okadashinichi2819 April 12, 2021
Thank you for your reply.
I have created a new user and disabled root access.
I can access using SSH with a new user.
I set up ufw for port 443, 80, 22, 25, 3306 and 110.

shin@my-droplet-name:~$ sudo ufw status Status: active To Action From -- ------ ---- 443/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 22/tcp ALLOW xxx.xx.xx.xxx 22/tcp ALLOW xxx.xxx.xx.xxx 25/tcp ALLOW Anywhere 110/tcp ALLOW Anywhere 3306/tcp ALLOW Anywhere 443/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 25/tcp (v6) ALLOW Anywhere (v6) 110/tcp (v6) ALLOW Anywhere (v6) 3306/tcp (v6) ALLOW Anywhere (v6)

When I access MySQL, I have to use sudo mysql after logged in to the server using SSH.

$ mysql -V mysql Ver 8.0.23-0ubuntu0.20.04.1 for Linux on x86_64 ((Ubuntu))

However, I am not able to access MySQL using Sequel Pro.

I get the following error.

Unable to connect to host xxx.xxx.xx.xxx, or the request timed out. Be sure that the address is correct and that you have the necessary privileges, or try increasing the connection timeout (currently 10 seconds). MySQL said: Can't connect to MySQL server on 'xxx.xxx.xx.xxx' (61)

I used

Host: xxx.xxx.xx.xxx (my droplet IP address)
Username: my-db-username
Password: my-db-password
Port: 3306

I tried SSH as well but I can’t log in either.

What am I doing wrong?
Reply Report
- bobbyiliev April 12, 2021
  
  Hello,
  
  In order to be able to login to MySQL remotely, you would need to follow the steps from this tutorial here:
  
  https://www.digitalocean.com/community/tutorials/how-to-allow-remote-access-to-mysql
  
  However, opening the connections to MySQL for the world is not recommended for security reasons.
  
  Instead, I would recommend using SSH tunnel via your Sequel Pro client. That way you would not have to open port 3306 but Sequel Pro would first open an SSH tunnel which would allow it to connect to MySQL. What is the error that you get when you try to use SSH tunel?
  
  Regards,
  Bobby
  
  How To Allow Remote Access to MySQL
  by Mark Drake
  Many websites and applications start off with their web server and database backend hosted on the same machine. With time, though, a setup like this can become cumbersome and difficult to scale. A common solution is to separate these functions by setting up a remote database, allowing the server...
  
  Reply Report
  
  okadashinichi2819 April 12, 2021
  
  Thank you for your help.
  
  I used the following:
  
  mysql> ALTER USER sendyadmin IDENTIFIED WITH mysql_native_password BY 'mypassword'
  
  And disabled port 3306:
  
  # sudo ufw delete allow to any port 3306 proto tcp
  
  And I CAN use the Sequel pro to connect to the DB.
  Yay!
  
  For someone who come to this thread, I used the followings for the Sequel Pro.
  
  SSH connection.
  
  MYSQL Host: My Droplet IP address Username: my db username Password: my db password Database: database name Port: SSH Host: My Droplet IP address SSH User: my new user name (not root) SSH Key: ~/.ssh/id_rsa_pub
  
  Thanks again for your help.
  
  Reply Report
  
  bobbyiliev 2 days ago
  
  Hi there,
  
  No problem at all. Happy to hear that you’ve got it all working!
  
  Regards,
  Bobby
  
  Reply Report

Answer 2

okadashinichi2819 April 12, 2021
Thank you for your reply.
I have created a new user and disabled root access.
I can access using SSH with a new user.
I set up ufw for port 443, 80, 22, 25, 3306 and 110.

shin@my-droplet-name:~$ sudo ufw status Status: active To Action From -- ------ ---- 443/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 22/tcp ALLOW xxx.xx.xx.xxx 22/tcp ALLOW xxx.xxx.xx.xxx 25/tcp ALLOW Anywhere 110/tcp ALLOW Anywhere 3306/tcp ALLOW Anywhere 443/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) ALLOW Anywhere (v6) 25/tcp (v6) ALLOW Anywhere (v6) 110/tcp (v6) ALLOW Anywhere (v6) 3306/tcp (v6) ALLOW Anywhere (v6)

When I access MySQL, I have to use sudo mysql after logged in to the server using SSH.

$ mysql -V mysql Ver 8.0.23-0ubuntu0.20.04.1 for Linux on x86_64 ((Ubuntu))

However, I am not able to access MySQL using Sequel Pro.

I get the following error.

Unable to connect to host xxx.xxx.xx.xxx, or the request timed out. Be sure that the address is correct and that you have the necessary privileges, or try increasing the connection timeout (currently 10 seconds). MySQL said: Can't connect to MySQL server on 'xxx.xxx.xx.xxx' (61)

I used

Host: xxx.xxx.xx.xxx (my droplet IP address)
Username: my-db-username
Password: my-db-password
Port: 3306

I tried SSH as well but I can’t log in either.

What am I doing wrong?
Reply Report
- bobbyiliev April 12, 2021
  
  Hello,
  
  In order to be able to login to MySQL remotely, you would need to follow the steps from this tutorial here:
  
  https://www.digitalocean.com/community/tutorials/how-to-allow-remote-access-to-mysql
  
  However, opening the connections to MySQL for the world is not recommended for security reasons.
  
  Instead, I would recommend using SSH tunnel via your Sequel Pro client. That way you would not have to open port 3306 but Sequel Pro would first open an SSH tunnel which would allow it to connect to MySQL. What is the error that you get when you try to use SSH tunel?
  
  Regards,
  Bobby
  
  How To Allow Remote Access to MySQL
  by Mark Drake
  Many websites and applications start off with their web server and database backend hosted on the same machine. With time, though, a setup like this can become cumbersome and difficult to scale. A common solution is to separate these functions by setting up a remote database, allowing the server...
  
  Reply Report
  
  okadashinichi2819 April 12, 2021
  
  Thank you for your help.
  
  I used the following:
  
  mysql> ALTER USER sendyadmin IDENTIFIED WITH mysql_native_password BY 'mypassword'
  
  And disabled port 3306:
  
  # sudo ufw delete allow to any port 3306 proto tcp
  
  And I CAN use the Sequel pro to connect to the DB.
  Yay!
  
  For someone who come to this thread, I used the followings for the Sequel Pro.
  
  SSH connection.
  
  MYSQL Host: My Droplet IP address Username: my db username Password: my db password Database: database name Port: SSH Host: My Droplet IP address SSH User: my new user name (not root) SSH Key: ~/.ssh/id_rsa_pub
  
  Thanks again for your help.
  
  Reply Report
  
  bobbyiliev 2 days ago
  
  Hi there,
  
  No problem at all. Happy to hear that you’ve got it all working!
  
  Regards,
  Bobby
  
  Reply Report

Related

Question

Do you recommend to create a new user and not allow root user access for security reason?

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Do you recommend to create a new user and not allow root user access for security reason?

Related

Leave a comment

Related

question

When will droplets based on ubuntu 20.04 LTS be available?

question

How do I rename root?

question

Trouble with Installing Anaconda on Ubuntu.

question

Will DigitalOcean automatically create a PTR record?

Looking for something else?