Question

Do you recommend to create a new user and not allow root user access for security reason?

Posted April 4, 2021 66 views
Ubuntu 20.04

For security reasons, I read that I should create a new user and disallow root access by ssh.

Is it a good idea?
Please let me know your opinion.
If it is a good idea please let me know a link to how to do it with Ubuntu 20.04.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hi there,

Yes, I would strongly recommend that. It is a good security practice.

Here is a step by step guide that you could follow to do your initial server setup:

https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-20-04

If you prefer video tutorials, you could take a look at this tutorial here:

Regards,
Bobby

by Brian Boucheron
When you first create a new Ubuntu 20.04 server, you should perform some important configuration steps as part of the basic setup. These steps will increase the security and usability of your server, and will give you a solid foundation for subsequent actions.
  • Thank you for your reply.
    I have created a new user and disabled root access.
    I can access using SSH with a new user.
    I set up ufw for port 443, 80, 22, 25, 3306 and 110.

    shin@my-droplet-name:~$ sudo ufw status
    Status: active
    
    To                         Action      From
    --                         ------      ----
    443/tcp                    ALLOW       Anywhere
    80/tcp                     ALLOW       Anywhere
    22/tcp                     ALLOW       xxx.xx.xx.xxx
    22/tcp                     ALLOW       xxx.xxx.xx.xxx
    25/tcp                     ALLOW       Anywhere
    110/tcp                    ALLOW       Anywhere
    3306/tcp                   ALLOW       Anywhere
    443/tcp (v6)               ALLOW       Anywhere (v6)
    80/tcp (v6)                ALLOW       Anywhere (v6)
    25/tcp (v6)                ALLOW       Anywhere (v6)
    110/tcp (v6)               ALLOW       Anywhere (v6)
    3306/tcp (v6)              ALLOW       Anywhere (v6)
    

    When I access MySQL, I have to use sudo mysql after logged in to the server using SSH.

    $ mysql -V
    mysql  Ver 8.0.23-0ubuntu0.20.04.1 for Linux on x86_64 ((Ubuntu))
    

    However, I am not able to access MySQL using Sequel Pro.

    I get the following error.

    Unable to connect to host xxx.xxx.xx.xxx, or the request
     timed out.
    Be sure that the address is correct and that you have
     the necessary privileges, or try increasing the 
    connection timeout (currently 10 seconds).
    MySQL said: Can't connect to MySQL server on 'xxx.xxx.xx.xxx' (61)
    

    I used

    Host: xxx.xxx.xx.xxx (my droplet IP address)
    Username: my-db-username
    Password: my-db-password
    Port: 3306

    I tried SSH as well but I can’t log in either.

    What am I doing wrong?

    • Hello,

      In order to be able to login to MySQL remotely, you would need to follow the steps from this tutorial here:

      https://www.digitalocean.com/community/tutorials/how-to-allow-remote-access-to-mysql

      However, opening the connections to MySQL for the world is not recommended for security reasons.

      Instead, I would recommend using SSH tunnel via your Sequel Pro client. That way you would not have to open port 3306 but Sequel Pro would first open an SSH tunnel which would allow it to connect to MySQL. What is the error that you get when you try to use SSH tunel?

      Regards,
      Bobby

      by Mark Drake
      Many websites and applications start off with their web server and database backend hosted on the same machine. With time, though, a setup like this can become cumbersome and difficult to scale. A common solution is to separate these functions by setting up a remote database, allowing the server...
      • Thank you for your help.

        I used the following:

        mysql> ALTER USER sendyadmin IDENTIFIED WITH mysql_native_password BY 'mypassword'
        

        And disabled port 3306:

        # sudo ufw delete allow to any port 3306 proto tcp
        

        And I CAN use the Sequel pro to connect to the DB.
        Yay!

        For someone who come to this thread, I used the followings for the Sequel Pro.

        SSH connection.

        MYSQL Host: My Droplet IP address
        Username: my db username
        Password: my db password
        Database: database name
        Port: 
        SSH Host: My Droplet IP address
        SSH User: my new user name (not root)
        SSH Key: ~/.ssh/id_rsa_pub
        

        Thanks again for your help.