Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
When will droplets based on ubuntu 20.04 LTS be available? Question Question
How do I rename root? Question Question

Question

Do you recommend to create a new user and not allow root user access for security reason?

Posted April 4, 2021 608 views
Ubuntu 20.04

For security reasons, I read that I should create a new user and disallow root access by ssh.

Is it a good idea?
Please let me know your opinion.
If it is a good idea please let me know a link to how to do it with Ubuntu 20.04.

Add a comment
okadashinichi2819
By:
okadashinichi2819

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
When will droplets based on ubuntu 20.04 LTS be available? Question Question
How do I rename root? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
bobbyiliev April 4, 2021

Hi there,

Yes, I would strongly recommend that. It is a good security practice.

Here is a step by step guide that you could follow to do your initial server setup:

https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-20-04

If you prefer video tutorials, you could take a look at this tutorial here:

Regards,
Bobby

Initial Server Setup with Ubuntu 20.04
by Brian Boucheron
When you first create a new Ubuntu 20.04 server, you should perform some important configuration steps as part of the basic setup. These steps will increase the security and usability of your server, and will give you a solid foundation for subsequent actions. In this tutorial you will create a user, give them sudo access, and set up a firewall.
Reply Report
  • okadashinichi2819 April 12, 2021

    Thank you for your reply.
    I have created a new user and disabled root access.
    I can access using SSH with a new user.
    I set up ufw for port 443, 80, 22, 25, 3306 and 110.

    shin@my-droplet-name:~$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
443/tcp                    ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
22/tcp                     ALLOW       xxx.xx.xx.xxx
22/tcp                     ALLOW       xxx.xxx.xx.xxx
25/tcp                     ALLOW       Anywhere
110/tcp                    ALLOW       Anywhere
3306/tcp                   ALLOW       Anywhere
443/tcp (v6)               ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
25/tcp (v6)                ALLOW       Anywhere (v6)
110/tcp (v6)               ALLOW       Anywhere (v6)
3306/tcp (v6)              ALLOW       Anywhere (v6)

    When I access MySQL, I have to use sudo mysql after logged in to the server using SSH.

    $ mysql -V
mysql  Ver 8.0.23-0ubuntu0.20.04.1 for Linux on x86_64 ((Ubuntu))

    However, I am not able to access MySQL using Sequel Pro.

    I get the following error.

    Unable to connect to host xxx.xxx.xx.xxx, or the request
 timed out.
Be sure that the address is correct and that you have
 the necessary privileges, or try increasing the 
connection timeout (currently 10 seconds).
MySQL said: Can't connect to MySQL server on 'xxx.xxx.xx.xxx' (61)

    I used

    Host: xxx.xxx.xx.xxx (my droplet IP address)
    Username: my-db-username
    Password: my-db-password
    Port: 3306

    I tried SSH as well but I can’t log in either.

    What am I doing wrong?

    Reply Report
    • bobbyiliev April 12, 2021

      Hello,

      In order to be able to login to MySQL remotely, you would need to follow the steps from this tutorial here:

      https://www.digitalocean.com/community/tutorials/how-to-allow-remote-access-to-mysql

      However, opening the connections to MySQL for the world is not recommended for security reasons.

      Instead, I would recommend using SSH tunnel via your Sequel Pro client. That way you would not have to open port 3306 but Sequel Pro would first open an SSH tunnel which would allow it to connect to MySQL. What is the error that you get when you try to use SSH tunel?

      Regards,
      Bobby

      How To Allow Remote Access to MySQL
      by Mark Drake
      Many websites and applications start off with their web server and database backend hosted on the same machine. With time, though, a setup like this can become cumbersome and difficult to scale. A common solution is to separate these functions by setting up a remote database, allowing the server...
      Reply Report
      • okadashinichi2819 April 12, 2021

        Thank you for your help.

        I used the following:

        mysql> ALTER USER sendyadmin IDENTIFIED WITH mysql_native_password BY 'mypassword'

        And disabled port 3306:

        # sudo ufw delete allow to any port 3306 proto tcp

        And I CAN use the Sequel pro to connect to the DB.
        Yay!

        For someone who come to this thread, I used the followings for the Sequel Pro.

        SSH connection.

        MYSQL Host: My Droplet IP address
Username: my db username
Password: my db password
Database: database name
Port: 
SSH Host: My Droplet IP address
SSH User: my new user name (not root)
SSH Key: ~/.ssh/id_rsa_pub

        Thanks again for your help.

        Reply Report

Related

Looking for something else?

Ask a new question Search for more help