root user best practice.

I am thinking of disabling the root user for my digital ocean 1-click app. However, iff a user uses a password for ssh, my user does not get that password and they can only ssh through the user I create in my image and with the password I set for the user during cloud-init, which is the Droplet ID. I feel removing root login is best practice, however, Digital Ocean orients a lot of actions towards the root user… Are there best practices from Digital Ocean in this regard? Or is documenting this discrepency suffient and users will be happy I did not allow root logins?

Submit an answer
Answer a question...

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

I left the root user. My application uses it’s own user. Digital Ocean users can use all the functionality around the root user and not interrupt my user and the application.

Site Moderator
Site Moderator badge
August 18, 2020

Hi @zaxary,

Making the root user only accessible with SSH keys should be enough in this case. Another thing which you might want to try is, if not already, deny all incoming traffic to your SSH port unless allowed for a certain IP address. That way you’ll make sure nobody can SSH to your server unless you’ve allowed their IP address.

Regards, KFSys

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.