I am thinking of disabling the root user for my digital ocean 1-click app. However, iff a user uses a password for ssh, my user does not get that password and they can only ssh through the user I create in my image and with the password I set for the user during cloud-init, which is the Droplet ID. I feel removing root login is best practice, however, Digital Ocean orients a lot of actions towards the root user… Are there best practices from Digital Ocean in this regard? Or is documenting this discrepency suffient and users will be happy I did not allow root logins?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
I left the root user. My application uses it’s own user. Digital Ocean users can use all the functionality around the root user and not interrupt my user and the application.
Hi @zaxary,
Making the root user only accessible with SSH keys should be enough in this case. Another thing which you might want to try is, if not already, deny all incoming traffic to your SSH port unless allowed for a certain IP address. That way you’ll make sure nobody can SSH to your server unless you’ve allowed their IP address.
Regards, KFSys