sudo stands for either “superuser do” or “switch user do“, and sudo users can execute commands with root/administrative permissions, even malicious ones. Be careful who you grant sudo permissions to – you are quite literally handing them all access to your instance.
1. Creating a sudo user
a) ssh in to your server as the user with superuser privilege or as a root user
ssh -i key.pem [email protected]_ip_address
b) Create a new user
For this, we use adduser command. Don’t be confused with the useradd command here. useradd is a low level binary command compiled with the system, whereas adduser is a high level Perl script built on top of useradd.
You should always use adduser to create new user as it provides more user friendly and interactive procedure.
sudo adduser newuser
Then follow the instruction to finish the procedure
Adding user `newuser' ... Adding new group `newuser' (1005) ... Adding new user `newuser' (1004) with group `newuser' ... Creating home directory `/home/newuser' ... Copying files from `/etc/skel' ... Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for newuser Enter the new value, or press ENTER for the default Full Name : Rajesh Kumar Room Number : 12345 Work Phone : 0123456789929 Home Phone : 0000002222002 Other : Is the information correct? [Y/n] Ysudo
c) Add the user to the sudo group
usermod -aG sudo newuser
d) Test new user
su - newuser
Verify the superuser privileges by the sudo command
sudo ls -la /root
2. Add public key to allow remote SSH login for the new user
Generate ssh key pair in your local system for the newuser using “ssh-keygen -t rsa” in linux or using putty-gen in windows.
a. Switch to the new user account
su - newuser
b. Create .ssh folder in home directory
c. Create authorized_keys file inside the .ssh folder and add the public key
And paste your SSH public key here, save and close file.
d. Verify SSH remote login
Open another terminal on your machine and try to remote SSH login using new user.
ssh -i /path/to/your/ssh_private.key [email protected]_ip_address