Secure User Management and SSH Configuration

1 min read Web Security Fundamentals

Secure User Management and SSH Configuration

Create a dedicated user for web server operations and avoid running services as root. Implement strong password policies and use SSH key authentication instead of passwords:

# Create a dedicated user
sudo adduser webadmin
sudo usermod -aG sudo webadmin

# Generate SSH key pair on your local machine
ssh-keygen -t ed25519 -C "webadmin@server"

# Copy public key to server
ssh-copy-id webadmin@server_ip

Harden SSH configuration by editing /etc/ssh/sshd_config:

Port 22  # Consider changing to non-standard port
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3
MaxSessions 2
ClientAliveInterval 300
ClientAliveCountMax 2
AllowUsers webadmin
Protocol 2
X11Forwarding no
PermitEmptyPasswords no

Restart SSH service: sudo systemctl restart sshd