Use a personal admin user for day-to-day access instead of logging in as root. This gives you a safer default workflow while still allowing administrative commands through sudo.
Replace stackuser in the examples below with your preferred username.
Alternatively, you can also copy the key from your local machine to the VPS:
ssh-copy-id stackuser@your_vps_ip
Note that this will not work if you have disabled password-based authentication.
Optional - Edit your SSH Configuration
If you previously created an SSH config shortcut for your root account, you can update it to use the new user by editing ~/.ssh/config:
Host my-vps
HostName your_vps_ip
User stackuser
IdentityFile ~/.ssh/id_ed25519
AddKeysToAgent yes
3. Test the New Login
Keep your current session open, then open a new terminal and confirm the new user can log in:
ssh stackuser@your_server_ip
Once connected as the new user, confirm sudo works:
sudowhoami
The command should print root.
4. Next Steps
After you have confirmed the new user can log in and run sudo, continue with Initial server hardening to lock down SSH, configure a firewall, and set up fail2ban.
Adding a Non-Root User
Use a personal admin user for day-to-day access instead of logging in as
root. This gives you a safer default workflow while still allowing administrative commands throughsudo.Replace
stackuserin the examples below with your preferred username.1. Create the User
Fedora
Debian / Ubuntu
2. Add your SSH Key
If your root account already has the correct public key in
authorized_keys, copy it to the new user:If you want to add a different key, create the file and paste your public key instead:
Alternatively, you can also copy the key from your local machine to the VPS:
Note that this will not work if you have disabled password-based authentication.
Optional - Edit your SSH Configuration
If you previously created an SSH config shortcut for your root account, you can update it to use the new user by editing
~/.ssh/config:3. Test the New Login
Keep your current session open, then open a new terminal and confirm the new user can log in:
Once connected as the new user, confirm
sudoworks:The command should print
root.4. Next Steps
After you have confirmed the new user can log in and run
sudo, continue with Initial server hardening to lock down SSH, configure a firewall, and set up fail2ban.