By default, a fresh Ubuntu installation allowes a root user to connect by password. That’s a big security risk because of two points - working with root users and working with passwords. Way better is to work with
sudo and to disable password authentication for SSH - and use certificates instead.
This tutorials guides you through the required steps to do so.
Start with adding a user:
Add user to sudo group:
usermod -a -G sudo my_user
If you want to authenticate using ssh keys, run this command from your client (where the ssh key is stored) – replace my_user and my_server.example.com:
Now we have to disable SSH login for the user root. Edit /etc/ssh/sshd_config:
PermitRootLogin no PasswordAuthentication no
Now, restart SSH:
sudo service ssh restart
End the current ssh connection by typing
exit and reconnect as the newly created user.