DigitalOcean What is the procedure the expert will do right after creating new droplet?

Centmin Mod installs CSF Firewall CSF Firewall - CentminMod.com LEMP Nginx web stack for CentOS also see step 4 & 5 of Getting Started Guide.

There's a difference between disabling direct root user login and disabling root user itself. The correct suggestion usually is to disable direct root user login which still allows the root user to exist just they can't directly login and instead need a sudo user to login and then elevate privileges and switch to root user once logged in as sudo user. Centmin Mod was created for root user essentially so it's required to have root user run centmin.sh menu options. But ssh key authentication is supported and works fine with Centmin Mod. Just read below info first.

The ssh keys instead of password login is another suggestion but most guides only tell you how to use and create ssh key login. None really tell you if you loose your ssh key's private key you won't be able to log in and are at the mercy of each web hosts recovery and/or out of band console access to your server. If web host doesn't have such, then you won't be able to access your server and web host won't be able to access or help you access it. So be 100% sure you know how to recover and re-access your server via SSH if you loose your ssh keys.

Before you look into ssh key only (+disable password authentication), make sure your web host is setup with features that allow you to regain access to your server if you ever loose your ssh key's private key and that you know how to use those features to regain access.

If you don't know how to use those features, setup a test instance/VPS with that web host and test it out. If you're with web host with hourly billed VPSes like Linode, DigitalOcean, and Vultr then it is relatively cheap to test out for a few hours on a test VPS.

Here's a example text you can use to ask your web host to be sure

There's numerous how to use ssh key login guides online, but not many go beyond that to explain what to do if you loose your ssh private key and are unable to use password logins. And that can come down to your web host and what measures they have in place i.e. out of band console access etc and recovery ISO/cds available.

And some relevant guides with different web hosts about setting up SSH key authentication and also about recovery as well general need to know info.

DigitalOcean

Has out of band console access

• How To Use SSH Keys with DigitalOcean Droplets | DigitalOcean
• How To Recover from File System Corruption Using Fsck and a Recovery ISO | DigitalOcean. Just the part about using Console but not the Fsck and file system recovery steps Don't need to do that just to get ssh access when you loose normal ssh access to your server i.e. loose ssh private key for ssh public key authentication.

Linode

Has out of band console access called Lish

• Use Public Key Authentication with SSH
• Using the Linode Shell (Lish)

Vultr

Has out of band console access

• How Do I Generate SSH Keys? - Vultr.com
• Access Single User Mode (Reset Root Password) - Vultr.com
• Using Finnix Rescue CD to Rescue, Repair, or Backup Your Linux System - Vultr.com

OVH

• Installation of OVH SSH key — OVH Documentation 0.0.1 documentation
• SSH key for Public Cloud — OVH Documentation 0.0.1 documentation
• Creating SSH keys- OVH
• Replacing your lost SSH key pair - OVH
• Become root and select a password - OVH

RamNode

• How do I add an SSH key to my VPS? - Knowledgebase - RamNode

Others

• Finnix Recovery CD - Mammoth Cloud

 

Centmin Mod 123.09beta01 and higher have a tools/addsudousers.sh script created to properly setup sudo users for elevation to root user. You can add a new sudo user i.e. george via below commands

Code (Text):

cd /usr/local/src/centminmod/tools
./addsudousers.sh george

every step outlined in Getting Started Guide as per official install guide.