hetzner-add-peyton-user-guide.md

Shared by @futuretrees

Updated May 22, 2026

Add Peyton as a Sudo User on a Hetzner Debian Server

Exact copy/paste block

Have the client run this exact block on the Debian server.

Temporary password already filled in below. Change it immediately after first login.

sudo adduser --disabled-password --gecos "" peyton
sudo usermod -aG sudo peyton
sudo install -d -m 700 -o peyton -g peyton /home/peyton/.ssh
sudo tee /home/peyton/.ssh/authorized_keys >/dev/null <<'EOF'
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPYZJllfLZ4wsb7boMu2HQvedMcfqv4Uj0mEA5Nd7LEU [email protected]
EOF
sudo chown peyton:peyton /home/peyton/.ssh/authorized_keys
sudo chmod 600 /home/peyton/.ssh/authorized_keys
echo 'peyton:PeytonTemp!9472-Kite' | sudo chpasswd
id peyton

Then Peyton logs in

ssh peyton@YOUR_SERVER_IP

Then Peyton changes the temporary password

After logging in:

passwd

Then verify sudo works

sudo whoami

Expected output:

root

Important note about --disabled-password

--disabled-password means the account is created without a usable password, but SSH key login still works.

So:

  • Yes, you can create the account first with password login disabled
  • But no, you are not fully done if you want normal Debian sudo behavior immediately
  • On Debian, sudo usually expects the user's password
  • So the cleanest client flow is: create the user, install the SSH key, set a temporary password, then Peyton changes it after first login

If you truly want to leave the account with no password for now, the client can stop before the chpasswd line — but then someone with existing root/sudo access should set Peyton's password later with:

sudo passwd peyton

What this block does

  • creates Linux user peyton
  • adds peyton to the Debian sudo group
  • creates /home/peyton/.ssh
  • installs Peyton's SSH public key
  • sets correct SSH permissions
  • sets a temporary password for Debian sudo usage

Peyton's SSH public key

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPYZJllfLZ4wsb7boMu2HQvedMcfqv4Uj0mEA5Nd7LEU [email protected]

Optional verification

ls -ld /home/peyton/.ssh
ls -l /home/peyton/.ssh/authorized_keys
sudo cat /home/peyton/.ssh/authorized_keys
id peyton

Summary

For dead-simple setup: have the client run the block at the top, let Peyton SSH in with the key, then run passwd to change the temporary password and sudo whoami to confirm sudo access.