I'm on a fresh VPS with Ubuntu Server 12.04. I wanted to ask you the good practices to apply to enhance security over a stock Ubuntu-server.

This is what I did up to now: I added Google Authenticator to SSH, then I created a new user (whom I'll use instead of 'root' for SSH & SFTP access) which I added to my /etc/sudoers list below 'root', so now it's:

 # User privilege specification
 root     ALL=(ALL:ALL) ALL
 new_user ALL=(ALL:ALL) ALL

Then I edited sshd_config and set PermitRootLogin to 'no'. Then restarted the ssh service.

Is this ok? There are a few things I'd like to ask you though:

1) What's the sense of adding a new (sudoer) user whilst the root user still exist (ok it can't access with root privilege but it's still there..)? 2) System files are owned by 'root'.. I want to use my new_user to access via SFTP but with it I can't edit those files!! Should I mass-CHMOD 'em so that new_user has write perms too? What's the good practice on this?

Thanks in advance, I hope you'll tell me if I did something wrong and/or other ways to secure the system. :)