Introducing DigitalOcean Functions: A powerful, serverless compute solution

Related

kernal panic after upgrade to ubuntu 7.10
Question
which the best and easy to use between this servers in Linux environment: 1- Web server. 2- Mail Server. 3- FTP server ?
Question

Question

How to enable SSH access for non root users

Following the recommendations in online forums, I have configured my new Ubuntu server so that root can only be accessed via my private key.

My understanding is that I’m also supposed to create a different user account that will be used to handle root-like tasks via elevated privileges and sudo. I can create that account with appropriate privileges, but the server will not allow me to connect via SSH. The only way I can use the other account to access the server is via the Digital Ocean console. The console does not play well with my Mac’s external keyboard.

What do I need to do to enable SSH connections to other accounts? I have found instructions online which suggest changing PermitRootLogin from ‘no’ to ‘yes,’ but that seems to defeat the point of using an encrypted key to control root access. I cannot find instructions which explain how to allow password authentication for everyone EXCEPT the root user.

Subscribe
Share
Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSysAugust 11, 2019
Accepted Answer

Hi adelwhich,

You’ll need to create a user and add it to the sudoers group

You’ll start by creating a user called exampleuser using the adduser command while creating the user’s home directory

# useradd -m -d /home/exampleuser exampleuser

Once you’ve created the user, I’ll recommend setting a password. To do so execute:

# passwd exampleuser

Then use the usermod command to add the user to the sudo group

# usermod -aG sudo exampleuser

You can test if everything was done correctly by using the su command

# su -s /bin/bash username

You can also try and open a file somewhere. Maybe you can try and open a file in /etc just to see if you have permission to edit it.

$ sudo vi /etc/timezone

If you don’t see permission denied you are good to go.

There is something I like to point out. If you add your users to the sudoers group, they’ll have the power of a root user.

Now to allow SSH access to a certain user

Update on 10.07.2021 Initially, this answer contained information how to enable a user or a group to SSH however this has been outdated.

As such, I’ve updated the answer to providing information on how to configure your SSH keys on the user.

Now that you have the user-created, SSH to your Droplet using the root user and switch to the newly created one:

# su -s /bin/bash username

Once inside, go to your home folder with the cd command

$ cd

If you followed the whole answer this will bring you in the /home/exampleuser directory.

Now, you need to create the folder .ssh and an authorized_keys file, you can do it like that:

$ mkdir /home/exampleuser/.ssh                                                                                $ touch /home/exampleuser/.ssh/authorized_keys                                                                $ chmod 600 /home/exampleuser/.ssh/authorized_keys

All that is left to do is copy your SSH key in the authorized_keys file and you are good to go.

Kind regards, KFSys

DigitalJimApril 23, 2020

@KDSys

I just followed your advice, and now I can’t login with my created user nor root… Wtf!? 😢

DigitalJimApril 23, 2020

@KDSys

I just followed your advice, and now I can’t login with my created user nor root… Wtf!? 😢

sebastiengransMarch 20, 2021

Also there is something to do at: /etc/passwd specify the user space for logged user and shell.

cccc ddfggNovember 28, 2020

Assuming that you created a normal user named “pandora”

(root) mkdir /home/pandora/.ssh (root) nano /home/pandora/.ssh/authorized_keys (copy original public key) (root) chown -R pandora:pandora /home/pandora/.ssh (root) chmod 600 /home/pandora/.ssh/authorized_keys

(root) nano /etc/sudoers (check if the wheel group has permit to use sudo) (root) usermod -aG wheel pandora (adding pandora to group wheel for sudo access)

Now connect to your server with user pandora using your public key without disconnect root user. If everything is okay, follow this commands:

(root) nano /etc/ssh/sshd_config

Find the line “PermitRootLogin yes” and replace with “PermitRootLogin no”

Save and restart ssh deamon.

(root) systemctl restart sshd

You will now be able to connect to your server via ssh with normal user.

398724891September 17, 2020

Assuming that you’ve added a non-root user named ‘test’ on remote server and you can ssh to it as root user, here are the steps to enable ssh as ‘test’:

(root) cp /root/.ssh/authorized_keys /home/test/.ssh/authorized_keys
(root) chown test/home/test/.ssh/authorized_keys
(root) su test
(test) chmod 600 /home/test/.ssh/authorized_keys
Aaron DelwicheAugust 12, 2019

Thanks, KFSys!

Aaron DelwicheAugust 11, 2019

I did go ahead and change PasswordAuthentication to yes, but I’m concerned that this might be the wrong way to do it.

Join the DigitalOcean CommunityCommunity

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner

Related

kernal panic after upgrade to ubuntu 7.10
Question
which the best and easy to use between this servers in Linux environment: 1- Web server. 2- Mail Server. 3- FTP server ?
Question
Join the DigitalOcean CommunityCommunity

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner