Question

How to log in as non root user via SSH?

I just created my first Ubuntu droplet and supplied my public SSH key which is contained in ~/.ssh/id_rsa.pub on my local machine at the time I was creating my droplet. I can SSH into my machine as root just fine via the command ssh root@remote_host where remote_host is my droplet’s IP address as given in the console. However, I would like to prohibit root logon to my droplet.

I created a new user by executing the commands adduser newusername followed by gpasswd -a newusername sudo to give the new user elevated privileges. I then manually copied over the contents of my public SSH key (from my local machine) following these instructions over to newusername.

$ mkdir .ssh
$ chmod 700 .ssh
$ cd .ssh
$ vim authorized_keys

I then pasted in the public key and saved the file

$ chmod 600 authorized_keys
$ exit
# service ssh restart

When I tried to SSH in from my local machine using the command ssh newusername@remote_host, I get the message Permission denied (publickey). I even went back into the droplet and added the line AllowUsers newusername to the /etc/ssh/sshd_config file but keep getting the same error.

UPDATE: I also tried running the following commands on my local machine, which is also running Ubuntu, but this did not work either:

$ eval `ssh-agent -s`
$ ssh-add ~/.ssh/id_rsa
Show comments
Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

spython01June 1, 2017
Accepted Answer

I finally ended up solving this issue by following these directions from another thread.

SysNasriDecember 7, 2017

I fixed the problem by putting my root public key to user’s .ssh/authorized_keys file. now I can login from my machine with root username to remote machine with myuser account.

issue this command by root

ssh -p ‘ssh port’ myuser@remoteip

Jonathan TittleMay 26, 2017

@spython01

The users home directory needs to be owned by the user in question, as does the .ssh directory and the authorized_keys file.

For example, a slightly different way of doing it that I use.

Create Directories and Files

mkdir -p /home/myuser/.ssh

touch /home/myuser/.ssh/authorized_keys

Add The New User

useradd -d /home/myuser myuser

Add User to sudo Group

usermod -aG sudo myuser

Set Proper Permissions

chown myuser:myuser /home/myuser/.ssh

chown myuser:myuser /home/myuser/.ssh/authorized_keys

chmod 700 /home/myuser/.ssh

chmod 600 /home/myuser/.ssh/authorized_keys

Setup SSH Keys for myuser

echo "ssh-rsa ...." >> /home/myuser/.ssh/authorized_keys

Setup a Password for myuser

passwd myuser

That way you can escalate using sudo .....

Login

ssh myuser@droplet_ip -i myuser

Where myuser is the user we just created and setup, and -i myuser tells SSH to use the key that I have locally on my MacBook.

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

card icon
Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up
card icon
Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.

Learn more
card icon
Become a contributor

You get paid; we donate to tech nonprofits.

Learn more
Featured on Community
Kubernetes CourseLearn Python 3Machine Learning in PythonGetting started with GoIntro to Kubernetes
DigitalOcean Products
CloudwaysVirtual MachinesManaged DatabasesManaged KubernetesBlock StorageObject StorageMarketplaceVPCLoad Balancers
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine or ten thousand.

Learn more ->
DigitalOcean Cloud Control Panel
© 2023 DigitalOcean, LLC.Sitemap.