By spython01
I just created my first Ubuntu droplet and supplied my public SSH key which is contained in ~/.ssh/id_rsa.pub
on my local machine at the time I was creating my droplet. I can SSH into my machine as root just fine via the command ssh root@remote_host
where remote_host
is my droplet’s IP address as given in the console. However, I would like to prohibit root logon to my droplet.
I created a new user by executing the commands adduser newusername
followed by gpasswd -a newusername sudo
to give the new user elevated privileges. I then manually copied over the contents of my public SSH key (from my local machine) following these instructions over to newusername
.
$ mkdir .ssh
$ chmod 700 .ssh
$ cd .ssh
$ vim authorized_keys
I then pasted in the public key and saved the file
$ chmod 600 authorized_keys
$ exit
# service ssh restart
When I tried to SSH in from my local machine using the command ssh newusername@remote_host
, I get the message Permission denied (publickey).
I even went back into the droplet and added the line AllowUsers newusername to the /etc/ssh/sshd_config
file but keep getting the same error.
UPDATE: I also tried running the following commands on my local machine, which is also running Ubuntu, but this did not work either:
$ eval `ssh-agent -s`
$ ssh-add ~/.ssh/id_rsa
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
I finally ended up solving this issue by following these directions from another thread.
I fixed the problem by putting my root public key to user’s .ssh/authorized_keys file. now I can login from my machine with root username to remote machine with myuser account.
issue this command by root
ssh -p ‘ssh port’ myuser@remoteip
The users home directory needs to be owned by the user in question, as does the .ssh
directory and the authorized_keys
file.
For example, a slightly different way of doing it that I use.
Create Directories and Files
mkdir -p /home/myuser/.ssh
touch /home/myuser/.ssh/authorized_keys
Add The New User
useradd -d /home/myuser myuser
Add User to sudo Group
usermod -aG sudo myuser
Set Proper Permissions
chown myuser:myuser /home/myuser/.ssh
chown myuser:myuser /home/myuser/.ssh/authorized_keys
chmod 700 /home/myuser/.ssh
chmod 600 /home/myuser/.ssh/authorized_keys
Setup SSH Keys for myuser
echo "ssh-rsa ...." >> /home/myuser/.ssh/authorized_keys
Setup a Password for myuser
passwd myuser
That way you can escalate using sudo ....
.
Login
ssh myuser@droplet_ip -i myuser
Where myuser
is the user we just created and setup, and -i myuser
tells SSH to use the key that I have locally on my MacBook.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Full documentation for every DigitalOcean product.
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.