Menu
spython01
By:
spython01

How to log in as non root user via SSH?

May 26, 2017 835 views
Getting Started Ubuntu

I just created my first Ubuntu droplet and supplied my public SSH key which is contained in ~/.ssh/id_rsa.pub on my local machine at the time I was creating my droplet. I can SSH into my machine as root just fine via the command ssh root@remote_host where remote_host is my droplet's IP address as given in the console. However, I would like to prohibit root logon to my droplet.

I created a new user by executing the commands adduser newusername followed by gpasswd -a newusername sudo to give the new user elevated privileges. I then manually copied over the contents of my public SSH key (from my local machine) following these instructions over to newusername.

$ mkdir .ssh
$ chmod 700 .ssh
$ cd .ssh
$ vim authorized_keys

I then pasted in the public key and saved the file

$ chmod 600 authorized_keys
$ exit
# service ssh restart

When I tried to SSH in from my local machine using the command ssh newusername@remote_host, I get the message Permission denied (publickey). I even went back into the droplet and added the line AllowUsers newusername to the /etc/ssh/sshd_config file but keep getting the same error.

UPDATE: I also tried running the following commands on my local machine, which is also running Ubuntu, but this did not work either:

$ eval `ssh-agent -s`
$ ssh-add ~/.ssh/id_rsa
1 comment
Log In to Comment
2 Answers
spython01 June 1, 2017
Accepted Answer

I finally ended up solving this issue by following these directions from another thread.

Reply
jtittle1 May 26, 2017

@spython01

The users home directory needs to be owned by the user in question, as does the .ssh directory and the authorized_keys file.

For example, a slightly different way of doing it that I use.

Create Directories and Files

mkdir -p /home/myuser/.ssh

touch /home/myuser/.ssh/authorized_keys

Add The New User

useradd -d /home/myuser myuser

Add User to sudo Group

usermod -aG sudo myuser

Set Proper Permissions

chown myuser:myuser /home/myuser/.ssh

chown myuser:myuser /home/myuser/.ssh/authorized_keys

chmod 700 /home/myuser/.ssh

chmod 600 /home/myuser/.ssh/authorized_keys

Setup SSH Keys for myuser

echo "ssh-rsa ...." >> /home/myuser/.ssh/authorized_keys

Setup a Password for myuser

passwd myuser

That way you can escalate using sudo .....

Login

ssh myuser@droplet_ip -i myuser

Where myuser is the user we just created and setup, and -i myuser tells SSH to use the key that I have locally on my MacBook.

Reply
  • spython01 May 26, 2017

    Thanks for response. I tried what you suggested but am still stuck. I was a bit confused as to which username myuser refers to in the last command so I tried both ssh remoteuser@droplet_ip -i remoteuser as well as ssh remoteuser@droplet_ip -i localuser but in both instances, I got the following error message:

    Warning: Identity file username not accessible: No such file or directory.
Permission denied (publickey).

    where username is the name used after the -i switch.

    • jtittle1 May 26, 2017

      @spython01

      In my example, myuser is just a random username I created on my Droplet. You could use any username you'd like, i.e. jtittle, spython01, etc. All that matters is that the user exists on the system and that everything is setup correctly as per the guide I provided.

      The SSH command is setup so that you login using:

      ssh username@host -i private_key

      ssh is the command.

      username is the user on the system that you created using useradd.

      host is the hostname or IP address of the server (i.e the Droplet IP).

      -i is a flag that refers to identity, which is how you pass a private key

      private_key is the path to the private key associated with the public key that was echo'ed to authorized_keys on the Droplet.

      ...

      In my example, I created a user named myuser -- it was just filler :-).

Have another answer? Share your knowledge.

Related Questions