@oasysweb
Instead of the DigitalOcean web-based console, I would recommend using PuTTy on Windows and Terminal or Hyper on MacOS so that you have copy/paste available. It'll definitely ease the process since the vast majority of what you do through the CLI will require it at some point unless you simply like typing everything out by hand :-).
That said, when you're running:
nano ~/.ssh/authorized_keys
The ~
signifies root
or home
when it comes to directories. If you're logged in as the root
user, then the above is actually opening this file:
/root/.ssh/authorized_keys
So the command is the same as:
nano /root/.ssh/authorized_keys
The only time the ~
will apply to your user, seyi
, is when you are logged in to SSH as that user. It will then create a file relative to that users home directory.
...
So let's run through the steps from the start and hopefully that'll help you get this resolved.
What I like to do is first create the users home
directory as well as their .ssh
directory. We can do this in one shot by using:
mkdir -p /home/seyi/.ssh
Once we have the home directory, we can now create our user and set their home directory using:
useradd -d /home/seyi seyi
Now if you want this user to be a sudo
user, you can add them to the sudo
group using:
usermod -aG sudo seyi
The above appends the user to the sudo
group so that we're not changing the main group (i.e the group seyi
still exists and can be used).
Now, to generate an SSH key pair for the user seyi
we can cd
in to the .ssh
directory we created:
cd /home/seyi/.ssh
and run:
ssh-keygen -t rsa -b 4096
When prompted for a location, simply enter in /home/seyi/.ssh
and give the key a name. For example you could use:
/home/seyi/.ssh/seyi
It'll then output seyi
and seyi.pub
in /home/seyi/.ssh
, so you should have:
/home/seyi/.ssh/seyi
/home/seyi/.ssh/seyi.pub
Now we'll use cat
to echo the contents of seyi.pub
in to authorized_keys
. This file doesn't exist yet, but it will be automatically created for us using this command:
cat /home/seyi/.ssh/seyi.pub >> /home/seyi/.ssh/authorized_keys
Now we need to setup proper permissions on our files and directories using the user seyi
and the group seyi
.
chown -R seyi:seyi /home/seyi/*
chmod 700 /home/seyi/.ssh
chmod 644 /home/seyi/.ssh/authorized_keys
Now you should login and download:
/home/seyi/.ssh/seyi
/home/seyi/.ssh/seyi.pub
and then remove them from the directory using:
rm /home/seyi/.ssh/seyi
rm /home/seyi/.ssh/seyi.pub
You'll use the seyi
file as your private key file. Keep this file safe. If you lose it, you'll have to repeat the above all over.
That being said, you won't be able to login using SFTP with this user just yet as changes need to be made to /etc/ssh/sshd_config
first.
First:
sudo nano /etc/ssh/sshd_config
Find:
Subsystem sftp /usr/lib/openssh/sftp-server
Comment it out so that it looks like:
#Subsystem sftp /usr/lib/openssh/sftp-server
And below it add:
Subsystem sftp internal-sftp
Now find:
UsePAM yes
and below it add:
Match Group sftpusers
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTCPForwarding no
PasswordAuthentication yes
Exit and save. Now we'll create a new group called sftpusers
:
groupadd sftusers
and then add seyi
to that group as well:
sudo usermod -aG sftpusers seyi
Then restart SSH:
sudo service ssh restart
Now, even though you're using SSH Keys to login, you'll still need a password to use sudo
, so we need to set a password on seyi
:
passwd seyi
At this point, using the private key file, you should be able to login to SFTP as seyi
and when you login to SSH, that user will now be a sudo user as well, so commands such as:
sudo apt-get update
will prompt you for a password and then execute.