Good day,
I have run into a problem setting up a new LAMP installation i setup on a droplet. (Keep in mind in am using the digital ocean console)
I am doing this tutorial specifically, and i am stuck on step four. I stopped at the instruction below because copy and paste don’t work on the console.
***Now open a file in .ssh called authorized_keys with a text editor. We will use nano to edit the file:
nano ~/.ssh/authorized_keys
Now insert your public key (which should be in your clipboard) by pasting it into the editor.
Hit CTRL-x to exit the file, then y to save the changes that you made, then ENTER to confirm the file name.***
What i did instead was login with filezilla using sftp and downloaded the key. i went in to the folder that i had created in console (/home/seyi/.ssh) and then dropped the text file i created in the folder. (i wasn’t sure if the file was supposed to be in .txt. or .pub so i put them both in the folder)
There was no way to know if it worked so i went back to console and did;
$ chmod 600 ~/.ssh/authorized_keys
That pulled an error: chmod: cannot access '/home/seyi/.ssh/authorized keys : No such file or directory.
Later i came back and tried $sudo apt-get update
entered the password and the got the error below “seyi is not in the sudoers file. the incident will be reported.”
…Help :(
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Instead of the DigitalOcean web-based console, I would recommend using PuTTy on Windows and Terminal or Hyper on MacOS so that you have copy/paste available. It’ll definitely ease the process since the vast majority of what you do through the CLI will require it at some point unless you simply like typing everything out by hand :-).
That said, when you’re running:
nano ~/.ssh/authorized_keys
The ~ signifies root or home when it comes to directories. If you’re logged in as the root user, then the above is actually opening this file:
/root/.ssh/authorized_keys
So the command is the same as:
nano /root/.ssh/authorized_keys
The only time the ~ will apply to your user, seyi, is when you are logged in to SSH as that user. It will then create a file relative to that users home directory.
…
So let’s run through the steps from the start and hopefully that’ll help you get this resolved.
What I like to do is first create the users home directory as well as their .ssh directory. We can do this in one shot by using:
mkdir -p /home/seyi/.ssh
Once we have the home directory, we can now create our user and set their home directory using:
useradd -d /home/seyi seyi
Now if you want this user to be a sudo user, you can add them to the sudo group using:
usermod -aG sudo seyi
The above appends the user to the sudo group so that we’re not changing the main group (i.e the group seyi still exists and can be used).
Now, to generate an SSH key pair for the user seyi we can cd in to the .ssh directory we created:
cd /home/seyi/.ssh
and run:
ssh-keygen -t rsa -b 4096
When prompted for a location, simply enter in /home/seyi/.ssh and give the key a name. For example you could use:
/home/seyi/.ssh/seyi
It’ll then output seyi and seyi.pub in /home/seyi/.ssh, so you should have:
/home/seyi/.ssh/seyi
/home/seyi/.ssh/seyi.pub
Now we’ll use cat to echo the contents of seyi.pub in to authorized_keys. This file doesn’t exist yet, but it will be automatically created for us using this command:
cat /home/seyi/.ssh/seyi.pub >> /home/seyi/.ssh/authorized_keys
Now we need to setup proper permissions on our files and directories using the user seyi and the group seyi.
chown -R seyi:seyi /home/seyi/*
chmod 700 /home/seyi/.ssh
chmod 644 /home/seyi/.ssh/authorized_keys
Now you should login and download:
/home/seyi/.ssh/seyi
/home/seyi/.ssh/seyi.pub
and then remove them from the directory using:
rm /home/seyi/.ssh/seyi
rm /home/seyi/.ssh/seyi.pub
You’ll use the seyi file as your private key file. Keep this file safe. If you lose it, you’ll have to repeat the above all over.
That being said, you won’t be able to login using SFTP with this user just yet as changes need to be made to /etc/ssh/sshd_config first.
First:
sudo nano /etc/ssh/sshd_config
Find:
Subsystem sftp /usr/lib/openssh/sftp-server
Comment it out so that it looks like:
#Subsystem sftp /usr/lib/openssh/sftp-server
And below it add:
Subsystem sftp internal-sftp
Now find:
UsePAM yes
and below it add:
Match Group sftpusers
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTCPForwarding no
PasswordAuthentication yes
Exit and save. Now we’ll create a new group called sftpusers:
groupadd sftusers
and then add seyi to that group as well:
sudo usermod -aG sftpusers seyi
Then restart SSH:
sudo service ssh restart
Now, even though you’re using SSH Keys to login, you’ll still need a password to use sudo, so we need to set a password on seyi:
passwd seyi
At this point, using the private key file, you should be able to login to SFTP as seyi and when you login to SSH, that user will now be a sudo user as well, so commands such as:
sudo apt-get update
will prompt you for a password and then execute.
