Setting up Ubuntu

@oasysweb

Instead of the DigitalOcean web-based console, I would recommend using PuTTy on Windows and Terminal or Hyper on MacOS so that you have copy/paste available. It’ll definitely ease the process since the vast majority of what you do through the CLI will require it at some point unless you simply like typing everything out by hand :-).

That said, when you’re running:

nano ~/.ssh/authorized_keys

The ~ signifies root or home when it comes to directories. If you’re logged in as the root user, then the above is actually opening this file:

/root/.ssh/authorized_keys

So the command is the same as:

nano /root/.ssh/authorized_keys

The only time the ~ will apply to your user, seyi, is when you are logged in to SSH as that user. It will then create a file relative to that users home directory.

…

So let’s run through the steps from the start and hopefully that’ll help you get this resolved.

What I like to do is first create the users home directory as well as their .ssh directory. We can do this in one shot by using:

mkdir -p /home/seyi/.ssh

Once we have the home directory, we can now create our user and set their home directory using:

useradd -d /home/seyi seyi

Now if you want this user to be a sudo user, you can add them to the sudo group using:

usermod -aG sudo seyi

The above appends the user to the sudo group so that we’re not changing the main group (i.e the group seyi still exists and can be used).

Now, to generate an SSH key pair for the user seyi we can cd in to the .ssh directory we created:

cd /home/seyi/.ssh

and run:

ssh-keygen -t rsa -b 4096

When prompted for a location, simply enter in /home/seyi/.ssh and give the key a name. For example you could use:

/home/seyi/.ssh/seyi

It’ll then output seyi and seyi.pub in /home/seyi/.ssh, so you should have:

/home/seyi/.ssh/seyi
/home/seyi/.ssh/seyi.pub

Now we’ll use cat to echo the contents of seyi.pub in to authorized_keys. This file doesn’t exist yet, but it will be automatically created for us using this command:

cat /home/seyi/.ssh/seyi.pub >> /home/seyi/.ssh/authorized_keys

Now we need to setup proper permissions on our files and directories using the user seyi and the group seyi.

chown -R seyi:seyi /home/seyi/*

chmod 700 /home/seyi/.ssh

chmod 644 /home/seyi/.ssh/authorized_keys

Now you should login and download:

/home/seyi/.ssh/seyi
/home/seyi/.ssh/seyi.pub

and then remove them from the directory using:

rm /home/seyi/.ssh/seyi

rm /home/seyi/.ssh/seyi.pub

You’ll use the seyi file as your private key file. Keep this file safe. If you lose it, you’ll have to repeat the above all over.

That being said, you won’t be able to login using SFTP with this user just yet as changes need to be made to /etc/ssh/sshd_config first.

First:

sudo nano /etc/ssh/sshd_config

Find:

Subsystem sftp /usr/lib/openssh/sftp-server

Comment it out so that it looks like:

#Subsystem sftp /usr/lib/openssh/sftp-server

And below it add:

Subsystem sftp internal-sftp

Now find:

UsePAM yes

and below it add:

Match Group sftpusers
    ChrootDirectory %h
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTCPForwarding no
    PasswordAuthentication yes

Exit and save. Now we’ll create a new group called sftpusers:

groupadd sftusers

and then add seyi to that group as well:

sudo usermod -aG sftpusers seyi

Then restart SSH:

sudo service ssh restart

Now, even though you’re using SSH Keys to login, you’ll still need a password to use sudo, so we need to set a password on seyi:

passwd seyi

At this point, using the private key file, you should be able to login to SFTP as seyi and when you login to SSH, that user will now be a sudo user as well, so commands such as:

sudo apt-get update

will prompt you for a password and then execute.