Setting up Ubuntu

March 11, 2017 23k views
DigitalOcean Getting Started Ubuntu 16.04
oasysweb
By:
oasysweb

Good day,

I have run into a problem setting up a new LAMP installation i setup on a droplet. (Keep in mind in am using the digital ocean console)

I am doing this tutorial specifically, and i am stuck on step four. I stopped at the instruction below because copy and paste don't work on the console.

***Now open a file in .ssh called authorized_keys with a text editor. We will use nano to edit the file:

nano ~/.ssh/authorized_keys

Now insert your public key (which should be in your clipboard) by pasting it into the editor.

Hit CTRL-x to exit the file, then y to save the changes that you made, then ENTER to confirm the file name.***

What i did instead was login with filezilla using sftp and downloaded the key. i went in to the folder that i had created in console (/home/seyi/.ssh) and then dropped the text file i created in the folder. (i wasn't sure if the file was supposed to be in .txt. or .pub so i put them both in the folder)

There was no way to know if it worked so i went back to console and did;

$ chmod 600 ~/.ssh/authorized_keys

That pulled an error:
chmod: cannot access '/home/seyi/.ssh/authorized keys : No such file or directory.

Later i came back and tried
$sudo apt-get update

entered the password and the got the error below
"seyi is not in the sudoers file. the incident will be reported."

...Help :(

Log In to Comment
1 Answer
jtittle1 March 13, 2017
Accepted Answer

@oasysweb

Instead of the DigitalOcean web-based console, I would recommend using PuTTy on Windows and Terminal or Hyper on MacOS so that you have copy/paste available. It'll definitely ease the process since the vast majority of what you do through the CLI will require it at some point unless you simply like typing everything out by hand :-).

That said, when you're running:

nano ~/.ssh/authorized_keys

The ~ signifies root or home when it comes to directories. If you're logged in as the root user, then the above is actually opening this file:

/root/.ssh/authorized_keys

So the command is the same as:

nano /root/.ssh/authorized_keys

The only time the ~ will apply to your user, seyi, is when you are logged in to SSH as that user. It will then create a file relative to that users home directory.

...

So let's run through the steps from the start and hopefully that'll help you get this resolved.

What I like to do is first create the users home directory as well as their .ssh directory. We can do this in one shot by using:

mkdir -p /home/seyi/.ssh

Once we have the home directory, we can now create our user and set their home directory using:

useradd -d /home/seyi seyi

Now if you want this user to be a sudo user, you can add them to the sudo group using:

usermod -aG sudo seyi

The above appends the user to the sudo group so that we're not changing the main group (i.e the group seyi still exists and can be used).

Now, to generate an SSH key pair for the user seyi we can cd in to the .ssh directory we created:

cd /home/seyi/.ssh

and run:

ssh-keygen -t rsa -b 4096

When prompted for a location, simply enter in /home/seyi/.ssh and give the key a name. For example you could use:

/home/seyi/.ssh/seyi

It'll then output seyi and seyi.pub in /home/seyi/.ssh, so you should have:

/home/seyi/.ssh/seyi
/home/seyi/.ssh/seyi.pub

Now we'll use cat to echo the contents of seyi.pub in to authorized_keys. This file doesn't exist yet, but it will be automatically created for us using this command:

cat /home/seyi/.ssh/seyi.pub >> /home/seyi/.ssh/authorized_keys

Now we need to setup proper permissions on our files and directories using the user seyi and the group seyi.

chown -R seyi:seyi /home/seyi/*

chmod 700 /home/seyi/.ssh

chmod 644 /home/seyi/.ssh/authorized_keys

Now you should login and download:

/home/seyi/.ssh/seyi
/home/seyi/.ssh/seyi.pub

and then remove them from the directory using:

rm /home/seyi/.ssh/seyi

rm /home/seyi/.ssh/seyi.pub

You'll use the seyi file as your private key file. Keep this file safe. If you lose it, you'll have to repeat the above all over.

That being said, you won't be able to login using SFTP with this user just yet as changes need to be made to /etc/ssh/sshd_config first.

First:

sudo nano /etc/ssh/sshd_config

Find:

Subsystem sftp /usr/lib/openssh/sftp-server

Comment it out so that it looks like:

#Subsystem sftp /usr/lib/openssh/sftp-server

And below it add:

Subsystem sftp internal-sftp

Now find:

UsePAM yes

and below it add:

Match Group sftpusers
    ChrootDirectory %h
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTCPForwarding no
    PasswordAuthentication yes

Exit and save. Now we'll create a new group called sftpusers:

groupadd sftusers

and then add seyi to that group as well:

sudo usermod -aG sftpusers seyi

Then restart SSH:

sudo service ssh restart

Now, even though you're using SSH Keys to login, you'll still need a password to use sudo, so we need to set a password on seyi:

passwd seyi

At this point, using the private key file, you should be able to login to SFTP as seyi and when you login to SSH, that user will now be a sudo user as well, so commands such as:

sudo apt-get update

will prompt you for a password and then execute.

Reply
Have another answer? Share your knowledge.

Related Questions