without-password means that the
root user must login using a public key. If you’re trying to run
su root to become root from different users account, you will get prompted for a password.
You’d be better off creating a new user, setting up their environment, and adding them as a sudo user. Of course, you’re still going to be prompted to authenticate when you run
sudo as well. If you weren’t then anyone that was able to login to that account would have free range to run root level commands without any secondary authentication.
Setting up a Sudo User
myuser as the username of the new user in this example, so wherever you see
myuser, you would simply substitute in the username of your choice.
1). Create a Home + .ssh Directories
mkdir -p /home/myuser/.ssh
2). Create a New User + Assign the Home Directory
useradd -d /home/myuser myuser
3). Create the authorized_keys File
4). Setup Correct Permissions
chown -R myuser:myuser /home/myuser \
&& chmod 700 /home/myuser/.ssh \
&& chmod 644 /home/myuser/.ssh/authorized_keys
5). Add Public Key to authorized_keys
You’d simply paste in your public key, then hit
CTRL+X and hit enter to save.
6). Add a Password for
With the above setup, you can now SSH in using:
ssh myuser@DROPLETIP -i /path/to/local/private_key
If you setup a passphrase on the key itself, you’d enter it in and once logged in, you start off with just basic permissions. You can’t run root level commands until you prefix those commands with
If you try to run a root command, it’ll fail – i.e.
You would need to use:
sudo apt-get upgrade
and when prompted, enter in the password for
myuser – the command will then execute.
SSH Keys exist to get in you – after that, passwords do come in to play, especially when you’re using either
The point is to not have to login as root at all – you should login as the sudo user and escalate using the sudo prefix on each command from.