SSH New user Ubuntu 14.04

April 19, 2015 14.1k views
Security Linux Commands

Situation : i want to add a new user and disable the root login .
The new user will be a sudo user and on auth with the server it should only connect trough SSH no password auth . i followed multiple guides here on DO and did some googling myself but i fail at getting it all working . here are some steps i take .

i login as root : /usr/sbin/adduser username
i get prompted for a password and set one .

User privilege :
nano /etc/sudoers
and add : username ALL=(ALL) ALL

i test and confirm that i can login with the new user with a password and i have sudo .

i login back as root and edit the sshdconfig file
nano /etc/ssh/sshd

next up is a question : should i set PermitRootLogin to No ? or to without-password ?
i see allot of people recommend to set it to no . So i do set it to NO

i add AllowUsers username
and restart sushi with service ssh restart
Logout and try to connect again with root get prompted for a password but no password was set because on creation of the droplet i added a SSH key . So things look okay Root user login is disabled .
And i can still login with the new user but only trough the password prompt .

THE PROBLEM : with the SSH key and password .

i add the ssh key cat ~/.ssh/ | ssh user@123.456.78.90"mkdir -p ~/.ssh && cat >> ~/.ssh/authorizedkeys
since the ssh-copy-id does not seem to work for me ( mac user )
next my terminal just prompts me with a > what do i do from here ?
i can paste the public key but how do i save it and next how do i disable the password login for the user and only auth on the ssh key .

Thank you in advance for the reply if anything i mention here above raises a security flag please let me know .

2 Answers

Create the SSH directory with the ssh command:

ssh user@123.456.78.90 'mkdir -p ~/.ssh'

Use the scp command to copy the key:

scp ~/.ssh/ user@123.456.78.90:~/.ssh/authorized_keys

how do i disable the password login for the user and only auth on the ssh key.

Edit the /etc/ssh/sshd_config file, find

PasswordAuthentication yes

and set it to no.

i use serverpilot for managing the application and that requires auth through a password so if i set PasswordAuthentication No and then the server pilot agent can't login anymore

I asked Justin Samuel of ServerPilot about this and he said

ServerPilot will continue to work with SSH "PasswordAuthentication no".

If you want to confirm shoot an email to support at serverpilot dot io

Have another answer? Share your knowledge.