Situation : i want to add a new user and disable the root login . The new user will be a sudo user and on auth with the server it should only connect trough SSH no password auth . i followed multiple guides here on DO and did some googling myself but i fail at getting it all working . here are some steps i take .
i login as root : /usr/sbin/adduser username i get prompted for a password and set one .
User privilege : nano /etc/sudoers and add : username ALL=(ALL) ALL
i test and confirm that i can login with the new user with a password and i have sudo .
i login back as root and edit the sshd_config file nano /etc/ssh/sshd_config
next up is a question : should i set PermitRootLogin to No ? or to without-password ? i see allot of people recommend to set it to no . So i do set it to NO
i add AllowUsers username and restart sushi with service ssh restart Logout and try to connect again with root get prompted for a password but no password was set because on creation of the droplet i added a SSH key . So things look okay Root user login is disabled . And i can still login with the new user but only trough the password prompt .
THE PROBLEM : with the SSH key and password .
i add the ssh key cat ~/.ssh/id_rsa.pub | ssh user@123.456.78.90"mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys since the ssh-copy-id does not seem to work for me ( mac user ) next my terminal just prompts me with a > what do i do from here ? i can paste the public key but how do i save it and next how do i disable the password login for the user and only auth on the ssh key .
Thank you in advance for the reply if anything i mention here above raises a security flag please let me know .
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Create the SSH directory with the ssh command:
ssh user@123.456.78.90 'mkdir -p ~/.ssh'
Use the scp command to copy the key:
scp ~/.ssh/id_rsa.pub user@123.456.78.90:~/.ssh/authorized_keys
how do i disable the password login for the user and only auth on the ssh key.
Edit the /etc/ssh/sshd_config file, find
PasswordAuthentication yes
and set it to no.
i use serverpilot for managing the application and that requires auth through a password so if i set PasswordAuthentication No and then the server pilot agent can’t login anymore
I asked Justin Samuel of ServerPilot about this and he said
ServerPilot will continue to work with SSH “PasswordAuthentication no”.
If you want to confirm shoot an email to support at serverpilot dot io
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.