I am following the tutorial to add an SSL certificate to the Ubuntu 16.04 droplet, but in the instructions it is recommended this is not done through the root user, but rather a super user. As a result, I created a separate user and added it to a super user group, but I’m getting hung up on the step that adds ssh keys to this user.
First, I should switch to the user via
su - *username*, which should take you to the
/home directory of the user. When I check the path with
pwd it shows
/home, but when I run
who I am shown as the root user. Is this the correct behavior since I’m still technically logged in under root, but sudoing into this user?
I am then asked to create the
~/.ssh/id_rsa.pub with my ssh-key, but it already exists when I run the commands. Side note: I created this user a while back and may have added them then, but not sure. I decided to move on since they exist.
I tried to ssh into my user and it successfully connects, but then immediately closes. Any reason why that might be? Any help to point me in the right direction would be great!
ssh firstname.lastname@example.org email@example.com's password: Welcome to Ubuntu 16.04 * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage System information as System load: 0.08 Processes: 76 Usage of /: 19.8% of 19.56GB Users logged in: 0 Memory usage: 42% IP address for: 188.8.131.52 Swap usage: 0% Graph this data and manage this system at: https://landscape.canonical.com/ 0 packages can be updated. 0 updates are security updates. The programs included with the Ubuntu system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Fri Jun from xxx.x.xx.x.x.x Connection to 184.108.40.206 closed.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Click below to sign up and get $200 of credit to try our products over 60 days!
Enter your email to get $200 in credit for your first 60 days with DigitalOcean.
rootuser is a super user and the only real super user on the OS by default. You can add
sudousers which have permission to escalate to
rootafter authenticating, though
rootis still a super user :-).
When you run commands as the
sudouser, if you escalate to
su, you become
root, so when you check your home directory, it might not be what you expect. You’'ll want to run commands using
You’ll authenticate and then won’t need to re-authenticate for a period of time. By doing this, you’ll ensure that commands that you run specific to the user are as expected.
For example, if I’m logged in as
rootand create a
sudouser, I normally set and create their home directory at the same time.
Create Home Directory + .ssh Directory
Create Authorized Keys File
Create User + Set Home Directory
Add User to sudo Group
Set Password on User
If you want to be able to log in as the user without an SSH key, setting a password will allow that, as long as PasswordAuthentication is enabled in
You can check the users home directory by running:
… while logged in as the user. If you echo
$PWD, it’ll give you the current path to the directory that you’re currently in. So if I ran
cd /home, running:
… will give me
/home. If my home directory is
$HOMEwill give me that directory :-).
From there, you’ll log in as the user and create your SSH key. I generally use a heavier key with more KDF rounds, though it can delay log in by a few seconds to minutes depending on how many KDF rounds you use.
For example, to generate an RSA key, I’d use:
For an ED25519 key, I’d use:
-a- KDF Rounds (key derivation function)
-b- Bit size (applies to RSA, but not ED25519)
-C- Sets the comment on the key to be blank
-e- Sets the key hash used (sha256 is default)
-o- Uses new OpenSSH format for keys
-t- Specifies the type of key (RSA/ED25519)
With 1,000 KDF rounds, the key takes a few seconds to generate when you use a passphrase, and it will take a few seconds to log in as well. Using KDF generates a more secure key, though you have to be careful as setting it too high will definitely cause severe delays when trying to log in (i.e. 20,000 rounds will take an averages of 2-4 minutes to generate and the same to log in).
Once your public/private key are generated, place the public key in:
Download the private key locally and then remove both from the server as they are no longer needed. The public key only needs to exist in the file above and you shouldn’t keep your private key on the server :-).
This comment has been deleted
chmod 700 /home/mynewuser/.ssh broke my ssh into the root and I have no idea how to fix it. Any recommendations?