Question

Ubuntu 20.04 asks for root passphrase when I SSH login as non-root

Posted September 20, 2020 209 views
Initial Server SetupUbuntu 20.04

As I was following this tutorial (https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-20-04), I created a new user account at step 2, including an account password. Then, I successfully added sudo privileges to this user account (step 3), set up the basic firewall and enables external access for my regular user (step 5).

So far, so good.

Now, when I externally login using ssh user@ipaddress, Ubuntu 20.04 asks for my passphrase, but it permits only the passphrase for my root user. Isn’t that strange? What if I add another user that is not me. He or she will have to know the passphrase for my root user account. That is not really save.

Please let me know what is good practice here.

1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hi @KatoVonKatz,

I think, at Step 2 — Creating a New User, you entered your root password instead of a new password for your regular user. You should set a new password for your regular user as following:

  1. Log in your regular user via SSH:

    • ssh user@ipaddress
  2. Change the password:

    • passwd

    Enter your root password first, then enter a new password twice when prompted.

  3. Then log out:

    • exit
  4. Finally, log in again with the new password:

    • ssh user@ipaddress
by Brian Boucheron
When you first create a new Ubuntu 20.04 server, you should perform some important configuration steps as part of the basic setup. These steps will increase the security and usability of your server, and will give you a solid foundation for subsequent actions.
  • Ha @tomnguyen , thank you for thinking along. This is not the case. I entered a different password for my regular user. I know this, because when I reboot Ubuntu from my regular user account (sudo reboot) I am asked for my regular user password ([sudo] password for regular user) and this works.

    Could it have something to do with Step 5. Enabling external access for your regular user? I used the If the Root Account Uses SSH Key Authentication paragraph for setup. As can be read from this paragraph:

    The simplest way to copy the files with the correct ownership and permissions is with the rsync command. This will copy the root user’s .ssh directory, preserve the permissions, and modify the file owners, all in a single command. Make sure to change the highlighted portions of the command below to match your regular user’s name:

    Could it be that this method also copies the root paraphrase login requirements?

    Also @Cudi

    • @KatoVonKatz,

      Well, I mistook the passphrase for the password. You created your SSH key-pair with a passphrase on your computer. You have also configured SSH key-based authentication for your server. When you log in to your server, whether with a root user or a regular user, you will have to enter the passphrase to decrypt the private key that resides on your computer. What resides on the server, in the user’s home directory, is your public key. There is nothing wrong here. If you do not want to enter the passphrase when you log in to the server, you must create a new key-pair with an empty passphrase (just press ENTER when prompted). Then you repeat all the necessary steps with the new key-pair.

      If you want to share your server with others, they must first create their own key-pairs. You then create user accounts for them on your server. Finally, you copy each of their public keys to their respective home directory. When they log in to the server, they use their private keys, not yours. If they declared a passphrase when generating the keys, they will also need to enter their passphrase, not yours.

      If you want to learn more about SSH key pairs, read this link Understanding SSH Key Pairs

      • Thank you @tomnguyen, this helps a lot. For other newbies such as myself that may have the same question, please let me share my experience here.

        • If you followed the tutorial and choose to follow the instructions in the If the Root Account Uses SSH Key Authentication paragraph of step 5, you are asked to enter the same SSH passphrase as your root uses when you login to your server. This SSH login method helps you to secure a safe connection with your server, which in this case is a Virtual Private Server of DigitalOcean.

        • As soon as you are logged in safely to the server, you are asked for your regular user login details when you want to make configurations such as installing apps (Wordpress) or stacks (LAMP) or any other of the millions of options :).

Hi @KatoVonKatz,

Following the tutorial lets, you create a user with sudo privileges so that you don’t need to use root for everything.

If you wish to have a user that’s being accessed by another person, you shouldn’t rsync your SSH key to the newly created folder .ssh user’s folder but rather use the key of the person that’s going to use this user.

Regards,
KFSys

Submit an Answer