- Create a new SSH user on Ubuntu Server
- 9 Answers 9
- Creating a New SSH User
- 1. Introduction
- 2. Creating a New SSH User
- 3. Granting root or sudo Access
- 4. Establishing an SSH Connection
- 5. Conclusion
- Создание пользователя и SSH ключей
- Выдержка из офф. документации:
- Вырианты команд для работы с SSH в Windows:
- # Частые проблемы
- Creating a new user with an SSH key on Linux
- Download the Free E-book!
- Additional Information
- My Books
- Recent Snippets
Create a new SSH user on Ubuntu Server
My problem lies with the first two items. I’ve already found useradd but for some reason, I can’t log in as a user created with it over SSH. Do I need to beat SSHd to allow this?
Hi! I can help you in servers, I don’t know what is your problem with SSH, because for me with default config never refuses my connection. You may see man 5 nologin, this writes, that if /etc/nologin exists, you can log in with root only. Try login normally, then write the results.
What’s the user’s shell? Is it /bin/bash? Check that out in /etc/password. Make sure it’s not /dev/null or /bin/false.
@B. Roland I do have a /etc/nologin file but it’s empty. I deleted it and restarted ssh but it’s still just responding Permission denied, please try again. when I try and log in.
9 Answers 9
SSH is very picky about the directory and file permissions. Make sure that:
- The directory /home/username/.ssh has permission «700» and is owned by the user (not root!)
- The /home/username/ssh/authorized_keys has permission «600» and is owned by the user
Copy your public key into the authorized_keys file.
sudo chown -R username:username /home/username/.ssh sudo chmod 0700 /home/username/.ssh sudo chmod 0600 /home/username/.ssh/authorized_keys
There is NO need to add the user to /etc/ssh/ssh_config.
My problem was that I was trying to use /root/.ssh/authorized_keys instead of /home/bob/.ssh/authorized_keys .
I can confirm: on our VPS hosting there was no need to edit ssh_config . Setting up that directory and file was enough.
Much easier to login as user (or sudo su —login
Edit (as root) /etc/ssh/sshd_config . Append the following to it:
Port 1234 PermitRootLogin no AllowUsers jim
Port 1234 causes SSH to listen on port 1234. You can use any unused port from 1 to 65535. It’s recommended to choose a privileged port (port 1-1024) which can only be used by root. If your SSH daemon stops working for some reason, a rogue application can’t intercept the connection.
PermitRootLogin disallows direct root login.
AllowUsers jim allows user jim to login through SSH. If you do not have to login from everywhere, you can make this more secure by restricting jim to an IP address (replace 1.2.3.4 with your actual IP address):
Changes to the configuration file /etc/ssh/sshd_config are not immediately applied, to reload the configuration, run:
+1: Note: these instructions are still applicable to newer versions of Ubuntu (e.g. 13.04). If you do want root login, however, (perhaps you’re still setting up the server), you must set PermitRootLogin to yes and also add root to AllowUsers .
@Lekensteyn I’ve found just adding a new user to Ubuntu itself creates an ssh account for that user. useradd -m -G sudo,adm -s /bin/bash mecharok and passwd mecharok
@Wolfpack’08 Use AllowUsers username1,username2 to restrict SSH logins to those users. Ensure that sshd is reloaded. If this does not help, please create a new question.
@Lekensteyn your command: AllowUsers username1,username2 has the wrong format and will lock you out of your server!! The correct command to set is: AllowUsers username1 username2
There will be clues in /var/log/auth.log for why SSH (or PAM) is rejecting the login attempt. Additional clues may be found by using the -v option with the ssh client. Several common situations, some mentioned in the other answers:
- the user account lacks a password, or is otherwise disabled (see man passwd , try resetting the password or checking the contents of /etc/shadow ).
- /etc/ssh/sshd_config is configured to disallow the login ( DenyUsers , AllowUsers , PasswordAuthentication , PubkeyAuthentication , UsePAM etc, see man sshd_config ).
- the user’s shell is not listed in /etc/shells .
- various permission problems on directories or files related to SSH operation: /etc/ssh , /home/jim/.ssh , /home/jim/.ssh/* , etc.
I’d also recommend using adduser (instead of useradd) for adding new users; it is a little more friendly about various default account settings.
As long as the user is not part of the admin group, they will not be able to sudo to root. For them to use su, you will need to set a root password ( passwd root ), after which I recommend setting PermitRootLogin=no in /etc/ssh/sshd_config .
Creating a New SSH User
The Kubernetes ecosystem is huge and quite complex, so it’s easy to forget about costs when trying out all of the exciting tools.
To avoid overspending on your Kubernetes cluster, definitely have a look at the free K8s cost monitoring tool from the automation platform CAST AI. You can view your costs in real time, allocate them, calculate burn rates for projects, spot anomalies or spikes, and get insightful reports you can share with your team.
Connect your cluster and start monitoring your K8s costs right away:
1. Introduction
SSH (Secure Shell) is a protocol used in Linux to access and manage servers remotely. This allows for the remote execution of commands, file transfers, and other tasks.
Creating new users with specific permissions is an important aspect of server management. It’s crucial to understand the risks of granting root access, which should only be given to trusted users and monitored to maintain security.
This tutorial covers creating a new user, granting superuser privileges, and setting up a home directory
2. Creating a New SSH User
First. we’ll need to open the terminal and log in as the root user. To log in as the root user, use the command su and enter the root password when prompted. Avoid logging in as the root user unless necessary, as it poses a security risk:
We’ll use the command adduser followed by the desired username. For example, adduser newuser will create a new user named newuser. The adduser command will prompt us to enter a password for the new user and ask us to enter some additional information, such as the user’s full name and contact information:
$ adduser newuser Adding user 'newuser' . Adding new group 'newuser' (1001) . Adding new user 'newuser' (1001) with group 'newuser' . Creating home directory '/home/newuser' . Copying files from '/etc/skel' . Enter new UNIX password: ****** Retype new UNIX password: ******
To change the user’s password, we can use the passwd command with the user name as an argument:
$ passwd newuser Enter new UNIX password: ****** Retype new UNIX password: ******
We can also set a specific home directory for the new user with the usermod command:
$ usermod -d /home/newuser -m newuser
This will create a new directory /home/newuser and set it as the home directory for the user newuser.
Please remember that these commands should be run on the terminal with appropriate privileges.
3. Granting root or sudo Access
If we want to grant root or sudo access to our new user, we can use the usermod command:
This adds our new user to the sudo group.
We can test the new user’s access by logging out of the root account and logging back in as the new user. Then, use the command sudo to execute commands with superuser privileges.
4. Establishing an SSH Connection
Once we’ve created a new user and granted them root or sudo access, we can establish an SSH connection to a server:
- On the SSH host (the server), make sure the SSH service is running. To check if the SSH service is running, we run the command:
Replace username with the name of the user we created and host with the IP address or domain name of the SSH host. For example, if we created a user named newuser and the host has an IP address of 192.168.1.100, the command would be:
Following these steps, we can establish an SSH connection and remotely manage the server with the new user we created.
5. Conclusion
Creating new users with root or sudo access should be done with caution for trusted users only and must be monitored to prevent security risks. Managing SSH keys and configuring the SSH server settings are crucial for maintaining a secure server.
Always be sure to implement best practices for user management, SSH key management, and server settings, including monitoring user activity, regularly updating the server’s software, and implementing a firewall to block unauthorized access.
Additionally, keeping the server’s operating system and software up-to-date with the latest security patches and updates is important, and we should also have disaster recovery and regular backups in place.
Создание пользователя и SSH ключей
Скопировать ssh ключи от одного пользователя другому:
sudo cp -r /home/USER1/.ssh /home/USER2/.ssh sudo chown -R USER2:USER2 /home/USER2/.ssh sudo chmod -R 700 /home/ddudin/.ssh
Сменить пароль на ключ можно с помощью команды
ssh-keygen -f ~/.ssh/id_rsa_my_custom -p
Копирование открытого ключа на сервер:
ssh-copy-id -i id_rsa.pub username@remote_host
Когда ранее созданный ключ id_rsa.pub будет найден, тогда будет предложено ввести пароль учетной записи удаленного пользователя. Утилита подключится к учетной записи на удаленном хосте, используя указанный пароль. Затем содержимое ключа ~/.ssh/id_rsa.pub будет скопировано в основной каталог ~/.ssh удаленной учетной записи в файл с именем authorized_keys .
После этого можно проверить как работает подключение с этим ключом:
ssh -v -i ~/.ssh/id_rsa username@remote_host
- -i identity_file
- -v Prints debugging messages for ssh connection. The verbose mode is useful when troubleshooting configuration issues.
МОМЕНТЫ:
Все права на /home/USER/.ssh должны быть 700 и только пользователя владельца
Команды для этого:
sudo chown -R USER2:USER2 /home/USER2/.ssh sudo chmod -R 700 /home/USER2/
Выдержка из офф. документации:
3. Copy id_dsa.pub to the server's .ssh directory * -> scp $HOME/.ssh/id_dsa.pub user@server:/home/user/.ssh 4. Change to /root/.ssh and create file authorized_keys containing id_dsa content * -> cd /home/user/.ssh * -> cat id_dsa.pub >> authorized_keys
Вырианты команд для работы с SSH в Windows:
scp $HOME/.ssh/id_rsa.pub user@11.1.2.3:/home/user/.ssh ssh-copy-id user@11.1.2.3 "C:\Program Files\PuTTY\pscp.exe" C:/Users/user/.ssh/id_rsa.pub user@11.1.2.3:/home/user/.ssh "C:\Program Files\PuTTY\pscp.exe" C:/Users/user/.ssh/id_rsa user@11.1.2.3:/home/user/.ssh type public_id | "C:\Program Files\PuTTY\plink.exe" user@11.1.2.3 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys"
# Частые проблемы
если ssh спрашивает пароль когда ключ SSH вы уже подставили, тогда значит первым делом проверяйте как идет подключение:
ssh -vT git@YOUR_HOST_OR_GIT_REPO
После этого вы поймете что ключ скорее всего не тот вы подставили и тогда вы можете добавить ключ в настройки гит-репы,
а в гит-репу нужен собственный формат ключа который дает puttygen
Creating a new user with an SSH key on Linux
The various steps to successfully setup a new user with the best security.
Posted at March 1, 2021 by Nicholas C. Zakas
First, create a new user with useradd :
sudo useradd -m -d /home/username -s /bin/bash username
Next, set the user’s password:
Then, copy the contents of the user’s public key into /home/username/.ssh/authorized_keys . This is a plain text file where you can paste one public key per line.
After that, set up the correct permissions for both the .ssh directory and the authorized_keys file:
# ensure the directory ir owned by the new user chown -R username:username /home/username/.ssh # make sure only the new user has permissions chmod 700 /home/username/.ssh chmod 600 /home/username/.ssh/authorized_keys
Last, if you want the new user to have sudo access, be sure to add them to the sudo group:
sudo usermod -a -G sudo username
If you don’t have a sudo group, you can manually edit the /etc/sudoers file.
Demystify JavaScript promises with the e-book that explains not just concepts, but also real-world uses of promises.
Download the Free E-book!
The community edition of Understanding JavaScript Promises is a free download that arrives in minutes.