Skip to main content

Setting up a Non-Root User

Operators may log into their servers remotely using a key. The following steps explain how to create a non-root user and log in using a private key instead of the root user. Replace <username> in the instructions below with your username.

  1. Use ssh-keygen to generate a new SSH key.

  2. Create the user with no password, as the key is your password.

sudo adduser <username> --disabled-password
  1. Create authorized_keys with your key to log in.
sudo su - <username>
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
  1. Use the editor of your choice and paste your .ssh public key i the .ssh/authorized_keys file.

  2. Exit out of the <username> account and log into the root or previous sudo-er account.

exit
  1. Add your user to sudo-ers under the root account or your previous sudo-er account.
sudo visudo
  1. Type <username> ALL=(ALL:ALL) NOPASSWD:ALL below the row containing root ALL=(ALL:ALL) ALL.
# User privilege specification
root ALL=(ALL:ALL) ALL
<username> ALL=(ALL:ALL) NOPASSWD:ALL
  1. You should be able to log in with the key and not use the root user.
ssh -i <your ssh private key> <username>@<server ip>

Here is an example command:

ssh -i ~/.ssh/id_rsa casper@10.21.10.200