Setting up a Non-Root User
Operators may log into their servers remotely using a key. The following steps explain how to create a non-root user and log in using a private key instead of the root user. Replace <username>
in the instructions below with your username.
Use ssh-keygen to generate a new SSH key.
Create the user with no password, as the key is your password.
sudo adduser <username> --disabled-password
- Create authorized_keys with your key to log in.
sudo su - <username>
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
Use the editor of your choice and paste your .ssh public key i the
.ssh/authorized_keys
file.Exit out of the
<username>
account and log into the root or previous sudo-er account.
exit
- Add your user to sudo-ers under the root account or your previous sudo-er account.
sudo visudo
- Type
<username> ALL=(ALL:ALL) NOPASSWD:ALL
below the row containingroot ALL=(ALL:ALL) ALL
.
# User privilege specification
root ALL=(ALL:ALL) ALL
<username> ALL=(ALL:ALL) NOPASSWD:ALL
- You should be able to log in with the key and not use the root user.
ssh -i <your ssh private key> <username>@<server ip>
Here is an example command:
ssh -i ~/.ssh/id_rsa casper@10.21.10.200