All Linux HowTo's

Create New Linux Users With SSH Keys Step by Step

This article shows how to add new users to a Linux server manually. The process is very simple.  As the “root” user we will be created one user called “ben”.

useradd ben

The above command will create the new user and “should” create the users home directory at “/home/ben”. If that directory doesn’t exist, complain to the person who set up the server because they did it wrong.

If the users home directory doesn’t exist, create it with the following command:

mkdir /home/ben
chown ben.ben /home/beb
chmod 700 /home/ben

TIP: You can see what other users have set for their home directories by doing an “ls -l /home”. The permissions i’ve recommended above are restrictive and sensible.

Next we create the directory and file for Ben’s private key:

mkdir /home/ben/.ssh

And then create the file to place the key in:

touch /home/ben/.ssh/authorized_keys

The above file “/home/ben/.ssh/authorized_keys” needs to have Ben’s pubic key copied into it. You can do that in many ways but you might find it easier to do it this way:

NOTE: I’ve shortened the key to just a short snippet to make it look nice on this article.

echo "ssh-rsa AAAAB3Nzanrf7ARNGeN7rUu0Nqt/G1EbnR256Roz+zNKqWs+j9i...." >> /home/ben/.ssh/authorized_keys

The reason we use the “>>” instead of just one “>” is because we can put as many keys as we like in that file – one per line. The result being that any one with the private key matching any public key in that file can login as Ben.

TIP: The difference between one “>” and two “>>” is that one will replace whatever is already in the target file while two will append to a new line.

Now we correct permissions and ownership:

chown ben.ben -R /home/ben
chmod 700 /home/ben/.ssh
chmod 600 /home/ben/.ssh/authorized_keys

No Ben can log in using his key. On a Windows system (using Putty) you would have to convert the key into a different format. Read about Putty conversions for SSH keys here. But for Linux and MacOS users, try this:

ssh -l ben target.example.com

Add the “-A” if you want to forward your key so you (Ben) can jump from one machine to another using his/her key.

Similar Posts:

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.