...
To give the user sudo permissions, add the user to the group
sudo
, which gives sudo access to all members.Code Block sudo usermod -aG sudo newuser
The following will show the usernames of those in the group
sudo
.Code Block getenegetent group sudo
To remove sudo permission, remove user from group
wheel
.Code Block sudo gpasswd -d newuser wheel
...
Both commands will automatically remove users from all added groups.
Allow Password Authentication
As the root user, run
sudo vi /etc/ssh/sshd_config
.Tap the
i
orinsert
key on your keyboard and edit the lines:PasswordAuthentication no
toPasswordAuthentication yes
Save and exit the vi file by typing
Esc
,:
,w
,q
, andEnter
.Restart the service:
sudo systemctl restart sshd
SSH Key (CentOS 7, CentOS 8, & Ubuntu)
Open PuTTYgen. If it’s not installed yet, please install it from here.
Click Generate to click a new public and private key. PuTTYgen will ask you to move your mouse across the window to generate it.
Note: One can change the Key Comment to provide a better description and add a Passphrase for extra security upon signing in. The Passphrase is similar to a password.
Save the public key and save the private key.
Public key is copied to the SSH server. Anyone with this key can encrypt data which can only by read by those with a private key.
Private key is proof of the user’s identity. Only a user with the private key that corresponds to the public key will be able to authenticate successfully.
Leave the window open. We will need to copy the key under
Public key for pasting in OpenSSH authorized_keys file
. To copy the key, right-click on it, click Select All then Copy.Connect to the server through a new PuTTY session. See SSH to Instance using Windows.
Switch to the desired user you wish to provide access to. Ensure that this user has Sudo permissions.
Code Block su newuser
Check if the SSH folder exists. If not, create it manually with the following:
Code Block mkdir ~/.ssh chmod 0700 ~/.ssh touch ~/.ssh/authorized_keys chmod 0644 ~/.ssh/authorized_keys
If the folder exists, running
mkdir ~/.ssh
should promptNote, for Ubuntu, this step will be slightly different. Instead, create the folder with:
Code Block mkdir ~/.ssh chmod 700 ~/.ssh touch ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys
Paste the SSH public key into your authorized keys.
Code Block sudo vim ~/.ssh/authorized_keys
If the vim command is not found, download vim with the following command and retry.
Centos 7:
sudo yum install vim
Centos 8:
sudo dnf install vim
Copy the PuTTYgen key from Step 4. In the PuTTy
~/.ssh/authorized_keys
window, tap thei
orinsert
key on your keyboard. Press right-click to paste the key.To save, press
Esc
,:
,w
,q
,Enter
.Now let’s save our newuser PuTTY profile. Open a new PuTTY session.
Under
Hostname
, type yournewuser@floatingipaddress
, wherenewuser
corresponds to the user from Step 6 andfloatingipaddress
is the IP address of the remote host.In the left-hand menu, expand SSH under Connection. Click on Auth.
Click on Browse and locate the private key file you previously created.
Return to the Session page. Name your session. Click Save and then Open.
Upon connecting, you should be prompted to enter the Passphrase if one was added and see the terminal open. You should see that you logged in and were authenticated through your public key.
The red boxed item should the same as your Key Comment from Step 2.
[Optional] Once key-based logins are working, you can decide to disable username and password logins for better security.
Edit server’s configuration file.
Code Block sudo vim /etc/ssh/sshd_config
Tap the
i
orinsert
key on your keyboard and edit the lines, referenced below:Code Block [...] PasswordAuthentication no [...] UsePAM no [...]
To save, press
esc
,:
,w
,q
,Enter
.Reload the server’s configuration.
Code Block sudo reload ssh
...