Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

“SSH Keys” provide a secure way of logging into servers and are recommended for all users. Configuring SSH-key-based authentication to your server allows users to sign in without providing an account password.

CentOS 7: User Setup

Create User

  1. Connect to your server through PuTTY. If you don’t already have PuTTY installed, please follow the link SSH to Instance using Windows.

  2. Create new user, for example newuser, and give the user a password with the following commands:

    Code Block
    sudo adduser newuser
    sudo passwd newuser

Assigning Sudo Permissions [Optional]

  1. To give the user sudo permissions, add the user to the group wheel, which gives sudo access to all members.

    Code Block
    sudo gpasswd -a newuser newuserwheelwheel
  2. The function lid shows which groups a user belongs to. Using function lid with -g flag will show which users belong in the indicated group.
    The following will show the usernames of those in the group wheel.

    Code Block
    sudo lid -g wheel
  3. To remove sudo permission, remove user from group wheel.

    Code Block
    sudo gpasswd -d newuser wheel

Delete User

If there is a user account no longer needed, run the following to delete the user without deleting their files:

Code Block
sudo userdel newuser

To delete the user’s home directory and account, run this instead:

Code Block
sudo userdel -r newuser

Both commands will automatically remove users from all added groups.

CentOS 8: User Setup

Create User

  1. Connect to your server through PuTTY. If you don’t already have PuTTY installed, please follow the link SSH to Instance using Windows.

  2. Create new user, for example newuser, and give the user a password with the following commands:

    Code Block
    sudo adduser newuser
    sudo passwd newuser

Assigning Sudo Permissions [Optional]

  1. To give the user sudo permissions, add the user to the group wheel, which gives sudo access to all its members.

    Code Block
    sudo usermod -aG wheel newuser
  2. The function lid shows which groups a user belongs to. Using function lid with -g flag will show which users belong in the indicated group.
    The following will show the usernames of those in the group wheel.

    Code Block
    sudo lid -g wheel
  3. To remove sudo permission, remove user from group wheel.

    Code Block
    sudo gpasswd -d newuser wheel

Delete User

If there is a user account no longer needed, run the following to delete the user without deleting their files:

Code Block
sudo userdel newuser

To delete the user’s home directory and account, run this instead:

Code Block
sudo userdel -r newuser

Both commands will automatically remove users from all added groups.

Ubuntu: User Setup

Create User

  1. Connect to your server through PuTTY. If you don’t already have PuTTY installed, please follow the link SSH to Instance using Windows.

  2. Create new user, for example newuser, with the following commands:

    Code Block
    sudo adduser newuser

    This command will also ask to:

    • Assign and confirm a password for the new user

    • Enter any additional information about the new user. This is optional and can be skipped by pressingENTER.

    • Enter Y to confirm the information and continue.

Assigning Sudo Permissions [Optional]

  1. To give the user sudo permissions, add the user to the group sudo, which gives sudo access to all members.

    Code Block
    sudo usermod -aG sudo newuser
  2. The following will show the usernames of those in the group sudo.

    Code Block
    getent group sudo
  3. To remove sudo permission, remove user from group wheel.

    Code Block
    sudo gpasswd -d newuser wheel

Delete User

If there is a user account no longer needed, run the following to delete the user without deleting their files:

Code Block
sudo deluser newuser

To delete the user’s home directory and account, run this instead:

Code Block
sudo deluser --remove-home newuser

Both commands will automatically remove users from all added groups.

Allow Password Authentication

  1. As the root user, run sudo vi /etc/ssh/sshd_config.

  2. Tap the i or insert key on your keyboard and edit the lines:
    PasswordAuthentication no to PasswordAuthentication yes

  3. Save and exit the vi file by typing Esc, :, w, q, and Enter.

  4. Restart the service: sudo systemctl restart sshd

SSH Key (CentOS 7, CentOS 8, & Ubuntu)

  1. Open PuTTYgen. If it’s not installed yet, please install it from here.

  2. Click Generate to click a new public and private key. PuTTYgen will ask you to move your mouse across the window to generate it.

    Note: One can change the Key Comment to provide a better description and add a Passphrase for extra security upon signing in. The Passphrase is similar to a password.

  3. Save the public key and save the private key.

    1. Public key is copied to the SSH server. Anyone with this key can encrypt data which can only by read by those with a private key.

    2. Private key is proof of the user’s identity. Only a user with the private key that corresponds to the public key will be able to authenticate successfully.

  4. Leave the window open. We will need to copy the key under Public key for pasting in OpenSSH authorized_keys file. To copy the key, right-click on it, click Select All then Copy.

  5. Connect to the server through a new PuTTY session. See SSH to Instance using Windows.

  6. Switch to the desired user you wish to provide access to. Ensure that this user has sudo Sudo permissions.

    Code Block
    su newuser
  7. Check if the SSH folder exists. If not, create it manually with the following:

    Code Block
    mkdir ~/.ssh
    chmod 0700 ~/.ssh
    touch ~/.ssh/authorized_keys
    chmod 0644 ~/.ssh/authorized_keys

    If the folder exists, running mkdir ~/.ssh should prompt

    1. Note, for Ubuntu, this step will be slightly different. Instead, create the folder with:

      Code Block
      mkdir ~/.ssh
      chmod 700 ~/.ssh
      touch ~/.ssh/authorized_keys
      chmod 600 ~/.ssh/authorized_keys
  8. Paste the SSH public key into your authorized keys.

    Code Block
    sudo vim ~/.ssh/authorized_keys
    1. If the vim command is not found, download vim with the following command and retry.

      1. Centos 7: sudo yum install vim

      2. Centos 8: sudo dnf install vim

  9. Copy the PuTTYgen key from Step 4. In the PuTTy ~/.ssh/authorized_keys window, tap the i or insert key on your keyboard. Press right-click to paste the key.

  10. To save, press Esc, :, w, q, Enter.

  11. Now let’s save our newuser PuTTY profile. Open a new PuTTY session.

  12. Under Hostname, type your newuser@floatingipaddress, where newuser corresponds to the user from Step 6 and floatingipaddress is the IP address of the remote host.

  13. In the left-hand menu, expand SSH under Connection. Click on Auth.

  14. Click on Browse and locate the private key file you previously created.

  15. Return to the Session page. Name your session. Click Save and then Open.

  16. Upon connecting, you should be prompted to enter the Passphrase if one was added and see the terminal open. You should see that you logged in and were authenticated through your public key.

    The red boxed item should the same as your Key Comment from Step 2.

  17. [Optional] Once key-based logins are working, you can decide to disable username and password logins for better security.

    1. Edit server’s configuration file.

      Code Block
      sudo vim /etc/ssh/sshd_config
    2. Tap the i or insert key on your keyboard and edit the lines, referenced below:

      Code Block
      [...]
      PasswordAuthentication no
      [...]
      UsePAM no
      [...]
    3. To save, press esc, :, w, q, Enter.

    4. Reload the server’s configuration.

      Code Block
      sudo reload ssh

...