How to Add Linux SSH Key User

Home > Guides

This guide provides instructions on how to establish a new Ubuntu Linux user that can login with a private key. These steps assume the use of a Mac.

Steps

1. Create a key pair for the new user:

Mac

Create a key pair locally:

ssh-keygen -t rsa

AWS

Create a key pair on AWS

2. Place the private key in the local directory: ~/.ssh

2. Change to the .ssh directory

cd ~/.ssh

4. Set the permissions on the local key file:

chmod 400 GTKeyPairUser101.pem
5. Generate a public key from the private key:

ssh-keygen -y

6. Copy the public key text from the screen, place the text in a file (GTKeyPairUser101.pub) and then place the file in the ~/.ssh directory.

7. Connect to the Ubuntu Linux system using ssh and admin credentials:

ssh -i AdminUserKeyFile.pem adminuser@example.com

8. Create the new user on the linux system:

@ubuntu$ sudo adduser new_user --disabled-password

9. Add the new user to the sudo group:

@ubuntu$ sudo usermod -aG sudo username

10. Change the security context to the new_user account so that folders and files you create will have the correct permissions:

@ubuntu$ sudo su - new_user

11. Create an .ssh directory in the new_user home directory:

@new_user$ mkdir .ssh

12. Change the .ssh directory’s permissions to 700:

@new_user$ chmod 700 .ssh

13. Change into the .ssh directory:

@new_user$ cd .ssh

14. Create the authorized_keys file in the .ssh directory:

@new_user:~/.ssh$ touch authorized_keys
15. Change the authorized_keys file permissions to 600:

@new_user:~/.ssh$ chmod 600 authorized_keys

16. Run the Linux cat command in append mode:

@new_user:~/.ssh$ cat >> authorized_keys

17. Paste the public key into the authorized_keys file and then press Enter. Press Ctrl+d to exit cat.

18. Exit the new_user shell

@new_user$ exit

19. Edit the visudo file (Skip to step 21 if completed prior)

@ubuntu$ sudo visudo

Change this line:

%sudo ALL=(ALL:ALL) ALL

To this:

%sudo ALL=(ALL:ALL) NOPASSWD: ALL

20. Save and exit the editor.

21. Exit the Linux system

@ubuntu$ exit

22. Test logging into the new account on the linux system:

ssh -i GTKeyPairUser101.pem new_user@example.com

23. Test that new user can act as sudo without a password:

@ubuntu$ sudo ls

Command should not require password.

24. Exit Linux systems:

@ubuntu$ exit

25. Enjoy.

Verified on Ubuntu 18.04

References: