How to Add Linux SSH Key User

1. Create a private key for the new user.

2a. Place the private key in the local directory: ~/.ssh

2b. Set the permissions on the local key file:

    chmod 400 GTKeyPairUser101.pem

3. Generate a public key from the new user’s private key locally:


    ssh-keygen -y

4. Copy the public key text from the screen, place the text in a file (GTKeyPairUser101.pub) and then place the file in the ~/.ssh directory.

5. Connect to the Linux system using ssh and admin credentials:

    ssh -i AdminUserKeyFile.pem adminuser@example.com

6. Create the new user on the linux system:


    @ubuntu$ sudo adduser new_user --disabled-password

7. Add the new user to the sudo group:

    @ubuntu$ sudo usermod -aG sudo username

8. Change the security context to the new_user account so that folders and files you create will have the correct permissions:

    @ubuntu$ sudo su - new_user

9. Create a .ssh directory in the new_user home directory:


    @new_user$ mkdir .ssh

10. Change the .ssh directory’s permissions to 700:

    @new_user$ chmod 700 .ssh

11. Change into the .ssh directory:

    @new_user$ cd .ssh

12. Create the authorized_keys file in the .ssh directory:

    @new_user:~/.ssh$ touch authorized_keys

13. Change the authorized_keys file permissions to 600:


    @new_user:~/.ssh$ chmod 600 authorized_keys

14. Run the Linux cat command in append mode:


    @new_user:~/.ssh$ cat >> authorized_keys

15. Paste the public key into the authorized_keys file and then press Enter. Press Ctrl+d to exit cat.

16. Exit the new_user shell


    @new_user$ exit

17. Edit the visudo file (Skip to step 19 if completed once prior)


    @ubuntu$ sudo visudo

Change this line:


    %sudo ALL=(ALL:ALL) ALL

To the following:


    %sudo ALL=(ALL:ALL) NOPASSWD: ALL

18. Save and exit the editor

19. Exit the new user.

20. Exit the Linux system

    @ubuntu$ Exit

20. Test logging into the new account on the linux system:


    ssh -i AdminUserKeyFile.pem adminuser@example.com<

21. Test that new user can act as sudo without a password:


      @ubuntu$ sudo ls

    Command should not require password.

22. Exit Linux systems:


    @ubuntu$ exit

Verified Ubuntu 18.04

References: