Article

Table of Contents
Theme:
Was this article helpful?

6  out of  8 found this helpful

Try Vultr Today with

$50 Free on Us!

Want to contribute?

You could earn up to $300 by adding new articles!

Use an SSH Key with Non-root Users

Last Updated: Tue, Apr 6, 2021
Linux Guides Popular Security

Introduction

Vultr provides a feature that allows you to pre-install SSH keys when creating a new instance, so you can SSH to the instance as root with the key. However, the key doesn't work for non-root users. This tutorial describes three methods to use SSH keys with non-root users.

Requirements

  • A Vultr Linux or BSD instance
  • A non-root user account (it is example_user in this tutorial)

Option 1: Create a New SSH Key

  1. SSH to the instance as root.
  2. Create an SSH key for example_user.

    # sudo -u example_user ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/example_user/.ssh/id_rsa):
    Created directory '/home/example_user/.ssh'.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/example_user/.ssh/id_rsa
    Your public key has been saved in /home/example_user/.ssh/id_rsa.pub
    
  3. Save the private key, /home/example_user/.ssh/id_rsa, to your computer. For example, you might copy it to your local .ssh folder as ~/.ssh/example_user_id_rsa.

  4. Delete the private key from your instance.

    # rm /home/example_user/.ssh/id_rsa
    
  5. Rename the public key to authorized_keys.

    # mv /home/example_user/.ssh/id_rsa.pub /home/example_user/.ssh/authorized_keys
    

If you saved the private key as ~/.ssh/example_user_id_rsa, you can SSH to the server as your non-root example_user:

$ ssh -i ~/.ssh/example_user_id_rsa example_user@192.0.2.123

Option 2: Move the root SSH Key to the Non-root User

In this case, we'll move the root key to the example_user, which also disables the root user's SSH key access.

  1. SSH to the instance as root.
  2. Create the .ssh directory for example_user.

    # mkdir /home/example_user/.ssh
    
  3. Move the root key to example_user's SSH directory.

    # mv /root/.ssh/authorized_keys /home/example_user/.ssh/
    
  4. Change the ownership of the .ssh directory from root to example_user so OpenSSH can read it.

    # chown -R example_user:example_user /home/example_user/.ssh
    

Option 3: Use Startup Scripts

If you are deploying many instances, you may use the Vultr Startup Scripts feature to create a non-root user and move the SSH key automatically.

Create a Startup Script

  1. Select Scripts in the Customer Portal.
  2. Click the plus button to create a new startup script.
  3. Paste the following script.

    #!/bin/sh
    
    useradd -m -s /bin/bash example_user
    mv /root/.ssh /home/example_user/
    chown -R example_user:example_user /home/example_user/.ssh
    

You can deploy instances with this script and one or more SSH keys. When the instance deploys, the script creates example_user, then moves the public SSH keys from root to example_user. Now you can SSH to the new instance as example_user with the keys you provided.

More Information

For more information about managing SSH keys, see other guides:

Want to contribute?

You could earn up to $300 by adding new articles