Use an SSH Key with Non-root Users

Updated on April 6, 2021
Use an SSH Key with Non-root Users header image

Introduction

Vultr provides a feature that allows you to pre-install SSH keys when creating a new instance, so you can SSH to the instance as root with the key. However, the key doesn't work for non-root users. This tutorial describes three methods to use SSH keys with non-root users.

Requirements

  • A Vultr Linux or BSD instance
  • A non-root user account (it is example_user in this tutorial)

Option 1: Create a New SSH Key

  1. SSH to the instance as root.

  2. Create an SSH key for example_user.

     # sudo -u example_user ssh-keygen
     Generating public/private rsa key pair.
     Enter file in which to save the key (/home/example_user/.ssh/id_rsa):
     Created directory '/home/example_user/.ssh'.
     Enter passphrase (empty for no passphrase):
     Enter same passphrase again:
     Your identification has been saved in /home/example_user/.ssh/id_rsa
     Your public key has been saved in /home/example_user/.ssh/id_rsa.pub
  3. Save the private key, /home/example_user/.ssh/id_rsa, to your computer. For example, you might copy it to your local .ssh folder as ~/.ssh/example_user_id_rsa.

  4. Delete the private key from your instance.

     # rm /home/example_user/.ssh/id_rsa
  5. Rename the public key to authorized_keys.

     # mv /home/example_user/.ssh/id_rsa.pub /home/example_user/.ssh/authorized_keys

If you saved the private key as ~/.ssh/example_user_id_rsa, you can SSH to the server as your non-root example_user:

$ ssh -i ~/.ssh/example_user_id_rsa example_user@192.0.2.123

Option 2: Move the root SSH Key to the Non-root User

In this case, we'll move the root key to the example_user, which also disables the root user's SSH key access.

  1. SSH to the instance as root.

  2. Create the .ssh directory for example_user.

     # mkdir /home/example_user/.ssh
  3. Move the root key to example_user's SSH directory.

     # mv /root/.ssh/authorized_keys /home/example_user/.ssh/
  4. Change the ownership of the .ssh directory from root to example_user so OpenSSH can read it.

     # chown -R example_user:example_user /home/example_user/.ssh

Option 3: Use Startup Scripts

If you are deploying many instances, you may use the Vultr Startup Scripts feature to create a non-root user and move the SSH key automatically.

Create a Startup Script

  1. Select Scripts in the Customer Portal.

  2. Click the plus button to create a new startup script.

  3. Paste the following script.

     #!/bin/sh
    
     useradd -m -s /bin/bash example_user
     mv /root/.ssh /home/example_user/
     chown -R example_user:example_user /home/example_user/.ssh

You can deploy instances with this script and one or more SSH keys. When the instance deploys, the script creates example_user, then moves the public SSH keys from root to example_user. Now you can SSH to the new instance as example_user with the keys you provided.

More Information

For more information about managing SSH keys, see other guides: