Article

Table of Contents
Theme:
Was this article helpful?

11  out of  16 found this helpful

Try Vultr Today with

$50 Free on Us!

Get started now
Want to contribute?

You could earn up to $600 by adding new articles.

Learn more!

Use an SSH Key with Non-root Users

Last Updated: Tue, Apr 6, 2021
Linux Guides Popular Security

Introduction

Vultr provides a feature that allows you to pre-install SSH keys when creating a new instance, so you can SSH to the instance as root with the key. However, the key doesn't work for non-root users. This tutorial describes three methods to use SSH keys with non-root users.

Requirements

  • A Vultr Linux or BSD instance

  • A non-root user account (it is example_user in this tutorial)

Option 1: Create a New SSH Key

  1. SSH to the instance as root.

  2. Create an SSH key for example_user.

    # sudo -u example_user ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/home/example_user/.ssh/id_rsa):

Created directory '/home/example_user/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/example_user/.ssh/id_rsa

Your public key has been saved in /home/example_user/.ssh/id_rsa.pub

  3. Save the private key, /home/example_user/.ssh/id_rsa, to your computer. For example, you might copy it to your local .ssh folder as ~/.ssh/example_user_id_rsa.

  4. Delete the private key from your instance.

    # rm /home/example_user/.ssh/id_rsa

  5. Rename the public key to authorized_keys.

    # mv /home/example_user/.ssh/id_rsa.pub /home/example_user/.ssh/authorized_keys

If you saved the private key as ~/.ssh/example_user_id_rsa, you can SSH to the server as your non-root example_user:

$ ssh -i ~/.ssh/example_user_id_rsa example_user@192.0.2.123

Option 2: Move the root SSH Key to the Non-root User

In this case, we'll move the root key to the example_user, which also disables the root user's SSH key access.

  1. SSH to the instance as root.

  2. Create the .ssh directory for example_user.

    # mkdir /home/example_user/.ssh

  3. Move the root key to example_user's SSH directory.

    # mv /root/.ssh/authorized_keys /home/example_user/.ssh/

  4. Change the ownership of the .ssh directory from root to example_user so OpenSSH can read it.

    # chown -R example_user:example_user /home/example_user/.ssh

Option 3: Use Startup Scripts

If you are deploying many instances, you may use the Vultr Startup Scripts feature to create a non-root user and move the SSH key automatically.

Create a Startup Script

  1. Select Scripts in the Customer Portal.

  2. Click the plus button to create a new startup script.

  3. Paste the following script.

    #!/bin/sh



useradd -m -s /bin/bash example_user

mv /root/.ssh /home/example_user/

chown -R example_user:example_user /home/example_user/.ssh

You can deploy instances with this script and one or more SSH keys. When the instance deploys, the script creates example_user, then moves the public SSH keys from root to example_user. Now you can SSH to the new instance as example_user with the keys you provided.

More Information

For more information about managing SSH keys, see other guides:

Want to contribute?

You could earn up to $600 by adding new articles.

Submit your article Request an article