Table of contents
The previous article covered how to log in to a Vultr instance using ssh keys as root. It is recommended to disable root access in the event of an attack. Root privileges mean the user has access to all aspects of the system. Normally, ssh keys are used using automation tools such as Ansible to perform automated tasks such as pulling code from github on the server and restarting the server. For such a task, Ansible having root access would be a point of vulnerability should attackers get hold of the Ansible private ssh keys. Therefore, creating a non-root user with limited permissions is advised.
Login to the Vultr instance or whichever ssh server you are using. This guide assumes the ssh server is an Ubuntu 22.04 LTS x64 instance.
Install tmux
tmux is an open-source terminal multiplexer for Unix-based systems. tmux is used for simultaneously running multiple terminal sessions. For example, you may need one terminal running the frontend server and another terminal running a backend server on a full-stack application.
Install tmux using:
sudo apt-get install tmux
Start a tmux session using the tmux command.
tmux
You can exit the tmux session using the exit command.
exit
To get back to the tmux session, list all available tmux sessions using tmux ls.
tmux ls
Re-launch the session using
tmux attach-session -t 0
Create a new user
Create a new user using the adduser command followed by the name you want to assign to the new user.
adduser wamaitha
Create a password for the user and fill in the rest of the details on the prompt.
Verify the user was created using awk. Awk is a programming language used on bash as a scripting tool for text processing. Awk can be used for pattern matching. Users are stored on the /etc/passwd file. The command below returns the names of the users on the system as the /etc/passwd file is quite verbose.
awk -F':' '{ print $1}' /etc/passwd
Move SSH keys
Create a .ssh directory on the new user's home directory
mkdir /home/wamaitha/.ssh
Move the ssh keys to the new folder
mv /root/.ssh/authorized_keys /home/wamaitha/.ssh
Change ownership of the .ssh directory from root to the new user.
chown -R wamaitha:wamaitha /home/wamaitha/.ssh
By default, new users are added to a group of the same name. Log out from tmux using exit, then log out from Vultr using exit.
Login as the new user using ssh with the username as follows
Use the same passphrase used while generating the ssh keys.