SSH-Key access as a non-root user.

SSH-Key access as a non-root user.

Dec 1, 2022·

3 min read

Play this article

The previous article covered how to log in to a Vultr instance using ssh keys as root. It is recommended to disable root access in the event of an attack. Root privileges mean the user has access to all aspects of the system. Normally, ssh keys are used using automation tools such as Ansible to perform automated tasks such as pulling code from github on the server and restarting the server. For such a task, Ansible having root access would be a point of vulnerability should attackers get hold of the Ansible private ssh keys. Therefore, creating a non-root user with limited permissions is advised.

Login to the Vultr instance or whichever ssh server you are using. This guide assumes the ssh server is an Ubuntu 22.04 LTS x64 instance.


Install tmux

tmux is an open-source terminal multiplexer for Unix-based systems. tmux is used for simultaneously running multiple terminal sessions. For example, you may need one terminal running the frontend server and another terminal running a backend server on a full-stack application.

Install tmux using:

sudo apt-get install tmux


Start a tmux session using the tmux command.


image.png You can exit the tmux session using the exit command.



To get back to the tmux session, list all available tmux sessions using tmux ls.

tmux ls


Re-launch the session using

tmux attach-session -t 0


Create a new user

Create a new user using the adduser command followed by the name you want to assign to the new user.

adduser wamaitha

Create a password for the user and fill in the rest of the details on the prompt.


Verify the user was created using awk. Awk is a programming language used on bash as a scripting tool for text processing. Awk can be used for pattern matching. Users are stored on the /etc/passwd file. The command below returns the names of the users on the system as the /etc/passwd file is quite verbose.

awk -F':' '{ print $1}' /etc/passwd


Move SSH keys

Create a .ssh directory on the new user's home directory

mkdir /home/wamaitha/.ssh

Move the ssh keys to the new folder

mv /root/.ssh/authorized_keys /home/wamaitha/.ssh

Change ownership of the .ssh directory from root to the new user.

chown -R wamaitha:wamaitha /home/wamaitha/.ssh


By default, new users are added to a group of the same name. Log out from tmux using exit, then log out from Vultr using exit.


Login as the new user using ssh with the username as follows


Use the same passphrase used while generating the ssh keys.