Wamaitha

SSH-Key access as a non-root user.

SSH-Key access as a non-root user.

Wamaitha 's photo
Wamaitha
·

3 min read

Table of contents

The previous article covered how to log in to a Vultr instance using ssh keys as root. It is recommended to disable root access in the event of an attack. Root privileges mean the user has access to all aspects of the system. Normally, ssh keys are used using automation tools such as Ansible to perform automated tasks such as pulling code from github on the server and restarting the server. For such a task, Ansible having root access would be a point of vulnerability should attackers get hold of the Ansible private ssh keys. Therefore, creating a non-root user with limited permissions is advised.

Login to the Vultr instance or whichever ssh server you are using. This guide assumes the ssh server is an Ubuntu 22.04 LTS x64 instance.

image.png

Install tmux

tmux is an open-source terminal multiplexer for Unix-based systems. tmux is used for simultaneously running multiple terminal sessions. For example, you may need one terminal running the frontend server and another terminal running a backend server on a full-stack application.

Install tmux using:

sudo apt-get install tmux

image.png

Start a tmux session using the tmux command.

tmux

image.png You can exit the tmux session using the exit command.

exit

image.png

To get back to the tmux session, list all available tmux sessions using tmux ls.

tmux ls

image.png

Re-launch the session using

tmux attach-session -t 0

image.png

Create a new user

Create a new user using the adduser command followed by the name you want to assign to the new user.

adduser wamaitha

Create a password for the user and fill in the rest of the details on the prompt.

image.png

Verify the user was created using awk. Awk is a programming language used on bash as a scripting tool for text processing. Awk can be used for pattern matching. Users are stored on the /etc/passwd file. The command below returns the names of the users on the system as the /etc/passwd file is quite verbose.

awk -F':' '{ print $1}' /etc/passwd

image.png

Move SSH keys

Create a .ssh directory on the new user's home directory

mkdir /home/wamaitha/.ssh

Move the ssh keys to the new folder

mv /root/.ssh/authorized_keys /home/wamaitha/.ssh

Change ownership of the .ssh directory from root to the new user.

chown -R wamaitha:wamaitha /home/wamaitha/.ssh

image.png

By default, new users are added to a group of the same name. Log out from tmux using exit, then log out from Vultr using exit.

image.png

Login as the new user using ssh with the username as follows

image.png

Use the same passphrase used while generating the ssh keys.

sshLinuxlinux-commandsSecurityKey-based authentication