Create SSH User in Linux With SSH Key Authentication Method

Today we will create new user that can connect to my Linux instance/Server using SSH key Authentication method. When you launches a Linux server, a default system user account created with administrative access to the server. If you wants multiple users access to the instance, it's a security best practice to create a separate access for each user.

Before start we have to create a key for our user.

There are three methods to create keys for your server.

  • Create a key pair from the AWS console and convert the downloaded private key into public key. Also, You can use an existing one, for the new user. To know how to convert downloaded private key into public key, use this article

  • If you create your own key pair using ssh-keygen command from Linux. To know how to create private key and public key, use this article

  • If you create your own key pair using a third-party tool, be sure that your key matches the guidelines at Importing Your Own Public Key to Amazon EC2.

The following formats are supported for SSH keys in AWS:

  • Base64 encoded DER format

  • SSH public key file format as specified in RFC4716

  • Create an RSA key. Amazon EC2 does not accept DSA keys.

  • The supported lengths are 1024, 2048, and 4096.

Note: If you connect using SSH while using the EC2 Instance Connect API, the supported lengths are 2048 and 4096.

Now, Assuming you have created your public and private keys. Lets start creating a new user in your Linux system.

1. Connect to your Linux server.

2.Use the adduser command to add a new user account to your Linux server.

1$ sudo adduser new_user

Note: If you want to add "new_user" without password, include the --disabled-password option to avoid adding a password to the new account:

1$ sudo adduser new_user --disabled-password

Replace "new_user" with the your user name.

3. Switch to the new_user account so that folders and files that you create will have the correct permissions:

1$ sudo su - new_user

Note: When you run the sudo su - new_user command, the name at the top of the command shell prompt changes to reflect the new user account context of shell session.

4. Create a .ssh directory/Folder in the new_user home directory:

1mkdir .ssh

5. Use the chmod command to change the .ssh directory/folder permissions to 700. It will allow only the new_user to read, write, or open the .ssh directory.

1chmod 700 .ssh

6. Use the touch command to create the authorized_keys file in the .ssh directory/folder:

1touch .ssh/authorized_keys

7.Use the chmod command to change the .ssh/authorized_keys file permissions to 600. It will allow read or write access to the new_user.

1chmod 600 .ssh/authorized_keys

8. Lastly, Paste your public key in authorized_keys file and save the file.

9: Optional: Provide ROOT permission to this user.

1> usermod -aG sudo <USER-NAME>

By default, on CentOS, members of the wheel group have sudo privileges. So, Run below command:

1usermod -aG wheel <USER-NAME>

Now, If you want to provide root permission to user. Please following this article

I ❤ AWS! Happy Cloud Computing! 🧑‍💻 Enjoy #Cloudkaramchari