ssh ssh-keygen: Updated Sun, 11 Sep 2022 04:08:55 GMT

How to generate keys after creating user with adduser --disabled-password

On a remote server I want to create a normal user and ONLY allow access via a key but I do NOT want to create the account with a password first and then disable password access later. In my admin account on the remote server I have done the following:

sudo adduser --disabled-password normaluser

Trying to connect as 'normaluser' is rejected, as desired with:

normaluser@server: Permission denied (publickey)

According to adduser man page:

The --disabled-password option will not set a password, but login is still possible (for example with SSH RSA keys).

Not being sure how ssh keys should be generated in this instance, I sudo su to the normaluser account and generated keys using ssh-keygen.

I've then tried to use the public and the private key file (copied to my local machine) to then ssh into the remote machine as normaluser, specifying the appropriate key file with ssh -i but I am still getting access denied (publickey)

Solution

Make sure your key is added to /home/normaluser/.ssh/authorized_keys Authorized keys are per user, meaning that just because a key can be used to log into another user doesn't mean you can use it to log in as any user.

Comments (2)

+0 – Awesome first answer @Oreoezi — Aug 11, 2022 at 14:06
+0 – Thank you. Hope this helped. — Aug 11, 2022 at 14:09

References

https://unix.stackexchange.com/questions/713296