DEV Community

Cover image for Creating users with SSH access only in Linux
Pablo Lagos
Pablo Lagos

Posted on

3

Creating users with SSH access only in Linux

#linux #terminal

If we’re managing a Linux server and looking to enhance its security, a great step we can take is to create user accounts that can only log in using SSH keys, rather than relying on passwords.

This approach helps us protect against brute-force attacks and unauthorized access attempts that target weak or compromised passwords.

In this guide, we'll walk through the steps to create a new user with a home directory, and configure our server to allow login for this user exclusively through SSH key-based authentication.

By doing so, we’ll establish a more secure and reliable access method for our server.

1. Create the User with a Home Directory

Run the following command to create the user general with a home directory:

sudo useradd -m -s /bin/bash <username>
Enter fullscreen mode Exit fullscreen mode

-m: Creates the home directory (/home/general).
-s /bin/bash: Sets /bin/bash as the default login shell for the user.

2. Configure SSH Key-Only Login

To disable password login and allow only SSH key-based access, follow these steps:

1. Lock the user's password to prevent password login: 

sudo passwd -l <username>
Enter fullscreen mode Exit fullscreen mode

This command locks the account for password-based login.

2. Set up SSH keys for the user:

  • Switch to the new user: 
 sudo su - <username>
Enter fullscreen mode Exit fullscreen mode
  • Create the .ssh directory in the user's home directory and set the correct permissions: 
mkdir -p ~/.ssh
chmod 700 ~/.ssh
Enter fullscreen mode Exit fullscreen mode
  • Create or copy the authorized_keys file with the allowed public SSH key and set the correct permissions: 
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
Enter fullscreen mode Exit fullscreen mode

  • Paste the public SSH key (e.g., id_rsa.pub) into the ~/.ssh/authorized_keys file.

  • Exit the general user:

exit
Enter fullscreen mode Exit fullscreen mode

3. Verify SSH Configuration

Edit the SSH configuration file to ensure that SSH key authentication is allowed:

sudo nano /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode

Make sure you have the following settings:

PubkeyAuthentication yes
Enter fullscreen mode Exit fullscreen mode

If the setting is commented #PubkeyAuthentication yes, it will work correctly, as the default value for PubkeyAuthentication is yes

If the PubkeyAuthentication was changed, save the changes and restart the SSH service:

sudo systemctl restart sshd
Enter fullscreen mode Exit fullscreen mode

4. Test SSH Access

Now, try logging in with the new created user via SSH:

ssh <username>@server-ip -i path/to/private/key
Enter fullscreen mode Exit fullscreen mode

You should only be able to log in if you have the private key corresponding to the public key set up in ~/.ssh/authorized_keys.

This completes the setup for the user to authenticate exclusively via SSH key!

profile
AWS
 Promoted

AWS Security LIVE!

Join us for AWS Security LIVE!

Discover the future of cloud security. Tune in live for trends, tips, and solutions from AWS and AWS Partners.

Learn More

Top comments (0)

profile
Pieces.app
 Promoted

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

Read next

piyushbagani15 profile image

Superfile: A Comprehensive Guide to Streamlined File Management in the Terminal

Piyush Bagani -

jajera profile image

Configuring AWS Vault for Secure Credential Management on Linux

John Ajera -

jajera profile image

Configure SSH Passwordless Login from Windows to Linux

John Ajera -

jajera profile image

How to Set the Hostname on a Linux System

John Ajera -