Setup a new ssh user or sftp account

Assuming you have root access to your server, you can create new users who can ssh into it or transfer files via sftp.

First create the user:

useradd newuser

Set the password for the user:

passwd newuser

Create a home directory for the user:

mkdir /home/newuser

Add required ssh keys for the user:

[[email protected]] ~ #ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /home/newuser/.ssh/id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/newuser/.ssh/id_rsa.
Your public key has been saved in /home/newuser/.ssh/id_rsa.pub.
The key fingerprint is:
19:ec:fe:81:a2: [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
|   ....          |
|  o t  .         |
|   *p   o        |
|  . o  . o       |
|   . .  S        |
|    E    o       |
|   .  . + .      |
| .o667 o . .     |
| .==o   ...      |
+-----------------+

Authorize the newly added public key:

cat /home/newuser/.ssh/id_rsa.pub > /home/newuser/.ssh/authorized_keys

Alternately, authorize the key by the following commands:

exec ssh-agent bash
ssh-add /path/to/key

Now, you need to send the private key (id_rsa) to your new user, or give them their password.

Your users will now be able to connect. Make sure that they connect on the correct port:

[[email protected]] #netstat -tulpn | grep 'ssh'
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      602/sshd
tcp6       0      0 :::22                   :::*                    LISTEN      602/sshd

The 22 shows that port 22 is to be used for ssh on this server.

The port may be changed by editing /etc/ssh/sshd_config

#grep -i 'port' /etc/ssh/sshd_config
# What ports, IPs and protocols we listen for
Port 22

 


You are reading this post on Joel G Mathew’s tech blog. Joel's personal blog is the Eyrie, hosted here.