Introduction
AKLWEB HOST provides a feature that allows you to pre-install SSH keys when creating a new instance, so you can SSH to the instance as root with the key. However, the key doesn’t work for non-root users. This tutorial describes three methods to use SSH keys with non-root users.
Requirements
- A AKLWEB HOST Linux or BSD instance
- A non-root user account (it is example_user in this tutorial)
Option 1: Create a New SSH Key
- SSH to the instance as root.
- Create an SSH key for example_user.
# sudo -u example_user ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/example_user/.ssh/id_rsa): Created directory '/home/example_user/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/example_user/.ssh/id_rsa Your public key has been saved in /home/example_user/.ssh/id_rsa.pub
- Save the private key,
/home/example_user/.ssh/id_rsa
, to your computer. For example, you might copy it to your local .ssh folder as~/.ssh/example_user_id_rsa
. - Delete the private key from your instance.
# rm /home/example_user/.ssh/id_rsa
- Rename the public key to
authorized_keys
.# mv /home/example_user/.ssh/id_rsa.pub /home/example_user/.ssh/authorized_keys
If you saved the private key as ~/.ssh/example_user_id_rsa
, you can SSH to the server as your non-root example_user:
$ ssh -i ~/.ssh/example_user_id_rsa example_user@192.0.2.123
Option 2: Move the root SSH Key to the Non-root User
In this case, we’ll move the root key to the example_user, which also disables the root user’s SSH key access.
- SSH to the instance as root.
- Create the
.ssh
directory for example_user.# mkdir /home/example_user/.ssh
- Move the root key to example_user’s SSH directory.
# mv /root/.ssh/authorized_keys /home/example_user/.ssh/
- Change the ownership of the
.ssh
directory from root to example_user so OpenSSH can read it.# chown -R example_user:example_user /home/example_user/.ssh
Option 3: Use Startup Scripts
If you are deploying many instances, you may use the AKLWEB HOST Startup Scripts feature to create a non-root user and move the SSH key automatically.
Create a Startup Script
- Select Scripts in the Customer Portal.
- Click the plus button to create a new startup script.
- Paste the following script.
#!/bin/sh useradd -m -s /bin/bash example_user mv /root/.ssh /home/example_user/ chown -R example_user:example_user /home/example_user/.ssh
You can deploy instances with this script and one or more SSH keys. When the instance deploys, the script creates example_user, then moves the public SSH keys from root to example_user. Now you can SSH to the new instance as example_user with the keys you provided.