New User with SSH privileges

dreamcompute

#1

Ermmm ok so i’m having a heck of time with this. I’m setup a stack to deploy rails apps. Whenever I create a new user there is no .ssh folder in their home folder… also i have tried a lot of stuff besides just copying the .ssh folder from dhc-user. What are the proper steps for setting up a user on Ubuntu Trusty 14.04 on dreamhost?

I’ve tried everything and tried debugging the log but it was futile. I started the instance over again. I just did

sudo adduser username
sudo adduser username sudo
su username

what has been recommended is

ssh-copy-id username@IPADDRESS

the result is no bueno

#=> /usr/local/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
#=> /usr/local/bin/ssh-copy-id: INFO: 2 key(s) remain to be installed -- if you are prompted now it is to install the new keys
#=> Permission denied (publickey).

instead of Permission Denied (publickey) it’s supposed to prompt me for my password! I have tried everything under the sun to fix this

when i try

ssh username@IPADDRESS
#=> Permission denied (publickey).

Now lets check /var/log/auth.log both attempts result in the same error

 sshd[8174]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
 sshd[8174]: Connection closed by IPADDRESS [preauth]

when I get the ssh_host_ed25519_key file it’s blank so i run

sudo ssh-keygen -A

Now lets try to log in again!

sshd[8211]: Connection closed by IPADDRESS [preauth]

sudo vi /etc/ssh/ssh_host_ed25519_key reveals that a key has been generated but what now? when i google the error there is a timeout waiting for authentication supposedly

There is no .ssh folder in my new users home directory. what am i supposed to do?

before i removed the instance before the current one i did append a port to the user and ssh login access in a configuration file and it still failed with the same errors. From what I know you’re not supposed to manually create an .ssh folder. should i copy it from dhc-user and be done with it?


#2

Please submit a support request with the actual commands you are running, and we can try to take a look. A few things to keep in mind:

  1. By default the SSHD server that is running does not have password authentication turned on, so if you add any users and then do “passwd USERNAME” to set a password, this will not work. If you want to use passwords, you’ll need to edit /etc/ssh/sshd_config and change this line:

PasswordAuthentication yes

  1. The ssh-copy-id may not work if you are trying to copy it from another computer that is not directly internet ssh’able. It is best to just “cat” your public key, put it into the DreamCompute instances authorized_keys file, and make sure that file is 600 permissions.

  2. By default DreamCompute instances only have “dhc-user” working, so if you try to do something with another user it may error out as well.


#3

thank you i’ll save this tip and yes i did file a support ticket with callback. i had a call but he has to consult with a cloud dev then give me a call back. he said he’d call back in 20 minutes it’s been an hour or so, lol.

yep this makes perfect sense. i guarantee you the openstack framework for cloud vm’s is setup so your public key gets embedded from a variable that is assigned from the dashboard. which is why dhc-user is a passwordless string and you can connect with ssh. however there is no option in the dashboard to create a new user. So when you adduser the files tha are used to create the user with permissions and what not must be altered to not allow creation of that .ssh folder. Or there is no way to maybe call that variable from the openstack?

for now we probably just have to create our own ~/.ssh/known_hosts with the -p flag like shown here for digitalocean (i spared you the entire article but if you want it pm me.

http://pastebin.com/Y5LcsJ4F

Also on a side note I want to learn more about using the direct input when setting up a server. I have to setup two more one for staging and one for production. So I was hoping to have this whole routine worked out and run a script. I guess I could always save the image once it’s all setup and just use that.
[hr]
SOLVED! yay! ty! now to get my money back for the failed call back, lol


#4

I’m glad you were able to get your question answered. I also wanted to share something with you called cloud-init. It is a software package that lets you configure your VM on initial launch. It can be used for installing packages, running custom scripts, or creating users.

It’s easy to do by either pasting in the config or importing a text file in the Post-Creation tab when launching an instance in the the DreamCompute Dashboard - http://wiki.dreamhost.com/Instances#Post-Creation_tab

Here’s a very basic cloud-init script that will create a user called demo, give them sudo access, and add the public key so the demo user can log in.

#cloud-config
users:
  - name: demo
    groups: sudo
    shell: /bin/bash
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    ssh-authorized-keys:
      - ssh-rsa Your_Public_Key_Goes_Here you@machine.local

The format is YAML and there’s lots you can do with it. There are some good examples in the cloud-init docs - https://cloudinit.readthedocs.org/en/latest/topics/examples.html


#5

Thank you so much! I was looking for something like this! I will use this to deploy all three servers. Is it insecure to leave a public key in a file like that? Guess people will just need to delete it after since we can’t use global variables. Is there a global variable with the key from our dreamcompute dashboard?


#6

There is no problem with having your public key in that file. By design, that key is meant to be accessible. Just make sure you copy the contents of the key with the “.pub” extension and never share your private key.