The use of private keys is standard for Linux users in cloud environments such as Amazon Web Services. This procedure allows creating new users also using private keys.
Use a program like PuTTY Key Generator (puttygen) to generate the private key and display the public key on the screen, remembering that the key type should be RSA or ED25519. The advantage of ED25519 is that you do not need to determine the key complexity.
To create the user on Linux, execute:
sudo adduser <username> --disabled-password
sudo su - <username>
mkdir .ssh
chmod 700 .ssh
touch .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
To add the public key on Linux, execute:
cat >> .ssh/authorized_keys
You can paste the public key on the available line right after running the command, press ENTER, and then ctrl+D to return to the command prompt.
You can switch back to the new user whenever needed using the following command:
sudo su - <username>
To add the new user to groups, run the following command:
sudo usermod -a -G <groupname> <username>
If you want to check the groups of a specific user, log in as that user and run "id", or using any user with sudo permission run the command below:
sudo groups <username>
If everything is followed as indicated, the new user is available for use.
Single-line command to add a user with root permission, no password, and private key:
USERNAME=<username> && PUBKEY='ssh-rsa PUBKEYHASH' && \ sudo adduser --disabled-password --gecos "" "$USERNAME" && \ sudo usermod -aG sudo "$USERNAME" && \ sudo mkdir -p /home/$USERNAME/.ssh && \ echo "$PUBKEY" | sudo tee /home/$USERNAME/.ssh/authorized_keys > /dev/null && \ sudo chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh && \ sudo chmod 700 /home/$USERNAME/.ssh && \ sudo chmod 600 /home/$USERNAME/.ssh/authorized_keys && \ echo "$USERNAME ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/$USERNAME > /dev/null && \ sudo chmod 440 /etc/sudoers.d/$USERNAME
Single-line command to add a user without root permission, no password, and private key:
USERNAME=<username> && PUBKEY='ssh-rsa PUBKEYHASH' && \ sudo adduser --disabled-password --gecos "" "$USERNAME" && \ sudo mkdir -p /home/$USERNAME/.ssh && \ echo "$PUBKEY" | sudo tee /home/$USERNAME/.ssh/authorized_keys > /dev/null && \ sudo chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh && \ sudo chmod 700 /home/$USERNAME/.ssh && \ sudo chmod 600 /home/$USERNAME/.ssh/authorized_keys
Single-line command to update an existing user without a password and overwrite with a new private key:
USERNAME=<username> && PUBKEY='ssh-rsa PUBKEYHASH' && \ sudo mkdir -p /home/$USERNAME/.ssh && \ echo "$PUBKEY" | sudo tee /home/$USERNAME/.ssh/authorized_keys > /dev/null && \ sudo chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh && \ sudo chmod 700 /home/$USERNAME/.ssh && \ sudo chmod 600 /home/$USERNAME/.ssh/authorized_keys
Single-line command to update an existing user without a password and add an additional private key:
USERNAME=<username> && PUBKEY='ssh-rsa PUBKEYHASH' && \ sudo mkdir -p /home/$USERNAME/.ssh && \ echo "$PUBKEY" | sudo tee -a /home/$USERNAME/.ssh/authorized_keys > /dev/null && \ sudo chown -R $USERNAME:$USERNAME /home/$USERNAME/.ssh && \ sudo chmod 700 /home/$USERNAME/.ssh && \ sudo chmod 600 /home/$USERNAME/.ssh/authorized_keys
Single-line command to remove a user:
USERNAME=<username> && sudo deluser --remove-home $USERNAME && \ sudo rm -f /etc/sudoers.d/$USERNAME $$ sudo rm -rf /home/$USERNAME