Setup SSH Key Access with Ubuntu 14.04


$ sudo apt-get update

Add a New User

$ adduser <<USERNAME HERE>>

// install sudo (sometimes not required, at least not on 14.04)
$ apt-get

// add new user to the sudo group
usermod -a -G sudo <<USERNAME HERE>  

Login as user

If you're already root:


Generate a key pair


Install the key

Copy the contents of the public key, it should be a file ending in .pub

// create the ssh directory
mkdir ~/.ssh

// change permissions 
chmod 700 ~/.ssh

// create a new file 
nano ~/.ssh/authorized_keys

// paste public key content to the new file

// restrict the permissions of the new file
chmod 600 ~/.ssh/authorized_keys  

Disable Root Login and Enable New User SSH Login

  1. Open /etc/ssh/sshd_config

Look for the PermitRootLogin option int the file and make sure it's set to no

PermitRootLogin no  

Add the following line to the file:

AllowUsers <<USERNAME HERE>>  

Restart SSH service

service ssh restart  

Check if you have sudo access

// should get no errors with this command:
$ sudo -v

// alternatively, try to view the root home directory
$ sudo ls /root

Enable Login Via SSH

Open up /etc/ssh/sshd_config and modify the values of the options to match:

RSAAuthentication yes  
PubkeyAuthentication yes  
ChallengeResponseAuthentication no  
PasswordAuthentication no  
UsePAM no  

Disable Root Login Via SSH

Make sure that you can SSH successfully as your new user AND that you have root permissions. You might lose the ability to have administrative access otherwise.
Open up /etc/ssh/sshd_config and modify the value of the option to match:

PermitRootLogin no  

Disable Password Access Via SSH

Open up /etc/ssh/sshd_config and modify the value of the option to match:

PasswordAuthentication no  

Change user password


Solving the SSH "permissions too open" Error

Change the permissions of the file.

chmod 400 ~/.ssh/<<YOUR PRIVATE KEY>>  

Basic Configuration

Options are self explanatory by the name of the option.

Open /etc/ssh/sshd_config and change a few values:

Port 22  
MaxAuthTries 3