If you use LDAP, please refer to LDAP documentation here: SSH Key Authentication with LDAP: Setup and Usage - European Weather Cloud Knowledge Base - ECMWF Confluence Wiki
If you still want a local user and you have an LDAP user already, choose another name to avoid conflicts!
In some situations, you may need to create additional users on your virtual machine and allow them to log in using SSH keys. This page describes how to create a new user, ensure a home directory is created, assign the correct shell and permissions, and configure SSH key‑based authentication.
1. Create a User with a Home Directory
Login to the VM, become root and create a new user (the command automatically generate /home/<USER>), running:
sudo useradd -m <username>
The -m flag ensures that the user’s home directory is created and populated with default files from /etc/skel.
2. Set the User’s Default Shell
sudo usermod --shell /bin/bash <username>
3. Grant Administrative Privileges (If Needed)
Depending on the operating system, add the user to the appropriate administrative group. This allows the user to run commands with sudo.
Ubuntu
sudo usermod -aG sudo <username>
Rocky Linux
sudo usermod -aG wheel <username>
4. Configure SSH Key Access
If you want the user to log in using an SSH key, follow these steps.
4.1 Create the .ssh directory
sudo mkdir -p /home/<username>/.ssh
4.2 Add the public key
Create or edit the authorized_keys file:
sudo vi /home/<username>/.ssh/authorized_keys
Paste the user’s public key into the file.
4.3 Set correct permissions
sudo chmod 700 /home/<username>/.ssh sudo chmod 600 /home/<username>/.ssh/authorized_keys sudo chown -R <username>:<username> /home/<username>/.ssh
These permissions are required for SSH to accept the key.
6. Logging In with SSH
Once the public key is installed, the user can connect to the VM using:
ssh -i <PRIVATE_KEY> <username>@<PUBLIC_IP>
Replace:
<PRIVATE_KEY>with the path to the user’s private key<username>with the created user<PUBLIC_IP>with the VM’s floating/public IP address