If you use LDAP, please refer to LDAP documentation here: SSH Key Authentication with LDAP: Setup and Usage - European Weather Cloud Knowledge Base - ECMWF Confluence Wiki If you still want a local user and you have an LDAP user already, choose another name to avoid conflicts! |
In some situations, you may need to create additional users on your virtual machine and allow them to log in using SSH keys. This page describes how to create a new user, ensure a home directory is created, assign the correct shell and permissions, and configure SSH key‑based authentication.
Login to the VM, become root and create a new user (the command automatically generate /home/<USER>), running:
sudo useradd -m <username> |
The -m flag ensures that the user’s home directory is created and populated with default files from /etc/skel.
sudo usermod --shell /bin/bash <username> |
Depending on the operating system, add the user to the appropriate administrative group. This allows the user to run commands with sudo.
sudo usermod -aG sudo <username> |
sudo usermod -aG wheel <username> |
If you want the user to log in using an SSH key, follow these steps.
.ssh directorysudo mkdir -p /home/<username>/.ssh |
Create or edit the authorized_keys file:
sudo vi /home/<username>/.ssh/authorized_keys |
Paste the user’s public key into the file.
sudo chmod 700 /home/<username>/.ssh sudo chmod 600 /home/<username>/.ssh/authorized_keys sudo chown -R <username>:<username> /home/<username>/.ssh |
These permissions are required for SSH to accept the key.
Once the public key is installed, the user can connect to the VM using:
ssh -i <PRIVATE_KEY> <username>@<PUBLIC_IP> |
Replace:
<PRIVATE_KEY> with the path to the user’s private key
<username> with the created user
<PUBLIC_IP> with the VM’s floating/public IP address