You are viewing...

Setup SSH-Public Key Only user for your server

Updated on January 12, 2013 at the 02th hour
Posted under:

DISCLAIMER: All views are considered my own and you should not draw any conclusions on associates.

I assume you came here because you have no idea what you are doing when it comes to Linux, so I'm going to make this easy. This one is an easy one, but can get quite annoying because of permissions as ssh will verify the permissions of the critical files needed before it uses them for its purposes.

The idea here is that you, the client, and the server have your own public/private keys, then you want to add your public key to the server using the server's "authorized_keys" file, so the server can decode your messages encoded with your private key.

First, on the server with git, create a user using " useradd {username here}" then you'll want to use "passwd {username here}" to create a password.

Next, we want to lock the account! Yes, lock it with "passwd -l {username here}"

Now, we'll have to generate a public/private key with "ssh-keygen" You should know where its going by what you enter after that. Navigate to /home/{username here}/.ssh and edit create or edit the "authorized_keys" file. What you want in this bad boy is the public key from your computer, so you'll need to generate a public/private key, if you haven't already, on your side of the connection.

NOTE: It is important that you make sure the .ssh folder is owned by the respective user and that the owner has 700 permission to the folder. "chmod 700 .ssh && chmod 600 authorized_keys" and "chown {username_here} -R .ssh"

Okay, so now we dabble in "/etc/ssh/sshd_config" with vim. You'll want to look for RSAAuthentication and PubkeyAuthentication and set them to yes. Then go all the way to the end of the file with shift+G to add:
Match User {username here}

PasswordAuthentication no

 

then you'll want to "service sshd restart" to read the new settings!

You should be able to ssh {username_here}@server and be able to login without a password unless you set a password on your private key. Anyway, that was just for testing, you came here for gitting right?

You'll want to use "git clone {username_here}@server:/path/to/repo ./yourlocalfolder" to complete this!
You just read "Setup SSH-Public Key Only user for your server". Please share if you liked it!
You can read more recent posts here.