Adding a User to Your VM

Quick Reference

Guide for adding users to VMs and configuring SSH key authentication.

Add User to VM

<source lang="bash">

1. Create user with home directory

sudo useradd -m -s /bin/bash username

1. Set password

sudo passwd username

1. Add to sudo group (if needed)

sudo usermod -aG sudo username </source>

Setup SSH Key

<source lang="bash">

1. Create SSH directory

sudo mkdir -p /home/username/.ssh sudo chmod 700 /home/username/.ssh sudo chown username:username /home/username/.ssh

1. Add public key

echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC... user@hostname" | sudo tee /home/username/.ssh/authorized_keys sudo chmod 600 /home/username/.ssh/authorized_keys sudo chown username:username /home/username/.ssh/authorized_keys </source>

Complete Setup Script

For convenience, here's a complete script that automates the user creation and SSH key setup:

<source lang="bash">

1. !/bin/bash

1. VM User Management Script
2. Usage: ./add_user.sh username "Full Name" "ssh-public-key"

if [ $# -ne 3 ]; then

   echo "Usage: $0 username 'Full Name' 'ssh-public-key'"
   exit 1

fi

USERNAME=$1 FULL_NAME=$2 SSH_PUBLIC_KEY=$3

echo "Creating user: $USERNAME"

1. Create user account

sudo useradd -m -s /bin/bash -c "$FULL_NAME" $USERNAME

1. Create SSH directory

sudo mkdir -p /home/$USERNAME/.ssh sudo chmod 700 /home/$USERNAME/.ssh sudo chown $USERNAME:$USERNAME /home/$USERNAME/.ssh

1. Add SSH public key

echo "$SSH_PUBLIC_KEY" | sudo tee /home/$USERNAME/.ssh/authorized_keys sudo chmod 600 /home/$USERNAME/.ssh/authorized_keys sudo chown $USERNAME:$USERNAME /home/$USERNAME/.ssh/authorized_keys

1. Copy default shell files

sudo cp /etc/skel/.bashrc /home/$USERNAME/ sudo cp /etc/skel/.profile /home/$USERNAME/ sudo chown $USERNAME:$USERNAME /home/$USERNAME/.bashrc /home/$USERNAME/.profile

echo "User $USERNAME created successfully!" echo "SSH key configured. User can now connect via SSH." </source>

User Management Best Practices

Security Considerations

• Always use SSH key authentication instead of passwords when possible
• Regularly review and audit user accounts
• Remove access for users who no longer need it
• Use strong, unique SSH keys
• Consider implementing key rotation policies

Account Maintenance

<source lang="bash">

1. List all users

cat /etc/passwd | grep -E "/bin/(bash|sh)$"

1. Check user login history

last username

1. Disable user account (lock)

sudo usermod -L username

1. Remove user account (with home directory)

sudo userdel -r username </source>

SSH Key Management

<source lang="bash">

1. List authorized keys for a user

sudo cat /home/username/.ssh/authorized_keys

1. Remove a specific SSH key

sudo nano /home/username/.ssh/authorized_keys

1. Delete the line containing the key to remove

1. Backup SSH keys

sudo cp -r /home/username/.ssh /backup/location/username-ssh-backup </source>

Troubleshooting

Common Issues

SSH Connection Refused

<source lang="bash">

1. Check SSH service status

sudo systemctl status ssh

1. Restart SSH service

sudo systemctl restart ssh

1. Check SSH configuration

sudo sshd -T </source>

Permission Denied

<source lang="bash">

1. Verify file permissions

ls -la /home/username/.ssh/

1. Should show: drwx------ for .ssh directory
2. Should show: -rw------- for authorized_keys file

1. Fix permissions if needed

sudo chmod 700 /home/username/.ssh sudo chmod 600 /home/username/.ssh/authorized_keys sudo chown -R username:username /home/username/.ssh </source>

User Cannot Login

<source lang="bash">

1. Check if user account is locked

sudo passwd -S username

1. Check user shell

grep username /etc/passwd

1. Verify home directory exists

ls -la /home/username </source>

SSH Debug Mode

For detailed SSH connection debugging:

<source lang="bash">

1. Enable verbose SSH connection

ssh -vvv username@vm-ip-address

1. Check SSH server logs

sudo tail -f /var/log/auth.log </source>

Verification Checklist

After completing user setup, verify:

• [ ] User account created successfully
• [ ] Home directory exists with correct permissions
• [ ] SSH directory created with 700 permissions
• [ ] SSH public key added to authorized_keys
• [ ] authorized_keys file has 600 permissions
• [ ] User can SSH into the VM
• [ ] User has appropriate group memberships
• [ ] Shell environment is properly configured

External Links

• useradd man page - Linux useradd command documentation
• SSH man page - SSH client documentation
• SSH daemon man page - SSH server documentation
• OpenSSH Authorized Keys - SSH key authentication guide

See Also

• Security Hardening - System security procedures
• Password Policies - Password policies and procedures

Template:UserManagement Template:Security Template:VMOperations

Template:Navigation