SmartMachine SSH public key authentication from a non-root account

This has been documented for Joyent SmartMachines, in particular for allowing users other than root to use SSH public key authentication, but is just as applicable for getting SSH public key authentication to work in general. SmartMachine reference:


First create the Unix account on the server, e.g.

[root@im ~]# useradd -g staff -d /home/davek -m davek
128 blocks
[root@im ~]# passwd davek
New Password: 
Re-enter new Password: 
passwd: password successfully changed for davek

On the server, create the authorized_keys file in the user’s ~/.ssh directory.

On the client, generate an SSH public/private key pair in the ~/.ssh directory of the user you wish to connect as:

davek@mymachine:~/.ssh$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/davek/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/davek/.ssh/id_rsa.
Your public key has been saved in /home/davek/.ssh/
The key fingerprint is:

Copy the SSH public key up to the server:

davek@mymachine:~/.ssh# scp           100% |*****************************************************************************************************|   401       00:00    

On the server, copy the public key into the target user’s ~/.ssh/authorized_keys file:

[davek@im /home/davek/.ssh]$ cat > authorized_keys 

On server, change file modes for ~/.ssh/authorized_keys to 600, and to the ~/.ssh directory to 700.

On the client, change file modes for the ~/.ssh directory to 700, and check that file modes on the private key are set to 600.

Test SSH public key authentication:

davek@mymachine:~/.ssh$ ssh
Last login: Mon Dec 10 02:41:18 2012 from
   __        .                   .
 _|  |_      | .-. .  . .-. :--. |-
|_    _|     ;|   ||  |(.-' |  | |
  |__|   `--'  `-' `;-| `-' '  ' `-'
                   /  ; SmartMachine base 1.8.1

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s