How to Create User Account in Ubuntu with Public Key

One of the most important tasks that Ubuntu users often need to perform is accessing their accounts safely from remote locations. You can create a user account with the public key to do this easily. In this article, I’ll demonstrate how to create a user account with the public key in Ubuntu.

Requirements to Create User Account with Public Key

A server computer (Ubuntu installed in VMWare Workstation).
A client computer (Ubuntu installed in Windows Subsystem for Linux).
You must log in to both the server and client computer.
You must be a root user or have root/sudo access in Ubuntu.
You must connect both computers to the internet.
You must install the OpenSSH-server.

Process Flow Chart to Create User Account with Public Key

Distro Used Throughout the Tutorial: Ubuntu 22.04.1 LTS

Table of Contents Expand

Create a User Account with Public Key in Ubuntu

You can instantly create a user account in Ubuntu with the public key. Make sure you are logged in as the root user. The following guide will help you create a user account with the public key in Ubuntu.

Case A: Client Windows User & Server Ubuntu User

Among all the operating systems, I am using windows for my client computer and Ubuntu for my server computer here. You can do the same by following the process below.

Step 1: Create a User Account in Ubuntu

I will create a new user named “august” using the terminal. This will be my remote server. To know more about creating users from the terminal, follow this article. Also, to create a user using the GUI, you can follow this article. For better understanding, follow the steps below:

To initiate, press CTRL+ALT+T to open the Ubuntu Terminal.
Then, copy the command below:
```
sudo adduser august
```
EXPLANATION
- sudo: Grants administrative privileges.
- adduser: Adds a new user.
- august: Name of the user to be created.
After that, press the ENTER button.
EXPLANATION

A new user account with the name “august” is created. It will then assign it to the new “august” group which is created with the same name.

The command then creates a home directory at “/home/august” for the new user. The user’s private data and settings will be kept in this directory.

Lastly, the command moves the contents of the “/etc/skel” directory to the new user’s home directory. In order to provide new user accounts with a basic set of files and settings, the “/etc/skel” directory provides a collection of default files and folders.
Now, Enter a password for the newly created user and other required information.By repeatedly hitting ENTER, you can, however, ignore entering further information.
Warning: Try to create a strong, unique password. If you don’t, you’ll get a warning message like “BAD PASSWORD” as shown in the image below.
Finally, press Y to confirm your given information.
By selecting Y, you have created a new user as you have confirmed all the information provided. You can now use this instruction to create a new user anytime.

Step 2: Setup the SSH Server in Ubuntu

Without setting up the SSH server, you can not generate the public key and log in to the remote server. Follow the instructions below to set up the ssh-server:

Open up the Ubuntu Terminal on the server computer.
Execute the following command into the command prompt:
```
sudo apt install openssh-server
```
EXPLANATION
- sudo: Grants administrative privileges.
- apt: Manages software packages.
- Install: Copies files to a specified destination.
- openssh-server: Securely connects to a system.
Now, press the ENTER button.
Then, type Y and hit the ENTER button to continue the process:In the above image, you can see that the openSSH-server is successfully installed.Follow the same process to set up the openSSH-server in the client computer.
Now switch to the new user August. Follow this guide to learn more about the steps to switch users.
If you haven’t turned on your server, type the following commands in the command prompt and press the ENTER key to turn on your server and see the status:
```
sudo service ssh start
```
```
sudo service ssh status
```
EXPLANATION
- sudo: Grants administrative privileges.
- service: Starts, stop, and restart services.
- ssh: Enables computers to communicate.
- start: Starts the server.
- Status: Shows the status of the server.
As you can see, the server is active.
Now, execute the following command in the command prompt to find the IP address of the server:
```
ifconfig
```
EXPLANATION
- Ifconfig: Used to find the IP address of the server.
In the above image, you can see the IP address of the server.
If your device does not have the ifconfig, write the following command to install it and tap the ENTER button.
```
sudo apt-get install net-tools
```
EXPLANATION
- sudo: Grants administrative privileges.
- apt-get: Advanced package tool.
- net-tools: The collection of base networking utilities.

Step 3: Generate a Public Key

You can use the public key to authenticate the remote server. You need to generate a public key in the client computer. I am using Windows for my client computer. You can use any operating system of your choice. Here, in the following, I will be generating a public key so that I can use that to create my remote user account:

Start by opening the Windows Powershell on your local machine.
Now create a directory named ssh in the C drive on your local machine.
To generate keys, enter the command shown below:
```
ssh-keygen -f C:\ssh\mykey
```
EXPLANATION
- ssh-keygen: Generates a pair of public and private keys.
- option -f: Used to generate keys in the defined location.
- C:\ssh\mykey: Absolute path of the public key.
After that, tap the ENTER button.
For the key pair, you will be prompted to enter a passphrase. So, type the passphrase you want and press the ENTER button:
Note: The key pair is more secure with this passphrase, yet it isn’t required. If you don’t want to use a passphrase, you can press ENTER to leave the field blank.
The key pair is generated and saved in the selected location once the passphrase has been entered (or left blank).
You can follow this section to verify the generated public key.

Step 4: Send the Public Key to Server

To use the public key, you need to send the public key to the server. You need to send the public key for logging into the remote server. But before doing this log in as the newly created user with the password.

Follow this guide to learn more about the steps to switch users.

Follow the steps below to send the public key to the server using the scp command:

First open the Windows PowerShell.
To send the public key, enter the command using the below syntax:
scp absolute_path_of_the_public_key USER_NAME@REMOTE_SERVER:~/.ssh
```
scp C:\ssh\mykey.pub [email protected]:~/.ssh
```
EXPLANATION
- scp: Transfers files.
- C:\ssh\mykey.pub: Absolute path of the public key.
- august: Name of the user.
- 168.11.130: IP address of the remote server.
After that, tap the ENTER button.
Open the Ubuntu Terminal on the server computer.
Log in as the newly created user with the password if you haven’t already. Follow this guide to learn more about the steps to switch users.
To check if the public key is sent, execute the following command:
```
ls .ssh
```
EXPLANATION
- ls: Lists contents of directories.
- .ssh: A directory name .ssh.
In the image above, you can see the public key is found in the server.
Type the following command into the command prompt to restart the server and hit the ENTER button:
```
sudo service ssh restart
```
EXPLANATION
- sudo: Grants administrative privileges.
- service: Starts, stop, and restart services.
- ssh: Used to configure OpenSSH.
- restart: Restarts sshd service.
One public key is sent to the server using the above syntax and steps.
Now, delete the public key from client computer following the instructions shown in the image below: Don’t forget to remove the public key. As you have already sent the public key to the remote server, you don’t need this in the client computer anymore.

Step 5: Enable Public Key Authentication & Disable Password Authentication

To access the remote server without a password, you need to enable public key authentication & disable password authentication. For better understanding, follow the instructions below:

Open the Ubuntu Terminal on the server computer.
Write the following command to the command prompt and strike the ENTER button:
```
cat ~/.ssh/mykey.pub >> ~/.ssh/authorized_keys
```
EXPLANATION
- cat: Used to view contents of the file(s).
- ~/.ssh/mykey.pub: Absolute path of the public key.
- >>: Used to append to a file.
- ~/.ssh/authorized_keys: Absolute path of authorized_keys file.
In the above image, you can see the public key is added to the authorized_keys file.
Note: If the file does not exist, it will create a file called authorized_keys.
Run the following command in the command prompt:
```
sudo nano /etc/ssh/sshd_config
```
EXPLANATION
- sudo: Grants administrative privileges.
- nano: It is a text editor.
- /etc/ssh/sshd_config: Used to configure OpenSSH.
After that, tap the ENTER button.
Type the password of the user account and press the ENTER button.
Change the permission of the PubkeyAuthentication from no to yes, and remove # from this line, and the following line of the file:
```
AuthorizedKeysFile .ssh/authorized_keys
```
To disable password authentication, change the permission of the Password Authentication from yes to no and remove # from this line and add the following line to the file:
```
ChallengeResponseAuthentication no
```
Save the text file using CTRL+O and exit it by using CTRL+X
To activate the changes, restart the sshd service by executing the command below:
```
sudo systemctl restart ssh
```
EXPLANATION
- sudo: Grants administrative privileges.
- systemctl: Enables particular service.
- restart: Restarts sshd service.
- ssh: Used to configure OpenSSH.
Finally, strike the ENTER button.
Thus, I have enabled the public key authentication and disabled the password authentication of the remote server. While working, you can get an error stating “username is not in the sudoers file. This incident will be reported”.

You can follow this guide to Fix USER is Not in the Sudoers File in Linux.

Step 6: Connect to the Remote Server

Now, it’s time to connect the client computer to the remote server using the public key. Follow the simple syntax ssh -i absolute_path_of_the_public_key USER_NAME@REMOTE_SERVER and steps below to learn more:

Start by opening Windows Powershell.
Run the following command in the command prompt:
```
ssh -i C:\ssh\mykey [email protected]
```
EXPLANATION
- ssh: Enables computers to communicate.
- -i: Selects a file for public key authentication.
- august: Name of the user.
- 168.11.130: IP address of the remote server.
- C:\ssh\mykey: Absolute path of the public key.
Finally, tap the ENTER button.As you can see in the above image, I have logged in to the remote server from the client computer.