How to Create User Account in Ubuntu with Public Key

One of the most important tasks that Ubuntu users often need to perform is accessing their accounts safely from remote locations. You can create a user account with the public key to do this easily. In this article, I’ll demonstrate how to create a user account with the public key in Ubuntu.

Requirements to Create User Account with Public Key

Process Flow Chart to Create User Account with Public Keyflowchart to Create User Account in Ubuntu with Public Key

Distro Used Throughout the Tutorial: Ubuntu 22.04.1 LTS

Create a User Account with Public Key in Ubuntu

You can instantly create a user account in Ubuntu with the public key. Make sure you are logged in as the root user. The following guide will help you create a user account with the public key in Ubuntu.

Case A: Client Windows User & Server Ubuntu User

Among all the operating systems, I am using windows for my client computer and Ubuntu for my server computer here. You can do the same by following the process below.

Step 1: Create a User Account in Ubuntu

I will create a new user named “august” using the terminal. This will be my remote server. To know more about creating users from the terminal, follow this article. Also, to create a user using the GUI, you can follow this article. For better understanding, follow the steps below:

  1. To initiate, press CTRL+ALT+T to open the Ubuntu Terminal.
  2. Then, copy the command below:
    sudo adduser august
    EXPLANATION
    • sudo: Grants administrative privileges.
    • adduser: Adds a new user.
    • august: Name of the user to be created.
  3. After that, press the ENTER button.Create New User in Ubuntu
    EXPLANATION

    A new user account with the name “august” is created. It will then assign it to the new “august” group which is created with the same name.

    The command then creates a home directory at “/home/august” for the new user. The user’s private data and settings will be kept in this directory.

    Lastly, the command moves the contents of the “/etc/skel” directory to the new user’s home directory. In order to provide new user accounts with a basic set of files and settings, the “/etc/skel” directory provides a collection of default files and folders.

  4. Now, Enter a password for the newly created user and other required information.By repeatedly hitting ENTER, you can, however, ignore entering further information.

    Warning: Try to create a strong, unique password. If you don’t, you’ll get a warning message like “BAD PASSWORD” as shown in the image below.
  5. Finally, press Y to confirm your given information.

    By selecting Y, you have created a new user as you have confirmed all the information provided. You can now use this instruction to create a new user anytime.Create New User in Ubuntu

Step 2: Setup the SSH Server in Ubuntu

Without setting up the SSH server, you can not generate the public key and log in to the remote server. Follow the instructions below to set up the ssh-server:

  1. Open up the Ubuntu Terminal on the server computer.
  2. Execute the following command into the command prompt:
    sudo apt install openssh-server
    EXPLANATION
    • sudo: Grants administrative privileges.
    • apt: Manages software packages.
    • Install: Copies files to a specified destination.
    • openssh-server: Securely connects to a system.
  3. Now, press the ENTER button.
  4. Then, type Y and hit the ENTER button to continue the process:Install OpenSSH ServerIn the above image, you can see that the openSSH-server is successfully installed.Follow the same process to set up the openSSH-server in the client computer.
  5. Now switch to the new user August. Follow this guide to learn more about the steps to switch users.
  6. If you haven’t turned on your server, type the following commands in the command prompt and press the ENTER key to turn on your server and see the status:

    sudo service ssh start
    sudo service ssh status
    EXPLANATION
    • sudo: Grants administrative privileges.
    • service: Starts, stop, and restart services.
    • ssh: Enables computers to communicate.
    • start: Starts the server.
    • Status: Shows the status of the server.
    turn on server and check statusAs you can see, the server is active.
  7. Now, execute the following command in the command prompt to find the IP address of the server:
    ifconfig
    EXPLANATION
    • Ifconfig: Used to find the IP address of the server.
    find ip address of the remote serverIn the above image, you can see the IP address of the server.

    If your device does not have the ifconfig, write the following command to install it and tap the ENTER button.

    sudo apt-get install net-tools
    EXPLANATION
    • sudo: Grants administrative privileges.
    • apt-get: Advanced package tool.
    • net-tools: The collection of base networking utilities.
    install ifconfig

Step 3: Generate a Public Key

You can use the public key to authenticate the remote server. You need to generate a public key in the client computer. I am using Windows for my client computer. You can use any operating system of your choice. Here, in the following, I will be generating a public key so that I can use that to create my remote user account:

  1. Start by opening the Windows Powershell on your local machine.
  2. Now create a directory named ssh in the C drive on your local machine.
  3. To generate keys, enter the command shown below:
    ssh-keygen -f C:\ssh\mykey
    EXPLANATION
    • ssh-keygen: Generates a pair of public and private keys.
    • option -f: Used to generate keys in the defined location.
    • C:\ssh\mykey: Absolute path of the public key.
  4. After that, tap the ENTER button.
  5. For the key pair, you will be prompted to enter a passphrase. So, type the passphrase you want and press the ENTER button:generate key in windows powershell in client computer

    Note: The key pair is more secure with this passphrase, yet it isn’t required. If you don’t want to use a passphrase, you can press ENTER to leave the field blank.
    public and private keys are generated to create a user account in UbuntuThe key pair is generated and saved in the selected location once the passphrase has been entered (or left blank).
    You can follow this section to verify the generated public key.


Step 4: Send the Public Key to Server

To use the public key, you need to send the public key to the server. You need to send the public key for logging into the remote server. But before doing this log in as the newly created user with the password.

Follow this guide to learn more about the steps to switch users.

Follow the steps below to send the public key to the server using the scp command:

  1. First open the Windows PowerShell.
  2. To send the public key, enter the command using the below syntax:
    scp absolute_path_of_the_public_key USER_NAME@REMOTE_SERVER:~/.ssh
    scp C:\ssh\mykey.pub [email protected]:~/.ssh
    EXPLANATION
    • scp: Transfers files.
    • C:\ssh\mykey.pub: Absolute path of the public key.
    • august: Name of the user.
    • 168.11.130: IP address of the remote server.
  3. After that, tap the ENTER button.send the public key to the server
  4. Open the Ubuntu Terminal on the server computer.
  5. Log in as the newly created user with the password if you haven’t already. Follow this guide to learn more about the steps to switch users.

  6. To check if the public key is sent, execute the following command:
    ls .ssh
    EXPLANATION
    • ls: Lists contents of directories.
    • .ssh: A directory name .ssh.
    found the public key in the serverIn the image above, you can see the public key is found in the server.
  7. Type the following command into the command prompt to restart the server and hit the ENTER button:
    sudo service ssh restart
    EXPLANATION
    • sudo: Grants administrative privileges.
    • service: Starts, stop, and restart services.
    • ssh: Used to configure OpenSSH.
    • restart: Restarts sshd service.
    restart serverOne public key is sent to the server using the above syntax and steps.
  8. Now, delete the public key from client computer following the instructions shown in the image below:delete the public key from the client computer Don’t forget to remove the public key. As you have already sent the public key to the remote server, you don’t need this in the client computer anymore.

Step 5: Enable Public Key Authentication & Disable Password Authentication

To access the remote server without a password, you need to enable public key authentication & disable password authentication. For better understanding, follow the instructions below:

  1. Open the Ubuntu Terminal on the server computer.
  2. Write the following command to the command prompt and strike the ENTER button:
    cat ~/.ssh/mykey.pub >> ~/.ssh/authorized_keys
    EXPLANATION
    • cat: Used to view contents of the file(s).
    • ~/.ssh/mykey.pub: Absolute path of the public key.
    • >>: Used to append to a file.
    • ~/.ssh/authorized_keys: Absolute path of authorized_keys file.
    append the public key to the authorized_keys fileIn the above image, you can see the public key is added to the authorized_keys file.
    Note: If the file does not exist, it will create a file called authorized_keys.
  3. Run the following command in the command prompt:
    sudo nano /etc/ssh/sshd_config
    EXPLANATION
    • sudo: Grants administrative privileges.
    • nano: It is a text editor.
    • /etc/ssh/sshd_config: Used to configure OpenSSH.
    Open Configuration FIle in Ubuntu
  4. After that, tap the ENTER button.
  5. Type the password of the user account and press the ENTER button.
  6. Change the permission of the PubkeyAuthentication from no to yes, and remove # from this line, and the following line of the file:
    AuthorizedKeysFile .ssh/authorized_keys

    edit configuration file

  7. To disable password authentication, change the permission of the Password Authentication from yes to no and remove # from this line and add the following line to the file:
    ChallengeResponseAuthentication no

    2 edit configuration file

  8. Save the text file using CTRL+O and exit it by using CTRL+X
  9. To activate the changes, restart the sshd service by executing the command below:
    sudo systemctl restart ssh
    EXPLANATION
    • sudo: Grants administrative privileges.
    • systemctl: Enables particular service.
    • restart: Restarts sshd service.
    • ssh: Used to configure OpenSSH.
  10. Finally, strike the ENTER button.

    Thus, I have enabled the public key authentication and disabled the password authentication of the remote server. While working, you can get an error stating username is not in the sudoers file.  This incident will be reported”.

    You can follow this guide to Fix USER is Not in the Sudoers File in Linux.

Step 6: Connect to the Remote Server

Now, it’s time to connect the client computer to the remote server using the public key. Follow the simple syntax ssh -i absolute_path_of_the_public_key USER_NAME@REMOTE_SERVER and steps below to learn more:

  1. Start by opening Windows Powershell.
  2. Run the following command in the command prompt:
    ssh -i C:\ssh\mykey [email protected]
    EXPLANATION
    • ssh: Enables computers to communicate.
    • -i: Selects a file for public key authentication.
    • august: Name of the user.
    • 168.11.130: IP address of the remote server.
    • C:\ssh\mykey: Absolute path of the public key.
  3. Finally, tap the ENTER button.logged in to the remote server using public keyAs you can see in the above image, I have logged in to the remote server from the client computer.


Case B: Client & Server both Ubuntu User

I am using Ubuntu among all the operating systems for both my client & server computer here. You can do the same by using the following procedure.

Step 1: Create a User Account in Ubuntu

I will create a new user named “august” using the terminal. This will be my remote server. Follow the steps for better understanding:

  1. Start by pressing CTRL+ALT+T to open the Ubuntu Terminal.
  2. Then, write the command below:
    sudo adduser august
    EXPLANATION
    • sudo: Grants administrative privileges.
    • adduser: Adds a new user.
    • august: Name of the user to be created.
  3. After that, hit the ENTER button.Create New User in Ubuntu
    EXPLANATION

    A new user account with the name “august” is created. It will then assign it to the new “august” group which is created with the same name.

    The command then creates a home directory at “/home/august” for the new user. The user’s private data and settings will be kept in this directory.

    Lastly, the command moves the contents of the “/etc/skel” directory to the new user’s home directory. To provide new user accounts with a basic set of files and settings, the “/etc/skel” directory provides a collection of default files and folders.

  4. Now, Enter a password for the newly created user and other required information.By repeatedly hitting ENTER, you can, however, ignore entering further information.

    Warning: Try to create a strong, unique password. If you don’t, you’ll get a warning message like “BAD PASSWORD” as shown in the image below.
  5. Finally, press Y to confirm your given information.

    By selecting Y, you have created a new user as you have confirmed all the information provided. You can now use this instruction to create a new user anytime.

Step 2: Setup the SSH Server in Ubuntu

Without setting up the SSH server, you can not generate the public key and log in to the remote server. Follow the instructions below to set up the ssh-server:

  1. Open the Terminal in Ubuntu.
  2. Run the following command into the command prompt:
    sudo apt install openssh-server
    EXPLANATION
    • sudo: Grants administrative privileges.
    • apt: Manages software packages.
    • Install: Copies files to a specified destination.
    • openssh-server: Securely connects to a system.
  3. Now, press the ENTER button.
  4. Then, type Y and hit the ENTER button to continue the process.Install OpenSSH ServerIn the above image, you can see that the openSSH-server is successfully installed.
  5. Now switch to the new user august.
    Follow this guide to learn more about the steps to switch users.
  6. If you haven’t turned on your server, type the following commands in the command prompt and press the ENTER key to turn on your server and view the status:

    sudo service ssh start
    sudo service ssh status
    EXPLANATION
    • sudo: Grants administrative privileges.
    • service: Starts, stop, and restart services
    • ssh: Enables computers to communicate.
    • start: Starts the server.
    • status: Shows the status of the server.
    turn on server and check statusAs you can see, the server is active.
  7. Now, execute the following command in the command prompt to find the IP address of the server:
    ifconfig
    EXPLANATION
    • Ifconfig: Used to find the IP address of the server.
    find the ip address of the remote serverIn the above image, you can see the IP address of the server.

    If your device does not have the ifconfig, write the following command to install it and tap the ENTER button.

    sudo apt-get install net-tools
    EXPLANATION
    • sudo: Grants administrative privileges.
    • apt-get: Advanced package tool.
    • net-tools: The collection of base networking utilities.
    install ifconfig

Step 3: Generate a Public Key

Public key can be used to authenticate the remote server. You need to generate a public key in the client computer. I am using Ubuntu for my client computer. You can use any operating system of your choice. Here I will be generating a public key so that I can use that to create my remote user account:

  1. Start by opening the Terminal on your local machine.
  2. To generate keys, enter the command shown below:
    ssh-keygen -f ~/.ssh/mykey
    EXPLANATION
    • ssh-keygen: Generates a pair of public and private keys.
    • option -f: Used to generate keys in the defined location.
    • ~/.ssh/mykey: Absolute path of the public key.
  3. After that, tap the ENTER button.
  4. For the key pair, you will be prompted to enter a passphrase. So, type the passphrase you want and press the ENTER button:generate public key

    Note: The key pair is more secure with this passphrase, yet it isn’t required. If you don’t want to use a passphrase, you can press ENTER to leave the field blank.
    public key and private keys are generated to create a user account in UbuntuAs you can see, a directory named .ssh is created and a key pair is generated and saved in the selected location once the passphrase has been entered (or left blank).
    You can follow this section to verify the generated public key.


Step 4: Send the Public Key to Server

To use the public key, you need to send the public key to the server. You need to send the public key for logging into the remote server. But before doing this log in as the newly created user with the password.  Follow the steps below using the scp command to send the public key to the server:

  1. First open the Terminal both in Ubuntu Client Computer & Server Computer.
  2. Now log in as the newly created user with the password in the server computer if you haven’t already.

    Follow this guide to learn more about the steps to switch users.
  3. To send the public key, enter the command to the client computer using the syntax shown below:
    scp absolute_path_of_the_public_key USER_NAME@REMOTE_SERVER:~/.ssh
    scp ~/.ssh/mykey.pub [email protected]:~/.ssh
    EXPLANATION
    • scp: Transfers files.
    • ~/.ssh/mykey.pub: Absolute path of the public key.
    • august: Name of the user.
    • 192.168.11.131: IP address of the remote server.
  4. After that, tap the ENTER button.send the public key to the server
  5. To check if the public key is sent, execute the following command in the server computer:
    ls .ssh
    EXPLANATION
    • ls: Lists contents of directories.
    • .ssh: A directory name .ssh.
    public key is found in the serverIn the image above, you can see the public key is found in the server.
  6. Type the following command into the command prompt to restart the server and hit the ENTER button:
    sudo service ssh restart
    EXPLANATION
    • sudo: Grants administrative privileges.
    • service: Starts, stop, and restart services
    • ssh: Used to configure OpenSSH.
    • restart: Restarts sshd service.
    restart serverOne public key is sent to the server using the above syntax and steps.
  7. Now, delete the public key from client computer. For this, first navigate to the .ssh folder and then remove the key by typing the following commands in the terminal in the client computer:

    cd .ssh
    rm mykey.pub
    EXPLANATION
    • cd: Changes directory.
    • .ssh: The folder where the keys are saved.
    • rm: Used to remove files/folders.
    • pub: The public key.
  8. To check if the public key is deleted, execute the following command in the client computer:
    ls
    EXPLANATION
    • ls: Lists contents of directories.
    remove public keyAs you can see, the public key does not exist.

    Don’t forget to remove the public key. As you have already sent the public key to the remote server, you don’t need this in the client computer anymore.

Step 5: Enable Public Key Authentication & Disable Password Authentication

To access the remote server without a password, you need to enable public key authentication & disable password authentication. For better understanding, follow the instructions below:

  1. Open the Ubuntu Terminal on the server computer.
  2. Write the following command to the command prompt and strike the ENTER button.
    cat ~/.ssh/mykey.pub >> ~/.ssh/authorized_keys
    EXPLANATION
    • cat: Used to view contents of the file(s)
    • ~/.ssh/mykey.pub: Absolute path of the public key.
    • >>: Used to append to a file.
    • ~/.ssh/authorized_keys: Absolute path of authorized_keys file.
    append the public key to the authorized_keys fileIn the above image, you can see the public key is added to the authorized_keys file.
    Note: If the file does not exist, it will create a file called authorized_keys.
  3. Run the following command in the command prompt:
    sudo nano /etc/ssh/sshd_config
    EXPLANATION
    • sudo: Grants administrative privileges.
    • nano: It is a text editor.
    • /etc/ssh/sshd_config: Used to configure OpenSSH.
  4. After that, tap the ENTER button.Open Configuration FIle in Ubuntu
  5. Type the password of the user account and press the ENTER button.
  6. Change the permission of the PubkeyAuthentication from no to yes, and remove # from the following line of the file:
    AuthorizedKeysFile .ssh/authorized_keys

    edit configuration file

  7. To disable password authentication, change the permission of the Password Authentication from yes to no and remove # from this line and add the following line to the file:
    ChallengeResponseAuthentication no

    2 edit configuration file

  8. Save the text file using CTRL+O and exit it by using CTRL+X.
  9.  To activate the changes, restart the sshd service by executing the command below:
    sudo systemctl restart ssh
    EXPLANATION
    • sudo: Grants administrative privileges.
    • systemctl: Enables particular service.
    • restart: Restarts sshd service.
    • ssh: Used to configure OpenSSH.
  10.  Finally, strike the ENTER button.

    Thus, I have enabled the public key authentication and disabled the password authentication of the remote server. While working, you can get an error stating username is not in the sudoers file.  This incident will be reported”.

    You can follow this guide to Fix USER is Not in the Sudoers File in Linux.

Step 6: Connect to the Remote Server

Now, it’s time to connect the client computer to the remote server using the public key. Follow the syntax and steps below to learn more:

  1. Start by opening the terminal in the ubuntu client computer.
  2. Run the following command in the command prompt:
    ssh -i ~/.ssh/mykey [email protected]
    EXPLANATION
    • ssh: Enables computers to communicate.
    • -i: Selects a file for public key authentication.
    • august: Name of the user.
    • 168.11.131: IP address of the remote server.
    • ~/.ssh/mykey: Absolute path of the public key.
  3. Finally, tap the ENTER button.logged into the remote server using public keyAs you can see in the above image, I have logged in to the remote server from the client computer without even using a password.


What is a Public Key?

Let’s take a quick look at the public key. A public key is also known as a cryptographic key which can be utilized to encrypt and decrypt data. It is a part of asymmetric cryptography, widely known as a public key encryption technique. Each user in this system has both a public key and a private key. Although the private key is used to decrypt data, the public key is used to encrypt data.

A user encrypts data before sending it to another user using the recipient’s public key. Using the private key, the recipient may then decrypt the data. To prevent data from being captured by unauthorized parties, this system is used to ensure that data is transferred safely.

How to Switch Users in Ubuntu Terminal

You can switch users with some easy steps. For this, you need to use the su command, which stands for “substitute users”. Here I am providing the syntax and the steps to switch users:

  1. Launch the Ubuntu Terminal.
  2. Copy the following command in the command prompt:
    su - august
    EXPLANATION
    • su: Used to switch the user.
    • august: Name of the user.
  3. Now, tap the ENTER button.
  4. Then, type the password of the user and hit the ENTER button.Switch UserIn the above image, you can see that the user is switched to the user august using the Ubuntu terminal.

How to Verify Generated Public Key in Ubuntu

You can verify whether the public is generated or not using the ls command. If you find the file in the .ssh directory where the public key is saved, you can consider that the public key has been generated successfully. Here I am providing the steps to verify the generated public key:

  1. Open up the Ubuntu Terminal.
  2. Type the following command into the command prompt:
    ls ~/.ssh/id_*
    EXPLANATION
    • ls: Lists contents of directories.
    • ~/.ssh/id_*: The file where the public key is saved.
  3. After that, tap the ENTER button.
  4. Then, type the password of the user and hit the ENTER button:verify Generated Public Key in UbuntuIn the above below, you can see that the public key is successfully generated.


Common Challenges in Creating User Account with Public Key

You may face some difficulties while following the steps. Here, I have discussed one with an explanation.

Fix USER is Not in the Sudoers File in Linux

An error stating username is not in the sudoers file.  This incident will be reported may appear when you attempt to disable password authentication, as shown in the image below.Error Some easy steps like below can help you overcome such a situation:

  1. Launch the Terminal in Ubuntu.
  2. Switch to administrator user just like the image below.Switch User
  3. Run the command below into the command prompt:
    sudo visudo
    EXPLANATION
    • sudo: Grants administrative privileges.
    • visudo: Used to edit the configuration file.
  4. Now, press the ENTER button.Open sudoers File
  5. Then, type the password and tap the ENTER button.
  6. After that, type the following line after admin to the configuration file just like in the image below:
    august ALL=(ALL)  ALL

    add user to sudoers file

  7. Now, switch to the previous user and execute the following command:
    sudo nano /etc/ssh/sshd_config
    EXPLANATION
    • sudo: Grants administrative privileges.
    • nano: It is a text editor.
    • /etc/ssh/sshd_config: Used to configure OpenSSH.

    And this is how you will be able to add the user in the sudoers file.

Conclusion

Adding a public key to the new user account is a major safety measure that helps in keeping unauthorized access outside your Ubuntu system. You can create a user account with the public key in Ubuntu and guarantee the security of your server by following the instructions provided in this article.

People Also Ask

What is a Private Key?

A private key is one of the two keys that are generated as a key pair when using SSH key authentication. The private key is kept on the user’s personal computer or device. It is used to decrypt messages that have been encrypted using the corresponding public key.

How do I manually copy the public key?

To copy public keys manually type the following commands consecutively and press the ENTER key every time.

  1. cat ~/.ssh/id_rsa.pub
  2. mkdir -p ~/.ssh
  3. echo public_key_string >> ~/.ssh/authorized_keys

In the 3rd command, replace the public_key_string with the output string of the 1st command. And this is how you can copy the public key manually.

What is OpenSSH used for?

For remote login and file sharing, OpenSSH provides secure encryption. Among the tools it offers ssh, a z/OS client program is for accessing a z/OS shell. It can also be used to sign into the other platforms of the Linux terminals.

What is the full form of the SSH key?

Secure Shell (SSH) Key, also called Secure Shell Management, is a form of authentication used in the SSH protocol to securely identify and establish a connection between two computers.

Can I delete OpenSSH?

Yes, you can delete the OpenSSH server and its configuration using the following command in Ubuntu.

sudo apt-get purge openssh-client

How to Check the Status of SSH?

To check the status of SSH in Ubuntu by following the command below:

sudo service ssh status

It will show active status if SSH runs.

How to Resolve “su: Authentication failure”?

To resolve the error saying “su: Authentication failure”, at first, run sudo -i command and press the ENTER button. Then execute su - USER_NAME command and tap the ENTER button.

How to Enable Password Authentication?

To enable password authentication: First, open the Ubuntu Terminal, then execute sudo nano /etc/ssh/sshd_config to open the configuration file. Finally, change the permission of the password authentication from no to yes and save the file.

Related Articles

Rate this post
Jannatul Ferdousi Sylvie

Hi there! This is Jannatul Ferdousi Sylvie. I am one of the Linux Content Developer Executives at Softeko. I live in Dhaka, Bangladesh. I have completed my BSc. in Software Engineering from American International University-Bangladesh. You can see my projects in the GitHub account. I love traveling, shopping, cooking, and gardening. Read Full Bio

Leave a Comment