Creating a user on a Ubuntu Linux server with a certificate login in PuTTY just like Amazon AWS

One nice thing about amazon AWS is that it creates a ubuntu user for you and spits out a certificate which you can send through puttygen and create a certificate to login to the server quite easily. This is very convenient.

However if you are on some other host, you don’t have this convenience. A password login is the default. So here’s how to do that.

Create the new user:
sudo useradd yourusername
( make sure you specify a password – we aren’t going to use it, but the OS needs it. )

Login to this new user account and then type:
ssh-keygen -t rsa
( just stick with the default choices unless you want a password on the cert too. )

Then move these files to the .ssh directory and shuffle the names..

mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
cat ~/.ssh/id_rsa

Cat will produce a big dump like…
-----BEGIN RSA PRIVATE KEY------
blablablablabalba
-----END RSA PRIVATE KEY------

Copy this entire chunk into a text file and save it to a .pem file on your windows desktop. This is the equivalent of what Amazon AWS generates when it first sends you the key.

You can then load this file into PuTTYgen, click ‘save private key’, and boom, you have your .ppk.

Two other tweaks to imitate amazon’s setup…

in /etc/ssh/sshd_config, set this line:
passwordAuthentication no
This will disable password authentication and require a certificate for SSH logins, just like how Ubuntu AWS servers work by default.

Type sudo visudo to get into the sudo editor.
Change the line that includes your username to look like this:

yourusername ALL=(ALL) NOPASSWD:ALL

Then remove the user’s password using this command:
sudo passwd -d yourusername

Bam! you now no longer have to type the password for this user when sudo-ing.

Leave a Reply