User Tools

Site Tools


howto:setup-sscs-linux-account-public-keys

How to: setup SSCS account with SSH public-key authentication

On linux servers, it is recommended to use public-key authentication rather than password authentication for SSH. This is especially true for when port 22 or SSH will be open to off-campus access through the UCI border firewall.

One-stop script to create the sscs account

You can simply copy and paste the below code to download a script that we've set up for this purpose and execute it with sudo:

curl -O -L https://sites.socsci.uci.edu/~jnilsson/sscs/setup-sscs-account.sh
chmod +x ./setup-sscs-account.sh
sudo ./setup-sscs-account.sh

Or if you prefer to run commands yourself, these are the equivalent commands:

SSCS_HOME=/home/sscs
sudo useradd -c "Computing Services" -m -d $SSCS_HOME -s /bin/bash sscs
echo "sscs    ALL=(ALL)   ALL" | sudo tee /etc/sudoers.d/sscs > /dev/null
sudo mkdir -p $SSCS_HOME/.ssh
sudo chmod 700 $SSCS_HOME/.ssh
sudo touch $SSCS_HOME/.ssh/authorized_keys
sudo chmod 600 $SSCS_HOME/.ssh/authorized_keys
sudo chown -R sscs:sscs $SSCS_HOME/.ssh
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWfC91AllbEn9VYT9a0838A/55rWtrSY/dm48fedc38 jnilsson@storgy.local" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDoygQr0UQLtpguLWJYiEBZWXUFEkUXVacE6sBZtn/6Z jnilsson@devjpn" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH3jg7avVgdyx1jltUp9nJ02DOE9XH3hfcGBQI6KrVs sscs@gunship" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqAc8VSY9DFEzzumkn1d2S1ytpYOWHSJkbOWN1HjFQR sscs@crateria" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4u9RrufB93/AS2lsBVet4+U5rizO8noDKTSHhcLmli justip6@Zaire" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIErG9uQN2VUNqIjNowRw1J18T8dORd2HhJi3zl9Vs7+t justip6@zeon.ss2k.uci.edu" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys

If you don't want the home directory to be /home/sscs, you can easily set your own SSCS_HOME variable to whatever location you choose and then copy/paste the rest of the commands. Or if you download the setup-sscs-account.sh script and you want to change the location of the sscs account home directory, modify the script accordingly before executing it.

How to: Disable SSH Password Authentication

Disabling Password Authentication is generally as simple as setting the option PasswordAuthentication no in the /etc/ssh/sshd_config file and then restarting the sshd service.

However, we've discovered that some linux distributions add another configuration file /etc/ssh/sshd_config.d/50-cloud-init.conf which contains PasswordAuthentication yes to force password authentication to be enabled.

Therefore, the easiest way to universally disable password authentication is to create a new file that sorts lexicographically before any other files that might be created in there, such as 00-disable-password-auth.conf:

PasswordAuthentication no

After setting the PasswordAuthentication option to no you must reload the sshd daemon to get this setting to take effect:

  • on Debian/Ubuntu:
    systemctl reload ssh
  • on RHEL/Rocky:
    systemctl reload sshd
howto/setup-sscs-linux-account-public-keys.txt · Last modified: 2025/03/12 22:01 by jnilsson