SocSci Computing Services Help Pages

User Tools

Site Tools

Trace: setup-sscs-linux-account-public-keys
howto:setup-sscs-linux-account-public-keys

This is an old revision of the document!

Table of Contents

How to: setup SSCS account with SSH public-key authentication

On linux servers, it is recommended to use public-key authentication rather than password authentication for SSH. This is especially true for when port 22 or SSH will be open to off-campus access through the UCI border firewall.

One-stop script to create the sscs account

You can simply copy and paste the below code to download a script that we've set up for this purpose and execute it with sudo: 

curl -O -L https://sites.socsci.uci.edu/~jnilsson/sscs/setup-sscs-account.sh
chmod +x ./setup-sscs-account.sh
sudo ./setup-sscs-account.sh

Or if you prefer to run commands yourself, these are the equivalent commands: 

SSCS_HOME=/home/sscs
sudo useradd -c "Computing Services" -m -d $SSCS_HOME -s /bin/bash sscs
echo "sscs    ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/sscs
sudo mkdir -p $SSCS_HOME/.ssh
sudo chmod 700 $SSCS_HOME/.ssh
sudo touch $SSCS_HOME/.ssh/authorized_keys
sudo chmod 600 $SSCS_HOME/.ssh/authorized_keys
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWfC91AllbEn9VYT9a0838A/55rWtrSY/dm48fedc38 jnilsson@C21121501.local" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys

If you don't want the home directory to be /home/sscs, you can easily set your own SSCS_HOME variable to whatever location you choose and then copy/paste the rest of the commands. Or if you download the setup-sscs-account.sh script and you want to change the location of the sscs account home directory, modify the script accordingly before executing it.

How to: Disable SSH Password Authentication

Disabling Password Authentication is generally as simple as setting the option PasswordAuthentication no in the /etc/ssh/sshd_config file and then restarting the sshd service.

However, we've discovered that some linux distributions add another configuration file /etc/ssh/sshd_config.d/50-cloud-init.conf which contains PasswordAuthentication yes to force password authentication to be enabled.

Therefore, the easiest way to universally disable password authentication is to create a new file that sorts lexicographically before any other files that might be created in there, such as 00-disable-password-auth.conf: 

PasswordAuthentication no
howto/setup-sscs-linux-account-public-keys.1741639635.txt.gz · Last modified: 2025/03/10 20:47 by jnilsson