ssh keys for users

[prince_mallow]

I am trying to tighten up security in my server after recent attacks leaving our server as a spam zombie. There are several issues that are cropping up though and I need help finding a solution. When we used to log in to our server we would do it with password authentication and the whole shebang. Now I've disabled that option leaving us only able to connect to the server using ssh-keys. The ssh-keys (generated through WHM) log me in directly as root. I created a new user so that this user would be the one people log in to and if changes need to be made then we can just do -su.

Here are the issues I am having

(1)I don't know how to create an SSH key that would log in as this user instead of as the root

(2)I can su to the new user as root, but if I try to su back to root it will not allow me to "bash: /bin/su: Permission denied" although if I choose exit it brings me back to root. So I guess I'm opening a bash within bash... I guess I would have to chmod su to drwxr-x--- ?

(3) and third, well it's very nice having this user but since it is a limited user it can't see beyond it's own home folder, If I want to use this user to look at what is going on in the server without being able to execute commands, I would need to be able to do so.


Please help on any of the above

[HROAdmin26]

1) Google: Just su to the user and run ssh-keygen.

2) This is normal. You should use "exit" to back out of the user's shell and become root again.

3) If there are specific commands you want to allow the user to run that require root access, Google: linux sudo

[prince_mallow]

Thank you for the links; I went through these several times I couldn't get anything to work either. I created the ssh-keygen under the user and that made my keys. Then with root I appeneded it to the authenicated_keys file as well, but no game. Then I though maybe if I added the user to the %wheel but I get a message saying

Problem encountered adding user1 to the wheel group:

usermod: unknown group user1

I'm really at a lost here

[prince_mallow]

Maybe for more detail. The key file for the root works fine It's located under the root folder and in the .ssh file

The key file for the user is in their home directory under .ssh/ as well.

So I appeneded the public key from the .ssh/ file of the home directory of the user to the authenicated_key file located in the root .ssh/ file

was that correct, the sources online are not descriptive when it comes to that part

[prince_mallow]

Good news. Moved and created the authentication file in the user's folder and it worked I can now login with the user account... I just can't quite sudo correctly

[Kloschüssel]

You'll need the commands you want for the user added to the sudoers file. The file is /etc/sudoers.