Managing users is one of the fundamental tasks when administering an Ubuntu Server. Whether you're setting up a new team member's access or creating service accounts, knowing how to properly create and configure users is essential. In this comprehensive guide, we'll walk through the process step-by-step and address common SSH authentication issues you might encounter.
Why Proper User Management Matters
Before diving into the technical details, it's important to understand why proper user management is crucial for server security and administration. Each user should have their own account with appropriate permissions, rather than sharing root access or using generic accounts.
Creating a New User: The Easy Way
Ubuntu provides two main commands for creating users: adduser and useradd. While both accomplish the same goal, adduser is more user-friendly and recommended for most situations.
Using the adduser Command
The adduser command is an interactive script that handles most of the user creation process automatically:
sudo adduser username
Replace username with your desired username. This single command will:
- Create the user account
- Create a home directory (
/home/username) - Set up the default shell (usually
/bin/bash) - Copy default configuration files to the home directory
- Prompt you to set a password
- Ask for additional user information (which you can skip)
Step-by-Step Example
Let's create a user named "john":
sudo adduser john
You'll see output similar to this:
Adding user `john' ...
Adding new group `john' (1001) ...
Adding new user `john' (1001) with group `john' ...
Creating home directory `/home/john' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for john
Enter the new value, or press ENTER for the default
Full Name []: John Doe
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
Alternative Method: Using useradd
For more control over the user creation process, you can use the useradd command:
sudo useradd -m -s /bin/bash username
sudo passwd username
The flags mean:
-m: Create a home directory-s /bin/bash: Set the default shell to bash
Granting Administrative Privileges
To give a user sudo privileges (administrative access):
sudo usermod -aG sudo username
This adds the user to the sudo group. You can verify this worked by checking the user's groups:
groups username
Adding Users to Specific Groups
You might need to add users to specific groups for various purposes:
# Add to multiple groups at once
sudo usermod -aG group1,group2,group3 username
# Examples:
sudo usermod -aG docker username # For Docker access
sudo usermod -aG www-data username # For web server access
Verifying User Creation
To confirm your user was created successfully:
# Check user information
id username
# View the user's entry in the password file
grep username /etc/passwd
# Test switching to the user
su - username
Troubleshooting SSH Access Issues
One common issue when setting up new users is SSH access problems. If you're getting the error:
cgspadmin@server-ip: Permission denied (publickey)
This typically means SSH is configured to only allow key-based authentication, but no valid key is configured for your user.
Understanding the Error
The "Permission denied (publickey)" error indicates that:
- SSH is configured for public key authentication only
- No valid SSH key pair is set up for the user
- Password authentication might be disabled
Solutions for SSH Access
Option 1: Set Up SSH Key Authentication (Recommended)
-
Generate an SSH key pair on your local machine (if you don't have one):
ssh-keygen -t rsa -b 4096 -C "[email protected]" -
Copy your public key to the server:
ssh-copy-id username@server-ip -
Alternatively, manually add the key:
# On the server, as the user mkdir -p ~/.ssh chmod 700 ~/.ssh # Add your public key to authorized_keys echo "your-public-key-here" >> ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys
Option 2: Enable Password Authentication (Less Secure)
If you need to temporarily enable password authentication:
-
Edit the SSH configuration:
sudo nano /etc/ssh/sshd_config -
Find and modify these lines:
PasswordAuthentication yes PubkeyAuthentication yes -
Restart SSH service:
sudo systemctl restart ssh
Warning: Password authentication is less secure than key-based authentication and should only be used temporarily or in controlled environments.
Option 3: Use an Existing User with Sudo Access
If you have access to another user with sudo privileges, you can:
- SSH in with that user
- Switch to your new user:
sudo su - newusername - Set up SSH keys from within the server
SSH Configuration Best Practices
For production servers, consider these SSH security settings in /etc/ssh/sshd_config:
# Disable root login
PermitRootLogin no
# Use key authentication only
PasswordAuthentication no
PubkeyAuthentication yes
# Limit login attempts
MaxAuthTries 3
# Use specific users only
AllowUsers user1 user2
User Management Best Practices
- Use descriptive usernames: Choose usernames that clearly identify the person or purpose
- Implement least privilege: Only grant the minimum permissions necessary
- Regular audits: Periodically review user accounts and remove unused ones
- Strong passwords: Enforce strong password policies
- SSH key management: Use SSH keys instead of passwords when possible
- Backup user data: Ensure important user data is backed up before account modifications
Removing Users
When you need to remove a user account:
# Remove user but keep home directory
sudo deluser username
# Remove user and home directory
sudo deluser --remove-home username
# Remove user, home directory, and mail spool
sudo deluser --remove-all-files username
Conclusion
Creating users in Ubuntu Server is straightforward with the adduser command, but proper configuration is key to maintaining security. Always use SSH key authentication when possible, and follow the principle of least privilege when assigning permissions.
Remember that user management is an ongoing process. Regular audits of user accounts, proper SSH configuration, and adherence to security best practices will help keep your server secure and well-organized.
Whether you're setting up a development environment or managing a production server, these techniques will serve you well in your Ubuntu Server administration journey.