This guide provides instructions on how to establish a new Ubuntu Linux user that can login with a private key. These steps assume the use of a Mac.
Steps
1. Create a key pair for the new user:
Mac
Create a key pair locally:
ssh-keygen -t rsa
AWS
2. Place the generated private key in the local directory: ~/.ssh
3. Change to the .ssh directory
cd ~/.ssh
4. Set the permissions on the local key file:
chmod 400 GTKeyPairUser101.pem
5. Generate a public key from the private key:
ssh-keygen -y
6. Copy the public key text from the screen, place the text in a file (GTKeyPairUser101.pub) and then place the file in the ~/.ssh directory.
7. 
Connect to the Ubuntu Linux system using ssh and admin credentials:
ssh -i AdminUserKeyFile.pem adminuser@example.com
8. Create the new user on the linux system:
@ubuntu$ sudo adduser new_user --disabled-password
9. Add the new user to the sudo group:
@ubuntu$ sudo usermod -aG sudo username
10. Change the security context to the new_user account so that folders and files you create will have the correct permissions:
@ubuntu$ sudo su - new_user
11. Create an .ssh directory in the new_user home directory:
@new_user$ mkdir .ssh
12. Change the .ssh directory’s permissions to 700:
@new_user$ chmod 700 .ssh
13. Change into the .ssh directory:
@new_user$ cd .ssh
14. Create the authorized_keys file in the .ssh directory:
@new_user:~/.ssh$ touch authorized_keys
15. Change the authorized_keys file permissions to 600:
@new_user:~/.ssh$ chmod 600 authorized_keys
16. Run the Linux cat command in append mode:
@new_user:~/.ssh$ cat >> authorized_keys
17. Paste the public key into the authorized_keys file and then press Enter. Press Ctrl+d to exit cat.
18. Exit the new_user shell
@new_user$ exit
19. Edit the visudo file (Skip to step 21 if completed prior)
@ubuntu$ sudo visudo
Change this line:
%sudo ALL=(ALL:ALL) ALL
To this:
%sudo ALL=(ALL:ALL) NOPASSWD: ALL
20. Save and exit the editor.
21. Exit the Linux system
@ubuntu$ exit
22. Test logging into the new account on the linux system:
ssh -i GTKeyPairUser101.pem new_user@example.com
23. Test that new user can act as sudo without a password:
@ubuntu$ sudo ls
Command should not require password.
24. Exit Linux systems:
@ubuntu$ exit
25. Enjoy.
Verified on Ubuntu 18.04
References:
- https://askubuntu.com/questions/334318/sudoers-file-enable-nopasswd-for-user-all-commands
- https://aws.amazon.com/premiumsupport/knowledge-center/new-user-accounts-linux-instance/
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#having-ec2-create-your-key-pair
- https://stackoverflow.com/questions/45198768/how-to-find-aws-keypair-public-key
- https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-ubuntu-quickstart