0

I just bought a VPS plan with my hosting provider. I did all the necessary measurements for security and disabled root ssh login, created a custom myuser in the sudoer group etc.. so far so good. But it annoyed me to always type the password for myuser on every ssh login, so I deleted it with

sudo passwd –d myuser

Now apparently this was a mistake, since I'm now still asked about the password on every ssh login, but obviously there is no password? I'm a bit confused. Either way, if I type my old password it won't let me login and if I type no password it won't either. Is there a way to save my VPS still or did I officially lock myself out?

And since this hit me a bit unexpectedly, what the hell is going on? Why does ubuntu ask for a password when there is none?

Improve this question
5
  • "Why does ubuntu ask for a password when there is none?" because you may have a different user who does have a valid login?
    – graham
    Commented May 24 at 17:01
  • @graham Yes but I log in as myuser so there could really be only one password right?
    – glades
    Commented May 24 at 17:51
  • 2
    Looks like you permanently locked yourself out. Talk to your VPS support; maybe they can preserve your data before wiping and reinstalling.
    – user535733
    Commented May 25 at 1:18
  • @user535733 Hmm. I mean this is not a problem at the moment since I have nothing on the vps, I could probably just wipe everything and reinstall the os. But I would like to know where I took the wrong turn so I can deepen my understanding a bit :/
    – glades
    Commented May 25 at 9:16
  • Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking.
    – Community Bot
    Commented May 25 at 10:50

1 Answer 1

Reset to default
-1

Ok figured it out.

Obviously passwd -d myuser doesn't work.

So I had to reinstall my VPS operating system since it seemed that I'm really locked out. I only found out after the fact that usually providers will offer a web terminal that would potentially allow login even if ssh is screwed up. In any case, try this first if you have valuable data on your VPS, and reset password with sudo passwd myuser!

To setup passwordless authentication I had to change /etc/ssh/sshd_config to disallow password authentication and allow pubkey authentication:

PasswordAuthentication no
PubkeyAuthentication yes

What's important here is that the /etc/ssh/sshd_config file usually includes all files in /etc/ssh/ssh_config.d/*.conf* and if any file pre-sets the above keys your change will be ignored. So make sure that none of the included files preset these values or change them in the includes directly.

Now to make pubkey based authentication possible I had to put the client machine's pubkey into the myclient user's ~/.ssh/authorized_keys file:

mkdir -p /home/myuser/.ssh
chmod 700 /home/myuser/.ssh
vim /home/myuser/.ssh/authorized_keys

and paste (pubkey probably resides in your client machine's ~/.ssh/serverkeyfile.pub)

Make sure access permissions are right.

chmod 600 /home/myuser/.ssh/authorized_keys
chown -R myuser:myuser /home/myuser/.ssh

And restart ssh daemon:

sudo systemctl restart sshd

(Note: You could also perform the above steps automatically using ssh-copy-id -i ~/.ssh/serverkeyfile.pub myuser@host)

Try login to your machine now it should work.

Improve this answer
3
  • I would first create the keys and copy the public key to the VPS using the ssh-copy-id command. Then disable password based ssh authentication. Your answer will lock some more users out if they follow your process of disabling password and then try to set up key based authentication.
    – user68186
    Commented May 25 at 13:52
  • This is safer yes but you're not immediately locked out unless you close the session. But indeed this could happen for unforeseen reasons.
    – glades
    Commented May 25 at 14:02
  • As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.
    – Community Bot
    Commented May 25 at 15:52

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .