SSH adduser: Because friends don't let friends login or run stuff as root


These are the files / directories that are created and/or modified with this install:


Cheat Sheet

Many modern web programs (npm and postgres, for example) will not function correctly if run as root.

ssh-adduser will

  1. add the user app
  2. set a random, 32-character password (as a failsafe)
  3. copy the root user's ~/.ssh/authorized_keys (so the same users can still login)
  4. give the app user sudo (admin) privileges
  5. allow app to sudo without a password

How to create a new user named 'app':

# --disable-password prevents a password prompt
# --gecos "" skips the useless questions
adduser --disabled-password --gecos "" app

How to create a and set a random password:

# sets 'my_password' to 32 random hex characters (16 bytes)
my_password=$(openssl rand -hex 16)

# uses 'my_password' for to reset and confirm 'app's password
printf "$my_password"'\n'"$my_password" | passwd app

How to make the user 'app' a "sudo"er (an admin):

adduser app sudo

How to allow 'app' to run sudo commands without a password:

echo "app ALL=(ALL:ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/app

How to copy allowed keys from root to the new user:

mkdir -p /home/app/.ssh/
chmod 0700 /home/app/.ssh/

cat "$HOME/.ssh/authorized_keys" >> /home/app/.ssh/authorized_keys
chmod 0600 /home/app/.ssh/authorized_keys

chown -R app:app /home/app/.ssh/


Report an Issue Submit Installer Star on GitHub