When we create a new server in aws, it allows us to generate a key pair and attach it to the server. Now imagine you want to share access to this multiple people in your team, but you don’t want to share your private key. This is what you need to do.

  • Generate new key for each member of your team or ask each member for there public keys
  • Add it to the authorized_keys list in your servers .ssh folder

If you plan to generate key for each users, run the command ssh-keygen.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

coderhs on Friday 23:31:36 🚀 > ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/coderhs/.ssh/id_rsa): newuser
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in newuser
Your public key has been saved in newuser.pub
The key fingerprint is:
SHA256:tBtoorlY0LUURkIs+kLV6nYTassdyB1Mhjgwinrw5XM coderhs@answer
The key's randomart image is:
+---[RSA 3072]----+
|.=+=O.. .o       |
|+.+=.= .+        |
|*o. + . .o       |
|oB + o..o..      |
|=.* + EoSo       |
|.o.+ = +. .      |
| .. . o...       |
|       ..        |
|       ..        |
+----[SHA256]-----+

You share the newuser file with your team member and then copy the contents of newuser.pub.

Then login to your server and go to the folder cd ~/.ssh, and open the file authorized_keys in vim and add the contents of newuser.pub to the end of the file.

eg:

1

ssh-rsa huge-random-string coderhs@answer

PS: Incase you generated the key, change coderhs@answer to something that will help you identify the user for whom you generated they key. new-member@yourteam.

When you want to diable this user from accessing the server again, delete that line from your authorized_keys