Multi-tenant VPS

Let’s assume we are working with a VPS with a single user account with sudo privileges. The goal is to add a new tenant with a separate account, home and ssh access.

Create a new user

First of all, we need to create a new user. The following command can be used:

sudo adduser -m -s /bin/bash <tenant_name>

• -m: creates a home directory for the new user. By default it will be /home/<tenant_name>
• -s: specifies the shell to use. By default it may be /bin/sh

Set user password

To set a password for the new user, use the following command:

sudo passwd <tenant_name>

Add user to sudoers [optional]

If you want to grant sudo privileges to the new user, you can add it to the sudoers file. This makes the user able to run commands as a super user, and should be avoided if not strictly necessary.

sudo usermod -aG sudo <tenant_name>

Change current user

To change the current user, use the following command:

su - <tenant_name>
# Make sure to be in the right home directory
cd ~

Make sure the authorized_keys file is present

The authorized_keys file is used to store the public keys of the users that can access the server via ssh. If the file is not present, create it:

# Make sure the .ssh directory is present
mkdir -p ~/.ssh
# Make sure the authorized_keys file is present
touch ~/.ssh/authorized_keys
# Set the correct permissions for the .ssh directory: only the user can do anything
chmod 700 ~/.ssh
# Set the correct permissions for the authorized_keys file: only the user can read or write
chmod 600 ~/.ssh/authorized_keys

• -p: creates the parent directories if they don’t exist. If the directory already exists, nothing happens.

Create a new ssh key pair

To create a new ssh key pair, use the following command and follow the step-by-step instructions:

ssh-keygen -t rsa -b 4096 -C "<tenant_name>"

• -t: specifies the type of key to create. By default it is rsa.
• -b: specifies the number of bits in the key to create. By default it is 2048.
• -C: specifies a comment to be added to the public key file.

Two files will be created:

• ~/.ssh/id_rsa: the private key
• ~/.ssh/id_rsa.pub: the public key

Make sure the permissions for the private key are correct:

chmod 600 ~/.ssh/id_rsa

During the creation of the key pair, you will be asked to specify a passphrase as an extra layer of security.
If you want to avoid typing the passphrase every time you use the key, you can leave it empty. Otherwise, anyone who may want to use the key will have to type the passphrase each time it is used.

Add the public key to the authorized_keys file

If you are already on the same VPS you intend log into, to add the public key to the authorized_keys file, use the following command:

cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

Otherwise, copy the content of the public key file and append it in the authorized_keys file.

Test the ssh connection

To test the ssh connection, use the following command:

ssh <tenant_name>@<server_ip> -i ~/.ssh/id_rsa

• -i: specifies the private key to use.

To avoid typing the private key path every time, you can add it to the ssh config file:

# Make sure the .ssh directory is present
mkdir -p ~/.ssh
# Make sure the config file is present
touch ~/.ssh/config
# Set the correct permissions for the .ssh directory: only the user can do anything
chmod 700 ~/.ssh
# Set the correct permissions for the config file: only the user can read or write
chmod 600 ~/.ssh/config

Then, add the following lines to the config file:

# ~/.ssh/config
Host <server_name>
    User <tenant_name>
    HostName <server_ip>
    IdentityFile ~/.ssh/id_rsa

Now you can use the following command to test the ssh connection:

ssh <server_name>

Delete user

To delete a user, use the following command:

sudo deluser -r <tenant_name>

• -r: removes the user’s home directory and mail spool.

References

• How to Add a New User With SSH to Your VPS
• How To Set Up SSH Keys on Ubuntu 20.04