User SSH authorized_keys, missing home directory

[lessfoobar]

I want to have a local user other than root to manage the system both thru the cli and thru the web interface. So far I've created the lessfoobar user with pam, I've manually created the user on the nodes, I've given myself admin rights, setup password and totp, I can do everything thru the web ui now I'm missing the part with the ssh key. Where should I put the ssh key? there is no home dir for the user lessfoobar? should I have created it during the user creation? the docu is pretty vague on that section https://pve.proxmox.com/wiki/User_Management

 

[shanreich]

You can create a homedir for an existing user via mkhomedir_helper. Then you should be able to add the key to ~/.ssh/authorized_keys. Alternatively you could edit the ssh config to use a different path for authorized_keys file, but just generating the home dir should be the easier/better option.

Be also aware that some CLI tools require root privileges and cannot just be run from a non-root account. You can alleviate this issue by creating rules in the sudoers file that allow a specific user to run, for instance, qm with sudo if you do not want the user to have full root privileges.

 

[lessfoobar]

I have changed sshd_config to ssh only using pubkeys. SSHing into root just feels wrong to me.
However I didn't know that the useradd command wouldn't create a user home dir by default. What is the preferred (best practice) method then for managing PVE? Thru the web ui?

 

[shanreich]

Either Web UI or CLI is fine. Also creating a second user account to administrate Proxmox is fine, you just need to be aware that for certain CLI commands root-privileges are required. This can be alleviated by creating rules in the sudoers file. What you use is more a matter of preference, there is no one specific way that everyone should use.