software

SSH Like a Pro: Creating an Isolated User on an EC2 Instance (Without Breaking Anything)

Published: (January 31, 2026 at 03:05 AM EST)
3 min read
Source: Dev.to

Source: Dev.to

If you’ve ever deployed more than one project on a single server, you’ve probably felt this tension:

“I don’t want this new thing to interfere with what’s already running.”

That’s exactly the situation I found myself in:

  • an existing EC2 instance
  • a main user running a larger project
  • a new, smaller service I wanted to deploy cleanly and safely

The solution wasn’t Docker or Kubernetes. It was something much simpler — Linux users + SSH keys, done properly.

Goal

  • Create a new Linux user (cc)
  • Isolate a new project under that user
  • Log in directly as cc using SSH
  • Keep everything secure and professional – no hacks, no shortcuts

1. SSH into the server as your existing user

ssh your-current-user@your-ec2-ip

2. Create the new user

sudo adduser cc          # you’ll be prompted for a password and optional details
sudo usermod -aG sudo cc # (optional but recommended) give sudo access

At this point the user cc exists, but you cannot SSH into it yet.

3. Understand how SSH authentication works

  • SSH proves you own a private key.
  • The server checks whether the matching public key is listed in the target user’s ~/.ssh/authorized_keys.
  • If the public key isn’t listed, login is denied.

A brand‑new user like cc has an empty allowlist.

Test your existing SSH connection with verbosity to see which key is being offered:

ssh -v your-current-user@your-ec2-ip

You’ll see a line such as:

Offering public key: ~/.ssh/backend-key

That tells you which private key your laptop is using. The matching public key is ~/.ssh/backend-key.pub. This is the only key you should use for the new user.

4. Set up the SSH directory and authorized keys for cc

# On the server
sudo mkdir -p /home/cc/.ssh
sudo chmod 700 /home/cc/.ssh
sudo chown cc:cc /home/cc/.ssh

# Create the authorized_keys file
sudo nano /home/cc/.ssh/authorized_keys

Paste the entire contents of your local backend-key.pub file into authorized_keys, then fix permissions:

sudo chown cc:cc /home/cc/.ssh/authorized_keys
sudo chmod 600 /home/cc/.ssh/authorized_keys

5. Test the new login

From your local machine:

ssh cc@your-ec2-ip

If everything is set up correctly, you’ll be in 🎉. Verify:

whoami   # should output: cc
pwd      # should output: /home/cc

6. (Optional) Add a shortcut to ~/.ssh/config

Host cc-ec2
    HostName your-ec2-ip
    User cc
    IdentityFile ~/.ssh/backend-key

Now you can simply run:

ssh cc-ec2

Benefits of this approach

  • Full isolation between projects – separate environments and dependencies
  • Smaller blast radius if something breaks
  • Scalable setup that grows with you
  • Professional security – SSH keys are resistant to brute‑force and phishing, and are the industry standard in cloud environments
  • Ability to disable password SSH entirely, keeping passwords only for sudo if needed

You didn’t just “make SSH work”. You set up your server the way professionals do: by managing identity and trust at the user level. Once that mental model clicks, SSH stops feeling magical and becomes a solid, reliable tool for multi‑service servers.

Happy hacking 🚀

Back to Blog

Related posts

Read more »