How do I set up a .pem login for my servers?

I have a couple of ubuntu droplets on digital ocean

I have set up a username password based login. But I am not comfortable with the idea.

What i would ideally like is a amazon like login where I have a identity.pem sort of file. I will share this file with the people in the team. They login by saying ssh webuser@website_ip after doing an ssh-add

How do I set up a login like this?

I do not want to add ssh-keygen on each developers machine and then add the contents of the public key to .ssh/authorised_keys. For one thing, this seems like too much work for each developer.

Let me know if it is possible. Thanks

To all the downvoters

I understand that it is a bad idea to set up shared login. But I have not violated any FAQs while asking this question. Have some considerations while down-voting. No new user will feel comfortable otherwise.

Also the question is very straight forward. Can you set up amazon type of authentication on any linux box. If you know the answer give me the answer. Otherwise move on.

I know now I have invited a lot more downvoters onto this post. But who cares!


Solution 1:

This is a straightforward enough process, though as has already been commented, a shared login is an extremely bad idea. In this situation, all users have equal access and you won't be able to track what work is carried out as which user. With that in mind however, the following process will give you what you want. On the machine in question, while logged in as the shared user:

Lets keep everything in one place:

cd .ssh/

Generate the file id_dsa from which we will create the PEM file:

ssh-keygen -t dsa -b 2048

Generate the private key PEM file:

openssl dsa -in id_dsa -outform pem > pk_dsa.pem

Generate the public key PEM file for distribution to the users:

openssl dsa -in pk_dsa.pem -pubout -out pub_dsa.pem

The final pub_dsa.pem is the file you're looking for.