Create a new SSH user on Ubuntu Server

SSH is very picky about the directory and file permissions. Make sure that:

1. The directory /home/username/.ssh has permission "700" and is owned by the user (not root!)
2. The /home/username/ssh/authorized_keys has permission "600" and is owned by the user

Copy your public key into the authorized_keys file.

sudo chown -R username:username /home/username/.ssh
sudo chmod 0700 /home/username/.ssh
sudo chmod 0600 /home/username/.ssh/authorized_keys

There is NO need to add the user to /etc/ssh/ssh_config.

Edit (as root) /etc/ssh/sshd_config. Append the following to it:

Port 1234
PermitRootLogin no
AllowUsers jim

Port 1234 causes SSH to listen on port 1234. You can use any unused port from 1 to 65535. It's recommended to choose a privileged port (port 1-1024) which can only be used by root. If your SSH daemon stops working for some reason, a rogue application can't intercept the connection.

PermitRootLogin disallows direct root login.

AllowUsers jim allows user jim to login through SSH. If you do not have to login from everywhere, you can make this more secure by restricting jim to an IP address (replace 1.2.3.4 with your actual IP address):

AllowUsers [email protected]

Changes to the configuration file /etc/ssh/sshd_config are not immediately applied, to reload the configuration, run:

sudo service ssh reload

There will be clues in /var/log/auth.log for why SSH (or PAM) is rejecting the login attempt. Additional clues may be found by using the -v option with the ssh client. Several common situations, some mentioned in the other answers:

• the user account lacks a password, or is otherwise disabled (see man passwd, try resetting the password or checking the contents of /etc/shadow).
• /etc/ssh/sshd_config is configured to disallow the login (DenyUsers, AllowUsers, PasswordAuthentication, PubkeyAuthentication, UsePAM etc, see man sshd_config).
• the user's shell is not listed in /etc/shells.
• various permission problems on directories or files related to SSH operation: /etc/ssh, /home/jim/.ssh, /home/jim/.ssh/*, etc.

I'd also recommend using adduser (instead of useradd) for adding new users; it is a little more friendly about various default account settings.

As long as the user is not part of the admin group, they will not be able to sudo to root. For them to use su, you will need to set a root password (passwd root), after which I recommend setting PermitRootLogin=no in /etc/ssh/sshd_config.