Server access via passkey, setting up sudo, loosening control temporarily
For the steps Agaric uses, see Create a new user on Agaric's test server with May First People Link.
If the user isn't on the server yet:
sudo adduser veronica
For the actual transfer and ssh key adding information, see creating (and uploading) ssh keys and perhaps in some weird situation also Update a Debian user's passkey and grant sudo access.
Giving another user access, passkey or public key method (also after adduser):
.ssh needs to be chmodded to 700, authorized_keys to 600
chown -R user.user .ssh, if you made it as root
After an adduser, this may be all you need, checking permissions with the ls -la listing command:
chown -R fred:fred /home/fred/.ssh/
chmod 600 /home/fred/.ssh/authorized_keys
ls -la /home/fred/
ls -la /home/fred/.ssh/
drwxr-xr-x 2 fred fred 4096 Oct 2 16:30 .ssh
and
-rw------- 1 dan dan 294 Oct 2 16:28 authorized_keys
Are the lines you're looking for.
Setting up sudo, because sudo is always preferred:
[6:42pm] Psychosis: sudo is easy. just look at /etc/sudoers, there will be examples there
[6:42pm] ben-agaric: we are aware that we have some suboptimall matters
[6:42pm] Psychosis: you just need something like "karthik ALL=(ALL) ALL"
[6:42pm] Psychosis: that way we don't need to transmit your root password over anything unsecure
So:
visudo
(If you don't have that command nor an /etc/sudoers, this may be needed first: apt-get install sudo
)
Loosening up access:
ben-agaric: is there anything we have to do to allow password login, so we can use the root login option?
[6:58pm] Psychosis: you may have to set "PasswordAuthentication yes"
[6:58pm] Psychosis: but you shouldn't, with the default debian config
[6:59pm] Psychosis: just need to enable root logins
[6:59pm] ben-agaric: ahh, there it is, that makes sense
[6:59pm] ben-agaric: OK, leave it for now
[6:59pm] Psychosis: there's actually a 2nd auth mechanism using pam that it uses for password logins
[6:59pm] ben-agaric: maybe do it temporarily
[6:59pm] Psychosis: the PasswordAuthentication may not be relevant at all, I'm not sure
[6:59pm] Psychosis: but you can try
[6:59pm] Psychosis: keep in mind that you do need to do an "/etc/init.d/ssh reload" between changes
[7:01pm] ben-agaric: good to know
[7:01pm] ben-agaric: Reloading OpenBSD Secure Shell server's configuration.
[7:01pm] ben-agaric: were we had on the Debian?
[7:02pm] Psychosis: openbsd's is considered to be more...secure
ben-agaric: I love GNU-Linux-BSD etc world...
Comments
Post new comment