User login

Server access via passkey, setting up sudo, loosening control temporarily

in

For the steps Agaric uses, see Create a new user on Agaric's test server with May First People Link.

If the user isn't on the server yet:

sudo adduser veronica

For the actual transfer and ssh key adding information, see creating (and uploading) ssh keys and perhaps in some weird situation also Update a Debian user's passkey and grant sudo access.

Giving another user access, passkey or public key method (also after adduser):

.ssh needs to be chmodded to 700, authorized_keys to 600
chown -R user.user .ssh, if you made it as root

After an adduser, this may be all you need, checking permissions with the ls -la listing command:

chown -R fred:fred /home/fred/.ssh/
chmod 600 /home/fred/.ssh/authorized_keys
ls -la /home/fred/
ls -la /home/fred/.ssh/

drwxr-xr-x 2 fred fred 4096 Oct 2 16:30 .ssh

and

-rw------- 1 dan dan 294 Oct 2 16:28 authorized_keys

Are the lines you're looking for.

Setting up sudo, because sudo is always preferred:

[6:42pm] Psychosis: sudo is easy. just look at /etc/sudoers, there will be examples there
[6:42pm] ben-agaric: we are aware that we have some suboptimall matters
[6:42pm] Psychosis: you just need something like "karthik ALL=(ALL) ALL"
[6:42pm] Psychosis: that way we don't need to transmit your root password over anything unsecure

So:
visudo

(If you don't have that command nor an /etc/sudoers, this may be needed first: apt-get install sudo)

Loosening up access:

ben-agaric: is there anything we have to do to allow password login, so we can use the root login option?
[6:58pm] Psychosis: you may have to set "PasswordAuthentication yes"
[6:58pm] Psychosis: but you shouldn't, with the default debian config
[6:59pm] Psychosis: just need to enable root logins
[6:59pm] ben-agaric: ahh, there it is, that makes sense
[6:59pm] ben-agaric: OK, leave it for now
[6:59pm] Psychosis: there's actually a 2nd auth mechanism using pam that it uses for password logins
[6:59pm] ben-agaric: maybe do it temporarily
[6:59pm] Psychosis: the PasswordAuthentication may not be relevant at all, I'm not sure
[6:59pm] Psychosis: but you can try
[6:59pm] Psychosis: keep in mind that you do need to do an "/etc/init.d/ssh reload" between changes
[7:01pm] ben-agaric: good to know
[7:01pm] ben-agaric: Reloading OpenBSD Secure Shell server's configuration.
[7:01pm] ben-agaric: were we had on the Debian?
[7:02pm] Psychosis: openbsd's is considered to be more...secure
ben-agaric: I love GNU-Linux-BSD etc world...

Searched words: 
add user ssh giving ssh passkey access add user linux authorized keys

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • You can use Markdown syntax to format and style the text. Also see Markdown Extra for tables, footnotes, and more.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <blockquote> <small> <h2> <h3> <h4> <h5> <h6> <sub> <sup> <p> <br> <strike> <table> <tr> <td> <thead> <th> <tbody> <tt> <output>
  • Lines and paragraphs break automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.