User login

Home
 Server access via passkey, setting up sudo, loosening control temporarily

Server access via passkey, setting up sudo, loosening control temporarily

Submitted by Benjamin Melançon on August 22, 2007 - 3:45pm
in

For the steps Agaric uses, see Create a new user on Agaric's test server with May First People Link.

If the user isn't on the server yet:

sudo adduser veronica

For the actual transfer and ssh key adding information, see creating (and uploading) ssh keys and perhaps in some weird situation also Update a Debian user's passkey and grant sudo access.

Giving another user access, passkey or public key method (also after adduser):

.ssh needs to be chmodded to 700, authorized_keys to 600
chown -R user.user .ssh, if you made it as root

After an adduser, this may be all you need, checking permissions with the ls -la listing command:

chown -R fred:fred /home/fred/.ssh/
chmod 600 /home/fred/.ssh/authorized_keys
ls -la /home/fred/
ls -la /home/fred/.ssh/

drwxr-xr-x 2 fred fred 4096 Oct 2 16:30 .ssh

and

-rw------- 1 dan dan 294 Oct 2 16:28 authorized_keys

Are the lines you're looking for.

Setting up sudo, because sudo is always preferred:

[6:42pm] Psychosis: sudo is easy. just look at /etc/sudoers, there will be examples there
[6:42pm] ben-agaric: we are aware that we have some suboptimall matters
[6:42pm] Psychosis: you just need something like "karthik ALL=(ALL) ALL"
[6:42pm] Psychosis: that way we don't need to transmit your root password over anything unsecure

So:
visudo

(If you don't have that command nor an /etc/sudoers, this may be needed first: apt-get install sudo)

Loosening up access:

ben-agaric: is there anything we have to do to allow password login, so we can use the root login option?
[6:58pm] Psychosis: you may have to set "PasswordAuthentication yes"
[6:58pm] Psychosis: but you shouldn't, with the default debian config
[6:59pm] Psychosis: just need to enable root logins
[6:59pm] ben-agaric: ahh, there it is, that makes sense
[6:59pm] ben-agaric: OK, leave it for now
[6:59pm] Psychosis: there's actually a 2nd auth mechanism using pam that it uses for password logins
[6:59pm] ben-agaric: maybe do it temporarily
[6:59pm] Psychosis: the PasswordAuthentication may not be relevant at all, I'm not sure
[6:59pm] Psychosis: but you can try
[6:59pm] Psychosis: keep in mind that you do need to do an "/etc/init.d/ssh reload" between changes
[7:01pm] ben-agaric: good to know
[7:01pm] ben-agaric: Reloading OpenBSD Secure Shell server's configuration.
[7:01pm] ben-agaric: were we had on the Debian?
[7:02pm] Psychosis: openbsd's is considered to be more...secure
ben-agaric: I love GNU-Linux-BSD etc world...

Searched words: 
add user ssh giving ssh passkey access add user linux authorized keys

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.
  • You can use Markdown syntax to format and style the text. Also see Markdown Extra for tables, footnotes, and more.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <blockquote> <small> <h2> <h3> <h4> <h5> <h6> <sub> <sup> <p> <br> <strike> <table> <tr> <td> <thead> <th> <tbody> <tt> <output>
  • Lines and paragraphs break automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.