Setting up accounts on Linux servers
User Creation
Create a user:
useradd -m \ --groups additional_groups \ --shell login_shell username
or shorthand
useradd -m -G additional_groups -s login_shell username
For example, new user 'john' in group 'sudo'
useradd -m --groups sudo --shell /bin/bash john
This is assuming the sudo group is `sudo`, it can vary. It's usually `sudo` on ubuntu, sometimes `wheel`. You can check in /etc/sudoers
:
# Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL
You should also make sure the above line is uncommented in /etc/sudoers
to allow users to elevate if they are the group.
Set the users password:
passwd username
User SSH Access
In order to allow users SSH access via public key authentication at their public key to the authorized_keys
file in their $HOME
.
First make sure they have the correct directory structure with the correct permissions:
user=john mkdir -p /home/$user/.ssh chown $user:$user /home/$user/.ssh chmod 700 /home/$user/.ssh
Create ~/.ssh/authorized_keys
:
user=john touch /home/$user/.ssh/authorized_keys
Add the users SSH public key(s) one on each line to ~/.ssh/authorized_keys. For testing purposes You may wish to add your own public key to their authorized keys file, confirm you can log in to their account, and then remove your public key after.
Make sure permissions are correct:
chown $user:$user /home/$user/.ssh/authorized_keys chmod 644 /home/$user/.ssh/authorized_keys
Example Setup
Create a user named 'john' With a public key:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC6uS2pGu/Vg53skjc00jCqGbOGLihiiORjD5aOLw48d not a real key
With sudo access
First elevate to root:
sudo -i
Then create user:
user=john useradd -m --groups sudo --shell /bin/bash $user mkdir -p /home/$user/.ssh chown $user:$user /home/$user/.ssh chmod 700 /home/$user/.ssh touch /home/$user/.ssh/authorized_keys echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC6uS2pGu/Vg53skjc00jCqGbOGLihiiORjD5aOLw48d not a real key' >> /home/$user/.ssh/authorized_keys chown $user:$user /home/$user/.ssh/authorized_keys chmod 644 /home/$user/.ssh/authorized_keys passwd $user
Instructions For User
Provide the user with their username, and the host name of the server. Depending where the server lives on the UBC Network they may need to use a "jump server" such as ssh.ece.ubc.ca if they're not already on the UBC network.