Linux add user with ssh

Создание пользователя и SSH ключей

Команды для создания пользователя в linux:

Посмотреть список групп в системе:
vi /etc/group

Посмотреть список груп конкретного пользователя:
id -Gn vasyapupkin

Создать пользователя:
sudo useradd vasya
Создать пользователя + скелетные директории:
sudo adduser vasya

Или создать пользователя сразу добавив в дополнительную группу newGroup:
sudo useradd -G newGroup vasyapupkin

Добавить пользователя vasyapupkin в группу newGroup:
sudo usermod -a -G newGroup vasyapupkin

добавить пользователю права sudo:
sudo usermod -a -G sudo vasya
//relogin after it
Или
sudo visudo
vasya ALL=(ALL:ALL) NOPASSWD:ALL

Удалить пользователя и его домашнюю директорию с файлами:
userdel -r vasya

Команды для работы с SSH ключами в linux:

Создать SSH пару ключей закрытый и открытый:

ssh-keygen -t rsa -b 4096 -C «user@11.1.2.3»

Скопировать ssh ключи от одного пользователя другому

sudo cp -r /home/USER1/.ssh /home/USER2/.ssh
sudo chown -R USER2:USER2 /home/USER2/.ssh
sudo chmod -R 700 /home/ddudin/.ssh

Сменить пароль на ключ можно с помощью команды
ssh-keygen -p

Если вы знаете пароль пользователя, то процесс можно упростить.
Команда
ssh-copy-id user@server
позволяет скопировать ключ не редактируя файлы вручную.

ssh-copy-id -i id_rsa.pub user@11.1.2.3

МОМЕНТЫ:
Все права на /home/USER/.ssh должны быть 700 и только пользователя владельца
Команды для этого:
sudo chown -R USER2:USER2 /home/USER2/.ssh
sudo chmod -R 700 /home/USER2/

Источник

How to create a sudo user on Ubuntu and allow SSH login

Chi Thuc Nguyen

Aug 7, 2019 · 2 min read

The sudo command is used to allow a permitted user to execute a command as the superuser or another user, as specified by the security policy.

In this guide, I will show you how to create a new user on an Ubuntu server and give it sudo access and allow SSH login to that user.

Create a sudo user

1. Log in to your server as the user with superuser privilege

2. Create a new user account

For this, we use adduser command. Don’t be confused with the useradd command here. useradd is a low level binary command compiled with the system, whereas adduser is a high level Perl script built on top of useradd .

You sho u ld always use adduser to create new user as it provides more user friendly and interactive procedure.

Then follow the instruction to finish the procedure

3. Add the user to the sudo group

On Ubuntu, members of the sudo group have sudo privileges by default.

4. Test

• Switch to the new user account

• Verify the superuser privileges by the sudo command

Add public key to allow remote SSH login for the new user

1. Switch to the new user account

2. Create .ssh folder in home directory

3. Create authorized_keys file in side the .ssh folder and add the public key

Use your favorite text editor for this. I use vim here, for example:

And paste your SSH public key here, save and close file

4. Verify SSH remote login

Open another terminal on your machine and try to remote SSH login using new user.

This should work if you have your SSH private key in

/.ssh/id_rsa file, otherwise you must specify the path to your private key with -i option:

If you can login successfully, congratulations!

Источник

How to create a user account on Ubuntu Linux

Steps to create a user account on Ubuntu Linux

1. Open the terminal application
2. Log in to remote box by running the ssh user@your-ubuntu-box-ip
3. To add a new user in Ubuntu run sudo adduser userNameHere
4. Enter password and other needed info to create a user account on Ubuntu server
5. New username would be added to /etc/passwd file, and encrypted password stored in the /etc/shadow file

Let us see all commands in details and

Ubuntu create user account commands

Let us say you need to add a new user in Ubuntu called vivek, type the following command in your shell:
$ sudo adduser vivek
Type your own password and other info:

Verification

Use the grep command or cat command as follows:
$ cat /etc/passwd
$ grep ‘^vivek’ /etc/passwd
Sample outputs:

How do I log in using ssh?

From your Windows (WSL) or macOS or Linux desktop, run:
$ ssh vivek@your-aws-ubuntu-server-ip
OR
$ ssh -i

/.ssh/aws.pub.key vivek@your-aws-ubuntu-server-ip
Enter the password when prompted.

Creating a user account using useradd command on Ubuntu

Alternatively, you can use the useradd command is a low level utility for adding users on Ubuntu. The syntax is:
$ sudo useradd -s /path/to/shell -d /home/ -m -G
$ sudo passwd
Let us create a new user named vivek using the useradd command on Ubuntu:
$ sudo useradd -s /bin/bash -d /home/vivek/ -m -G sudo vivek
$ sudo passwd vivek
Where,

• -s /bin/bash – Set /bin/bash as login shell of the new account
• -d /home/vivek/ – Set /home/vivek/ as home directory of the new Ubuntu account
• -m – Create the user’s home directory
• -G sudo – Make sure vivek user can sudo i.e. give admin access to the new account

I strongly recommend installing ssh keys while creating the new user account. You must have RSA/ed25519 key pair on your local desktop/laptop . Use the cat command to view your current RSA/ed25519 public key on the desktop:
$ cat

View public ssh key on your macos/unix/linux desktop

How to delete a user account

Use the userdel command as follows:
sudo userdel
sudo userdel vivek
To remove home directory and mail spool too, enter:
sudo userdel -r
sudo userdel -r jerry

How to change Linux user password

Run the following passwd command:
sudo passwd
sudo passwd tom
To change your own password, enter:
passwd
First, the user is prompted for their current password. If the current password is correctly typed, a new password is requested. The new password must be entered twice to avoid password mismatch errors.

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Conclusion

In this quick tutorial, you learned how to add users in Ubuntu Linux using the CLI. The same commands works for any Debian/Ubuntu based distribution too. See useradd man page using the man command or read it online here:
man 8 useradd
man 8 passwd
man 8 adduser

🐧 Get the latest tutorials on Linux, Open Source & DevOps via

Источник

How do I add new user accounts with SSH access to my Amazon EC2 Linux instance?

Last updated: 2021-08-05

I want to add new user accounts that can connect to my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance using SSH. How do I do that?

Short description

Every Amazon EC2 Linux instance launches with a default system user account with administrative access to the instance. If multiple users require access to the instance, then it’s a security best practice to use separate accounts for each user.

You can expedite these steps by using cloud-init and user data. For more information, see How do I add new user accounts with SSH access to my EC2 instance using cloud-init and user data?

Resolution

Create a key pair for the new user account

• Create a key pair, or use an existing one, for the new user.
• If you create your own key pair using the command line, then follow the recommendations at create-key-pair or New-EC2KeyPair Cmdlet for key type and bit length.
• If you create your own key pair using a third-party tool, then be sure that your key matches the guidelines. For more information, see the To import the public key section in Create a key pair using a third-party tool and import the public key to Amazon EC2.

Add a new user to the EC2 Linux instance

2. Use the adduser command to add a new user account to an EC2 instance (replace new_user with the new account name). The following example creates an associated group, home directory, and an entry in the /etc/passwd file of the instance.

The home directory might not be created by default in some configurations. Verify that the home directory was created before continuing.

Note: If you add the new_user to an Ubuntu instance, include the —disabled-password option to avoid adding a password to the new account:

3. Change the security context to the new_user account so that folders and files you create have the correct permissions:

Note: When you run the sudo su — new_user command, the name at the top of the command shell prompt changes to reflect the new user account context of your shell session.

4. Create a .ssh directory in the new_user home directory:

5. Use the chmod command to change the .ssh directory’s permissions to 700. Changing the permissions restricts access so that only the new_user can read, write, or open the .ssh directory.

6. Use the touch command to create the authorized_keys file in the .ssh directory:

7. Use the chmod command to change the .ssh/authorized_keys file permissions to 600. Changing the file permissions restricts read or write access to the new_user.

Retrieve the public key for your key pair

Retrieve the public key for your key pair using the method that applies to your configuration:

Verify your key pair’s fingerprint

After you import your own public key or retrieve the public key for your key pair, follow the steps at Verify your key pair’s fingerprint.

Update and verify the new user account credentials

After you retrieve the public key, confirm that you have permission to add the public key to the .ssh/authorized_keys file for this account:

1. Run the Linux cat command in append mode:

2. Paste the public key into the .ssh/authorized_keys file and then press Enter.

Note: For most Linux command line interfaces, the Ctrl+Shift+V key combination pastes the contents of the clipboard into the command line window. For the PuTTY command line interface, right-click to paste the contents of the clipboard into the PuTTY command line window.

3. Press and hold Ctrl+d to exit cat and return to the command line session prompt.

Verify that the new user can use SSH to connect to the EC2 instance

1. Run the following command from a command line prompt on your local computer:

To connect to your EC2 Linux instance using SSH from Windows, follow the steps at Connect to your Linux instance from Windows using PuTTY.

Note: If you receive errors when trying to connect, refer to Troubleshoot connecting to your instance.

2. Run the id command from the instance’s command line to view the user and group information created for the new_user account:

The id command returns information similar to the following:

3. Distribute the private key file to your new user.

Источник

Ubuntu 16.04 — Creating New User and Adding SSH Keys

I am following the tutorial to add an SSL certificate to the Ubuntu 16.04 droplet, but in the instructions it is recommended this is not done through the root user, but rather a super user. As a result, I created a separate user and added it to a super user group, but I’m getting hung up on the step that adds ssh keys to this user.

First, I should switch to the user via su — *username* , which should take you to the /home directory of the user. When I check the path with pwd it shows /home , but when I run who I am shown as the root user. Is this the correct behavior since I’m still technically logged in under root, but sudoing into this user?

I am then asked to create the

/.ssh/id_rsa.pub with my ssh-key, but it already exists when I run the commands. Side note: I created this user a while back and may have added them then, but not sure. I decided to move on since they exist.

I tried to ssh into my user and it successfully connects, but then immediately closes. Any reason why that might be? Any help to point me in the right direction would be great!

Related

Join 1M+ other developers and:

• Get help and share knowledge in Q&A
• Subscribe to topics of interest
• Get courses & tools that help you grow as a developer or small business owner

Join Now

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

The root user is a super user and the only real super user on the OS by default. You can add sudo users which have permission to escalate to root after authenticating, though root is still a super user :-).

When you run commands as the sudo user, if you escalate to root using su , you become root , so when you check your home directory, it might not be what you expect. You’’ll want to run commands using sudo :

You’ll authenticate and then won’t need to re-authenticate for a period of time. By doing this, you’ll ensure that commands that you run specific to the user are as expected.

For example, if I’m logged in as root and create a sudo user, I normally set and create their home directory at the same time.

Create Home Directory + .ssh Directory

Create Authorized Keys File

Create User + Set Home Directory

Add User to sudo Group

Set Permissions

Set Password on User

If you want to be able to log in as the user without an SSH key, setting a password will allow that, as long as PasswordAuthentication is enabled in /etc/ssh/sshd_config .

You can check the users home directory by running:

… while logged in as the user. If you echo $PWD , it’ll give you the current path to the directory that you’re currently in. So if I ran cd /home , running:

… will give me /home . If my home directory is /home/mynewuser , then $HOME will give me that directory :-).

From there, you’ll log in as the user and create your SSH key. I generally use a heavier key with more KDF rounds, though it can delay log in by a few seconds to minutes depending on how many KDF rounds you use.

For example, to generate an RSA key, I’d use:

For an ED25519 key, I’d use:

-a — KDF Rounds (key derivation function)
-b — Bit size (applies to RSA, but not ED25519)
-C — Sets the comment on the key to be blank
-e — Sets the key hash used (sha256 is default)
-o — Uses new OpenSSH format for keys
-t — Specifies the type of key (RSA/ED25519)

With 1,000 KDF rounds, the key takes a few seconds to generate when you use a passphrase, and it will take a few seconds to log in as well. Using KDF generates a more secure key, though you have to be careful as setting it too high will definitely cause severe delays when trying to log in (i.e. 20,000 rounds will take an averages of 2-4 minutes to generate and the same to log in).

Once your public/private key are generated, place the public key in:

Download the private key locally and then remove both from the server as they are no longer needed. The public key only needs to exist in the file above and you shouldn’t keep your private key on the server :-).

Источник