While experimenting with Ubuntu on a variet of systems I often need to stand up a brand new machine and secure access to it. A lot of providers will setup the machine using the root account and email you a password. I'd rather not use the root user and setup RSA Keys. Doing this manually is a bit of a chore but if you don't have any other options here's how to do it.
- Use adduser to do this quickly.
- Run
adduser <username>
. - Enter a new password twice, Remember this needed for sudo.
This is the section i always forget, I'll usually spend half an hour googling for the chmod settings required.
su <username>
- Create .ssh Folder and authorized keys file
mkdir ~/.ssh
touch ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
- Add a public key to authorized_keys. This is one line per public key. Check it very carefully. Misspastes or typos can lock you out.
ssh-copy-id <username>@<host>
can be used from Unix machines. I use windows.
- In
/etc/ssh/sshd_config
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
usermod -a -G sudo <username>
- In
/etc/ssh/sshd_config
PermitRootLogin no
- In
/etc/ssh/sshd_config
PasswordAuthentication no
- Automate this Options:
- CloudConfig
- Chef / Puppet
- Ansible
- iPXE