Run the following command to add a new user on a system.
sudo adduser <username>
This is a step that should only be done for any users with sys-admin access.
sudo gpasswd -a <username> sudo
All users will only be allowed to access any server using a SSH Key. We have two options to generate and provide key based access.
- We can ask the users to create their own key pairs and send to us or;
- We can create a key pair for the user and share the same.
We will go for the later option as the process of generating the key, the methods is something that all users wont be aware off. Also, generating a key pair is something that may need additional software installation which is not preferred as per IT as well.
- Login as the user who's SSH key you want to set
su - <username>
This will need you to provide the password for the user.
- Generate the Key-Pair
ssh-keygen -t rsa
You will be prompted a set of questions. There is no need to change any values so you can just keep pressing and proceed but if you wish to you can change the values.
- Setup the Public Key as part of the User Login
mv .ssh/id_rsa.pub .ssh/authorized_keys
-
Email the Private key to the user Take the file at the location
.ssh/id_rsa
and send it across to the user. User will need to use this private key to be able to login. -
Set the permissions
chmod 600 .ssh/authorized_keys
Some may say that a sys-admin generating the key pair is not safe. Once the user is able to login into the system, they can (if they want to & know how to) generate a fresh new pair of keys and update their public key at
.ssh/authorized_keys
thus securing the account.
If you need to change a user's password you can use the following command
sudo passwd <username>
Once the user logs in to the system they shoudl change their default password.