模板:USJ New SSH Users

来自Ubuntu中文
Oneleaf留言 | 贡献2010年6月25日 (五) 10:22的版本 (以内容'== Adding new SSH users == *On the server, create a second user account (that guest users can use for SSH purposes) with a password dissimilar to any other passwords (such …'创建新页面)
(差异) ←上一版本 | 最后版本 (差异) | 下一版本→ (差异)
跳到导航跳到搜索

Adding new SSH users

  • On the server, create a second user account (that guest users can use for SSH purposes) with a password dissimilar to any other passwords (such as myjauntyguestpassword):
sudo useradd -m myjaunty00guest
sudo passwd myjaunty00guest
sudo mkdir /home/myjaunty00guest/.ssh
sudo chmod 777 /home/myjaunty00guest/.ssh
  • Allow OpenSSH Password Authentication temporarily. Edit the OpenSSH configuration file:
sudo gedit /etc/ssh/sshd_config
and temporarily allow Password-based Authentication by changing the line:
PasswordAuthentication no
to
PasswordAuthentication yes
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart

From the new Linux user's client computer:

ssh-keygen
scp -P 22199 ~/.ssh/id_rsa.pub myjaunty00guest@myjaunty00.dyndns.org:~/.ssh/id_rsa.pub
When prompted, of course, the guest password, myjauntyguestpassword, should be entered.
  • Back on the server (logged in as the administrator jauntyadmin00), turn off the OpenSSH Password Authentication again:
sudo gedit /etc/ssh/sshd_config

Change the line:

PasswordAuthentication yes
to
PasswordAuthentication no
then restart the OpenSSH server:
sudo /etc/init.d/ssh restart

It is then usually best (for security reasons) to now change the guest password to something completely different:

sudo passwd myjaunty00guest
  • Copy the new id_rsa.pub key to the myjaunty00admin folder and concatenate it to the authorized_keys file there:
sudo cp /home/myjaunty00guest/.ssh/id_rsa.pub /home/jauntyadmin00/.ssh/id_rsaguest.pub
sudo chown -R jauntyadmin00 /home/jauntyadmin00
cd ~/.ssh
cat authorized_keys id_rsaguest.pub >> authorized_keys

Note: this new /home/jauntyadmin00/.ssh/authorized_keys file should also be copied to /home/client9260/.ssh/authorized_keys and /home/text9260/.ssh/authorized_keys as detailed in the subsequent OpenVistA EHR section.

  • If Windows-based PuTTY SSH users are to be added to the system, then see this tutorial. The SSH keys must be tweaked to be used with OpenSSH, copied to the server, and then concatenated to the authorized_keys file in a similar fashion.