/
Account Administration

Account Administration

Owned by David Lau
Last updated: Feb 05, 2025
2 min read

Create administrator account

Individual administrator accounts should be created for each LI that manages the machine.

  • Login to the machine with the ece-li-admin account.

  • Add the new user account:

    sudo adduser <username> --disabled-password --gecos ""

  • Enter any relevant information for the user account.

  • Add the user to the sudo group:

    sudo usermod -aG sudo <username>

  • To test the new account, logout and log back in using the new user account.

SSH key authentication

The preferred method of authenticating users for accessing the system is through the use of SSH keys. The user generates their own key pair and sends the public key portion to the server administrator for enabling the account.

Create administrator account

Create administrator account using instructions above.

User .ssh folder

Setup the user SSH folder.

  • Create the folder and set folder access privileges such that the user owns the folder.

    sudo mkdir /home/username/.ssh sudo chmod 700 /home/username/.ssh sudo chown username:username /home/username/.ssh

Creating SSH key pair

The user being authenticated needs to generate the key pair. It is the responsibility of the user to secure and keep secret the secret key portion of the key pair.

  • From a terminal, generate the SSH key pair.

  • Confirm the output filename of the key files. This can be changed to modify the location where the key files will be created and the name of the files.

  • Optionally, enter a passphrase if one is desired. Confirm passphrase, if one is used.

  • This will generate two files, a private key file (e.g., ~/.ssh/id_rsa) and a public key file (e.g., ~/.ssh/id_rsa.pub).

Add public key

On the server, the public key needs to be added to a file called authorized_keys within the user’s .ssh folder.

  • Create or open the /home/username/.ssh/authorized_keys file.

  • Copy and append the text of the public key file into the authorized_keys file.

  • Exit and save the authorized_keys file.

  • Set the rights to this file to 600 (owner read and write only).

Remove requirement for password

By default the user will still be prompted for a password when attempting to use sudo. To remove this requirement, use visudo.

  • Run visudo.

  • Find the sudo group entry. It will look like the following:

  • Add a no-password rule:

    If you wish to remove the sudo password requirement for all users:

  • Exit visudo and save by pressing CTRL+X, then Y, and then ENTER.

Local config file for quick SSH login

  • Create ~/.ssh/config file.

  • Add entry for server. For example,

  • Exit and save.

  • Load the key into the SSH Agent. For example,

Remove password

If an account was enabled with a password, but now the password is to be removed (i.e. for SSH key access only):

Related content

SSH Key Generation
SSH Key Generation
IST Knowledge Base
More like this
Setting up SSH Authman - for server owners
Setting up SSH Authman - for server owners
IST Knowledge Base
More like this
How to use SSH Authman - for users
How to use SSH Authman - for users
IST Knowledge Base
More like this