Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 20 Next »

Create administrator account

Individual administrator accounts should be created for each LI that manages the machine.

  • Login to the machine with the ece-li-admin account.

  • Add the new user account:

    sudo adduser username

  • Enter any relevant information for the user account.

  • Add the user to the sudo group:

    sudo usermod -aG sudo username

  • To test the new account, logout and log back in using the new user account.

SSH key authentication

The preferred method of authenticating users for accessing the system is through the use of SSH keys. The user generates their own key pair and sends the public key portion to the server administrator for enabling the account.

Create user account

A user account needs to exist to which the SSH key will be associated. If the user account does not already exist, create it.

  • Create the user account.

    sudo useradd username

  • Do not enter a password when prompted, as the SSH key will be the method of authentication.

  • If necessary, add the user to the sudo group.

    sudo usermod -aG sudo username

User .ssh folder

Setup the user SSH folder.

  • Create the folder and set folder access privileges such that the user owns the folder.

    sudo mkdir /home/username/.ssh
sudo chmod 700 /home/username/.ssh
sudo chown username:username /home/username/.ssh

Creating SSH key pair

The user being authenticated needs to generate the key pair. It is the responsibility of the user to secure and keep secret the secret key portion of the key pair.

  • From a terminal, generate the SSH key pair.

    ssh-keygen -t rsa

  • Confirm the output filename of the key files. This can be changed to modify the location where the key files will be created and the name of the files.

  • Optionally, enter a passphrase if one is desired. Confirm passphrase, if one is used.

  • This will generate two files, a private key file (e.g., ~/.ssh/id_rsa) and a public key file (e.g., ~/.ssh/id_rsa.pub).

Add public key

On the server, the public key needs to be added to a file called authorized_keys within the user’s .ssh folder.

  • Create or open the /home/username/.ssh/authorized_keys file.

    sudo nano /home/username/.ssh/authorized_keys

  • Copy and append the text of the public key file into the authorized_keys file.

  • Exit and save the authorized_keys file.

  • Set the rights to this file to 600 (owner read and write only).

    sudo chmod 600 /home/username/.ssh/authorized_keys
sudo chown username:username /home/username/.ssh/authorized_keys

Remove requirement for password

By default the user will still be prompted for a password when attempting to use sudo. To remove this requirement, use visudo.

  • Run visudo.

    sudo visudo

  • Find the sudo group entry. It will look like the following:

    %sudo   ALL=(ALL:ALL) ALL

  • Add a no-password rule:

    your_username ALL=(ALL) NOPASSWD:ALL

    If you wish to remove the sudo password requirement for all users:

    %sudo   ALL=(ALL:ALL) NOPASSWD:ALL

  • Exit visudo and save by pressing CTRL+X, then Y, and then ENTER.

Local config file for quick SSH login

  • Create ~/.ssh/config file.

    sudo nano ~/.ssh/config

  • Add entry for server. For example,

    Host openedx-01
  Hostname ece-openedx-01.eng.uwaterloo.ca
  User d24lau
  IdentityFile /Users/d24lau/.ssh/id_rsa_d24lau_01

  • Exit and save.

  • Load the key into the SSH Agent. For example,

    sudo chmod 600 ~/.ssh/id_rsa_d24lau_01
ssh-add ~/.ssh/id_rsa_d24lau_01

  • No labels