Problem:
I need to add a new user to a Linux server
...
Linux servers in Spinup use regular SSH authentication (password authentication has been disabled for security reasons). In addition, high-risk servers require Duo multi-factor authentication when logging in.
By default only the user who created a server can SSH into it using their netid and SSH key specified in their Spinup profile.
Using spinup-user CLI
The spinup-user
command-line utility should be pre-installed on all Spinup Linux servers and can be used to easily add and remove users.
For example, on one of my servers I need to add user jsi3
. I just need their public SSH key (which is not sensitive and can be safely shared) and I can then create the user like so:
Code Block |
---|
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user add jsi3
Paste one or more SSH public keys for this user (hit Enter when done):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhU7Ucb/4AdGjtTrDZfGexJyLFxngErqWyv9Ryix8scdEOJxC/qWJiBOxasQp5fjF+ZDf5OIXgBrtd7xvJT+Lr+p65hE7EX0KL+JAWPibr0E1b0Gw9mTwAIutPA9u5tt6btmWbPUJXWifft8wgq6aIoqsg/sAzmiEHEJiL17fp7LXwjwDsxzYfskLX58uVIVqyMW5da81CNcqAPavlrGq1p1hd/+8i/2m8ql0VHnAOMdqQz5tmGY6N7F/AbtSLDaki7XTS6vQZUc5wr3ZHIe6wuQhk82/VVWoNjlxOjhwBItE0Tb7bCDkMgZ0RMymmpl/T5ioyyZmYQjmP3Xmdhdsb
Added user jsi3 |
You can use the list
command to see all users on the server and get more information about them:
Code Block |
---|
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user list
jsi3
tg333 (admin)
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user list jsi3
Username: jsi3
Admin: false
Shell: /bin/bash
Homedir: /home/jsi3
UID: 1002
GID: 1002
Authorized keys:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhU7Ucb/4AdGjtTrDZfGexJyLFxngErqWyv9Ryix8scdEOJxC/qWJiBOxasQp5fjF+ZDf5OIXgBrtd7xvJT+Lr+p65hE7EX0KL+JAWPibr0E1b0Gw9mTwAIutPA9u5tt6btmWbPUJXWifft8wgq6aIoqsg/sAzmiEHEJiL17fp7LXwjwDsxzYfskLX58uVIVqyMW5da81CNcqAPavlrGq1p1hd/+8i/2m8ql0VHnAOMdqQz5tmGY6N7F/AbtSLDaki7XTS6vQZUc5wr3ZHIe6wuQhk82/VVWoNjlxOjhwBItE0Tb7bCDkMgZ0RMymmpl/T5ioyyZmYQjmP3Xmdhdsb |
Note that by default the new user does not have admin (sudo) privileges. To make an admin user you can use the -a
flag. Be careful who you make an admin as they will have unlimited root access on the server!
Code Block |
---|
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user add jsi3 -a |
To delete a user and their home directory:
Code Block |
---|
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user remove jsi3
Removed user jsi3 |
This is just a brief overview of how to use the CLI. For more information and examples you can see the Github repo https://github.com/YaleSpinup/spinup-user
Manual step-by-step guide
If for some reason you cannot use the spinup-user
CLI you can manually create a Linux user.
Code Block | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
$ sudo -s $ NEWUSER=<netid of person you would like to add> #Variable that is used in future commands $ adduser $NEWUSER $ gpasswd -a $NEWUSER wheel #If you would like to give them root access $ mkdir -m 700 /home/$NEWUSER/.ssh $ echo "User's PUBLIC key" > /home/$NEWUSER/.ssh/authorized_keys $ chmod 600 /home/$NEWUSER/.ssh/authorized_keys $ chown -R $NEWUSER:$NEWUSER /home/$NEWUSER/.ssh $ restorecon -FRvv /home/$NEWUSER/.ssh #Required if Selinux is running on the server |
...