Versions Compared

Old Version 6

changes.mady.by.user Tenyo Grozev

Saved on

compared with

New Version Current

changes.mady.by.user Tenyo Grozev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Problem:

I need to add a new user to a Linux server

...

Linux servers in Spinup use regular SSH authentication (password authentication has been disabled for security reasons). In addition, high-risk servers require Duo multi-factor authentication when logging in.

By default only the user who created a server can SSH into it using their netid and SSH key specified in their Spinup profile. 

Using spinup-user CLI

The spinup-user command-line utility should be pre-installed on all Spinup Linux servers and can be used to easily add and remove users.


For example, on one of my servers I need to add user jsi3. I just need their public SSH key (which is not sensitive and can be safely shared) and I can then create the user like so:

Code Block
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user add jsi3
Paste one or more SSH public keys for this user (hit Enter when done):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhU7Ucb/4AdGjtTrDZfGexJyLFxngErqWyv9Ryix8scdEOJxC/qWJiBOxasQp5fjF+ZDf5OIXgBrtd7xvJT+Lr+p65hE7EX0KL+JAWPibr0E1b0Gw9mTwAIutPA9u5tt6btmWbPUJXWifft8wgq6aIoqsg/sAzmiEHEJiL17fp7LXwjwDsxzYfskLX58uVIVqyMW5da81CNcqAPavlrGq1p1hd/+8i/2m8ql0VHnAOMdqQz5tmGY6N7F/AbtSLDaki7XTS6vQZUc5wr3ZHIe6wuQhk82/VVWoNjlxOjhwBItE0Tb7bCDkMgZ0RMymmpl/T5ioyyZmYQjmP3Xmdhdsb

Added user jsi3


You can use the list command to see all users on the server and get more information about them:

Code Block
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user list
jsi3
tg333 (admin)

[tg333@ip-10-5-32-247 ~]$ sudo spinup-user list jsi3
Username: jsi3
Admin: false
Shell: /bin/bash
Homedir: /home/jsi3
UID: 1002
GID: 1002

Authorized keys:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhU7Ucb/4AdGjtTrDZfGexJyLFxngErqWyv9Ryix8scdEOJxC/qWJiBOxasQp5fjF+ZDf5OIXgBrtd7xvJT+Lr+p65hE7EX0KL+JAWPibr0E1b0Gw9mTwAIutPA9u5tt6btmWbPUJXWifft8wgq6aIoqsg/sAzmiEHEJiL17fp7LXwjwDsxzYfskLX58uVIVqyMW5da81CNcqAPavlrGq1p1hd/+8i/2m8ql0VHnAOMdqQz5tmGY6N7F/AbtSLDaki7XTS6vQZUc5wr3ZHIe6wuQhk82/VVWoNjlxOjhwBItE0Tb7bCDkMgZ0RMymmpl/T5ioyyZmYQjmP3Xmdhdsb


Note that by default the new user does not have admin (sudo) privileges. To make an admin user you can use the -a flag. Be careful who you make an admin as they will have unlimited root access on the server!

Code Block
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user add jsi3 -a


To delete a user and their home directory:

Code Block
[tg333@ip-10-5-32-247 ~]$ sudo spinup-user remove jsi3
Removed user jsi3


This is just a brief overview of how to use the CLI. For more information and examples you can see the Github repo https://github.com/YaleSpinup/spinup-user


Manual step-by-step guide

If for some reason you cannot use the spinup-user CLI you can manually create a Linux user.


Code Block
languagebash
themeMidnight
firstline1
titleCentos
linenumberstrue
$ sudo -s
$ NEWUSER=<netid of person you would like to add>  #Variable that is used in future commands
$ adduser $NEWUSER
$ gpasswd -a $NEWUSER wheel  #If you would like to give them root access
$ mkdir -m 700 /home/$NEWUSER/.ssh
$ echo "User's PUBLIC key" > /home/$NEWUSER/.ssh/authorized_keys
$ chmod 600 /home/$NEWUSER/.ssh/authorized_keys
$ chown -R $NEWUSER:$NEWUSER /home/$NEWUSER/.ssh
$ restorecon -FRvv /home/$NEWUSER/.ssh  #Required if Selinux is running on the server

...