模板:USJ New SSH Users
来自Ubuntu中文
Adding new SSH users
- On the server, create a second user account (that guest users can use for SSH purposes) with a password dissimilar to any other passwords (such as myjauntyguestpassword):
sudo useradd -m myjaunty00guest sudo passwd myjaunty00guest sudo mkdir /home/myjaunty00guest/.ssh sudo chmod 777 /home/myjaunty00guest/.ssh
- Allow OpenSSH Password Authentication temporarily. Edit the OpenSSH configuration file:
sudo gedit /etc/ssh/sshd_config
- and temporarily allow Password-based Authentication by changing the line:
PasswordAuthentication no
- to
PasswordAuthentication yes
- then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
From the new Linux user's client computer:
ssh-keygen scp -P 22199 ~/.ssh/id_rsa.pub myjaunty00guest@myjaunty00.dyndns.org:~/.ssh/id_rsa.pub
- When prompted, of course, the guest password, myjauntyguestpassword, should be entered.
- Back on the server (logged in as the administrator jauntyadmin00), turn off the OpenSSH Password Authentication again:
sudo gedit /etc/ssh/sshd_config
Change the line:
PasswordAuthentication yes
- to
PasswordAuthentication no
- then restart the OpenSSH server:
sudo /etc/init.d/ssh restart
It is then usually best (for security reasons) to now change the guest password to something completely different:
sudo passwd myjaunty00guest
- Copy the new id_rsa.pub key to the myjaunty00admin folder and concatenate it to the authorized_keys file there:
sudo cp /home/myjaunty00guest/.ssh/id_rsa.pub /home/jauntyadmin00/.ssh/id_rsaguest.pub sudo chown -R jauntyadmin00 /home/jauntyadmin00 cd ~/.ssh cat authorized_keys id_rsaguest.pub >> authorized_keys
Note: this new /home/jauntyadmin00/.ssh/authorized_keys file should also be copied to /home/client9260/.ssh/authorized_keys and /home/text9260/.ssh/authorized_keys as detailed in the subsequent OpenVistA EHR section.
- If Windows-based PuTTY SSH users are to be added to the system, then see this tutorial. The SSH keys must be tweaked to be used with OpenSSH, copied to the server, and then concatenated to the authorized_keys file in a similar fashion.