Adding new users to Ubuntu is easy because of the convenience tools that exist.
Start with the command
sudo useradd -d /home/testuser -m testuser
This creates the user and sets up a default home directory. The user doesn't have a password, but you could add one with passwd if you wanted to.
Then create a directory .ssh in their home directory. Create a file called authorized_keys in the directory and copy in contents of the users public key into it.
Chown the .ssh directory (and file) to the user and chmod the file to 600. The directory should be mode 700.
Make sure that /etc/sshd_config is set up to deny logging in by password.
If you want to set up their bash profile you can copy the ".profile" and ".bashrc" files to their home directory. Remember to edit /etc/passwd and set their shell to bash.
The user should be able to login using their public key by setting up their .ssh/config on their home machine.
If you want them to have administrative privilege on the machine you need to add them to the "sudo" group with this command : usermod -aG sudo username. Because you've disabled password access to the machine you'll need to add a new config file in /etc/sudoers.d that allows them to sudo without a password. It will need to have a line like this: testuser ALL=(ALL) NOPASSWD:ALL
If you're feeling lazy you might want to use a script. I've created one and shared it below, but I strongly suggest that you rather write your own and don't use mine for anything other than an idea. I'm not guaranteeing that it works or even that it's particularly useful.
Start with the command
sudo useradd -d /home/testuser -m testuser
This creates the user and sets up a default home directory. The user doesn't have a password, but you could add one with passwd if you wanted to.
Then create a directory .ssh in their home directory. Create a file called authorized_keys in the directory and copy in contents of the users public key into it.
Chown the .ssh directory (and file) to the user and chmod the file to 600. The directory should be mode 700.
Make sure that /etc/sshd_config is set up to deny logging in by password.
If you want to set up their bash profile you can copy the ".profile" and ".bashrc" files to their home directory. Remember to edit /etc/passwd and set their shell to bash.
The user should be able to login using their public key by setting up their .ssh/config on their home machine.
Host fooIf you want to set them up with your custom bash stuff then remember to copy the files into their home directory and chown them. You will need to change their shell to bash by editing /etc/passwd
HostName server.ip.address
User testuser
IdentityFile ~/.ssh/id_rsa
If you want them to have administrative privilege on the machine you need to add them to the "sudo" group with this command : usermod -aG sudo username. Because you've disabled password access to the machine you'll need to add a new config file in /etc/sudoers.d that allows them to sudo without a password. It will need to have a line like this: testuser ALL=(ALL) NOPASSWD:ALL
If you're feeling lazy you might want to use a script. I've created one and shared it below, but I strongly suggest that you rather write your own and don't use mine for anything other than an idea. I'm not guaranteeing that it works or even that it's particularly useful.
Comments
Post a Comment