Providing geek access to our servers: Difference between revisions
From Freegle Wiki
Jump to navigationJump to search
(Add these instructions - these are standard instructions and are not a security breach) |
No edit summary |
||
(5 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
These are instructions for providing a new geek with full access to | These are instructions for providing a new geek with full access to the Freegle servers. | ||
== Software == | == Software == | ||
Line 7: | Line 7: | ||
*Putty: [http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/] - provides shell prompt | *Putty: [http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/] - provides shell prompt | ||
*WinSCP: [http://winscp.net/eng/index.php http://winscp.net/eng/index.php] - provides file access | *WinSCP: [http://winscp.net/eng/index.php http://winscp.net/eng/index.php] - provides file access | ||
SmartFTP (paid) or FileZilla (free) are good FTP clients. | |||
== Create access key == | == Create access key == | ||
Line 38: | Line 40: | ||
*In that directory create file authorized_keys | *In that directory create file authorized_keys | ||
**in that file you put the public half of any SSH keys you want to use for password-less logging in, ie usually starting with ssh-rsa and ending with rsa-key-20100411 | **in that file you put the public half of any SSH keys you want to use for password-less logging in, ie usually starting with ssh-rsa and ending with rsa-key-20100411 | ||
*You'll want to "chmod 700 .ssh" and "chmod 600 authorized_keys" (read/write only by user) to keep SSH happier. | *You'll want to "chmod 700 .ssh" and "chmod 600 authorized_keys" (read/write only by user) to keep SSH happier. | ||
*Set up putty and WinSCP to use SSH to login. In both cases refer to your local private key file. | *Set up putty and WinSCP to use SSH to login. In both cases refer to your local private key file. | ||
*You should now normally access the server using the SSH methods. | *You should now normally access the server using the SSH methods. | ||
*Note that in WinSCP you cannot "sudo su" to root so some files will not be accessible. | *Note that in WinSCP you cannot "sudo su" to root so some files will not be accessible. | ||
You only put the public half on servers you are logging into. The private file always stays with you, so you can use the key pair (pvt/pub) to login to as many servers as you care to setup. | You only put the public half on servers you are logging into. The private file always stays with you, so you can use the key pair (pvt/pub) to login to as many servers as you care to setup. | ||
<br> Back to [[Geeks Team Remit]] | |||
[[Category:Geeks Team]] |
Latest revision as of 08:55, 7 December 2019
These are instructions for providing a new geek with full access to the Freegle servers.
Software
On access from Windows, try these:
- Putty: http://www.chiark.greenend.org.uk/~sgtatham/putty/ - provides shell prompt
- WinSCP: http://winscp.net/eng/index.php - provides file access
SmartFTP (paid) or FileZilla (free) are good FTP clients.
Create access key
Use puttygen to create public and private SSH keys:
- SSH-2 RSA, 2048 bits
- save the public and private keys - ?no need for a passphrase on the private key
Add user
An existing geek needs to login and "sudu su" to root:
- Add a user:
- adduser <user>
- giving an initial password
- Give them su permissions
- usermod -G sudo -a <user>
- -G says add to your list of supplemental groups (as opposed to your primary group)
- -a says append, not replace the list of supplemental groups
Login
The new geek will need to log in using putty (with username and password) then change their password so it's secret.
Set SSH Key
The new geek should set up logging in using SSH as it is more secure:
- mkdir /home/<user>/.ssh
- In that directory create file authorized_keys
- in that file you put the public half of any SSH keys you want to use for password-less logging in, ie usually starting with ssh-rsa and ending with rsa-key-20100411
- You'll want to "chmod 700 .ssh" and "chmod 600 authorized_keys" (read/write only by user) to keep SSH happier.
- Set up putty and WinSCP to use SSH to login. In both cases refer to your local private key file.
- You should now normally access the server using the SSH methods.
- Note that in WinSCP you cannot "sudo su" to root so some files will not be accessible.
You only put the public half on servers you are logging into. The private file always stays with you, so you can use the key pair (pvt/pub) to login to as many servers as you care to setup.
Back to Geeks Team Remit