Providing geek access to our servers: Difference between revisions
From Freegle Wiki
Jump to navigationJump to search
(Created page with 'These are instructions for providing a new geek with full access to our server(s). == Software == On access from Windows, try these: *Putty: [http://www.chiark.greenend.org.uk…') |
(Add these instructions - these are standard instructions and are not a security breach) |
||
Line 1: | Line 1: | ||
These are instructions for providing a new geek with full access to our server(s). | These are instructions for providing a new geek with full access to our server(s). | ||
== Software == | == Software == | ||
On access from Windows, try these: | On access from Windows, try these: | ||
*Putty: [http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/] - provides shell prompt | *Putty: [http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/] - provides shell prompt | ||
*WinSCP: [http://winscp.net/eng/index.php http://winscp.net/eng/index.php] - provides file access | *WinSCP: [http://winscp.net/eng/index.php http://winscp.net/eng/index.php] - provides file access | ||
== Create access key == | == Create access key == | ||
Use puttygen to create public and private keys: | Use puttygen to create public and private SSH keys: | ||
SSH-2 RSA, 2048 bits | *SSH-2 RSA, 2048 bits | ||
*save the public and private keys - ?no need for a passphrase on the private key | |||
== Add user == | |||
An existing geek needs to login and "sudu su" to root: | |||
*Add a user: | |||
**adduser <user> | |||
*giving an initial password | |||
*Give them su permissions | |||
**usermod -G sudo -a <user> | |||
*-G says add to your list of supplemental groups (as opposed to your primary group) | |||
*-a says append, not replace the list of supplemental groups | |||
== Login == | |||
The new geek will need to log in using putty (with username and password) then change their password so it's secret. | |||
== Set SSH Key == | |||
The new geek should set up logging in using SSH as it is more secure: | |||
*mkdir /home/<user>/.ssh | |||
*In that directory create file authorized_keys | |||
**in that file you put the public half of any SSH keys you want to use for password-less logging in, ie usually starting with ssh-rsa and ending with rsa-key-20100411 | |||
*You'll want to "chmod 700 .ssh" and "chmod 600 authorized_keys" (read/write only by user) to keep SSH happier. | |||
*Set up putty and WinSCP to use SSH to login. In both cases refer to your local private key file. | |||
*You should now normally access the server using the SSH methods. | |||
*Note that in WinSCP you cannot "sudo su" to root so some files will not be accessible. | |||
You only put the public half on servers you are logging into. The private file always stays with you, so you can use the key pair (pvt/pub) to login to as many servers as you care to setup. | |||
Revision as of 12:29, 30 October 2011
These are instructions for providing a new geek with full access to our server(s).
Software
On access from Windows, try these:
- Putty: http://www.chiark.greenend.org.uk/~sgtatham/putty/ - provides shell prompt
- WinSCP: http://winscp.net/eng/index.php - provides file access
Create access key
Use puttygen to create public and private SSH keys:
- SSH-2 RSA, 2048 bits
- save the public and private keys - ?no need for a passphrase on the private key
Add user
An existing geek needs to login and "sudu su" to root:
- Add a user:
- adduser <user>
- giving an initial password
- Give them su permissions
- usermod -G sudo -a <user>
- -G says add to your list of supplemental groups (as opposed to your primary group)
- -a says append, not replace the list of supplemental groups
Login
The new geek will need to log in using putty (with username and password) then change their password so it's secret.
Set SSH Key
The new geek should set up logging in using SSH as it is more secure:
- mkdir /home/<user>/.ssh
- In that directory create file authorized_keys
- in that file you put the public half of any SSH keys you want to use for password-less logging in, ie usually starting with ssh-rsa and ending with rsa-key-20100411
- You'll want to "chmod 700 .ssh" and "chmod 600 authorized_keys" (read/write only by user) to keep SSH happier.
- Set up putty and WinSCP to use SSH to login. In both cases refer to your local private key file.
- You should now normally access the server using the SSH methods.
- Note that in WinSCP you cannot "sudo su" to root so some files will not be accessible.
You only put the public half on servers you are logging into. The private file always stays with you, so you can use the key pair (pvt/pub) to login to as many servers as you care to setup.