Providing geek access to our servers: Difference between revisions

From Freegle Wiki
Jump to navigationJump to search
(Created page with 'These are instructions for providing a new geek with full access to our server(s). == Software == On access from Windows, try these: *Putty: [http://www.chiark.greenend.org.uk…')
 
No edit summary
 
(6 intermediate revisions by 3 users not shown)
Line 1: Line 1:
These are instructions for providing a new geek with full access to our server(s).
These are instructions for providing a new geek with full access to the Freegle servers.  


== Software ==
== Software ==


On access from Windows, try these:
On access from Windows, try these:  


*Putty: [http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/] - provides shell prompt
*Putty: [http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/] - provides shell prompt  
*WinSCP: [http://winscp.net/eng/index.php http://winscp.net/eng/index.php] - provides file access
*WinSCP: [http://winscp.net/eng/index.php http://winscp.net/eng/index.php] - provides file access


== Create access key ==
SmartFTP (paid) or FileZilla (free) are good FTP clients.


Use puttygen to create public and private keys:
== Create access key  ==


SSH-2 RSA, 2048 bits
Use puttygen to create public and private SSH keys:


save the public and private keys - ?no need for a passphrase on the private key
*SSH-2 RSA, 2048 bits
*save the public and private keys -  ?no need for a passphrase on the private key


== Add user ==
== Add user ==


An existing geek needs to login and sudu su to root:
An existing geek needs to login and "sudu su" to root:  


Add a user:
*Add a user:  
**adduser <user>
*giving an initial password
*Give them su permissions
**usermod -G sudo -a <user>
*-G says add to your list of supplemental groups (as opposed to your primary group)
*-a says append, not replace the list of supplemental groups


adduser <user>
==  Login  ==


giving an initial password
The new geek will need to log in using putty (with username and password) then change their password so it's secret.


Give them su permissions
== Set SSH Key  ==


usermod -G sudo -a <user>
The new geek should set up logging in using SSH as it is more secure:


-G says add to your list of supplemental groups (as opposed to your primary group)
*mkdir /home/<user>/.ssh
*In that directory create file authorized_keys
**in that file you put the public half of any SSH keys you want to use for password-less logging in, ie usually starting with ssh-rsa and ending with rsa-key-20100411
*You'll want to "chmod 700 .ssh" and "chmod 600 authorized_keys" (read/write only by user) to keep SSH happier.
*Set up putty and WinSCP to use SSH to login.  In both cases refer to your local private key file.
*You should now normally access the server using the SSH methods.
*Note that in WinSCP you cannot "sudo su" to root so some files will not be accessible.


-a says append, not replace the list of supplemental groups
You only put the public half on servers you are logging into. The private file always stays with you, so you can use the key pair (pvt/pub) to login to as many servers as you care to setup.


== Login ==
<br> Back to [[Geeks Team Remit]]


The new geek will need to log in using putty and the password then change their password so it's secret.
[[Category:Geeks Team]]
 
== Set SSH&nbsp;Key ==
 
Set SSH keys<br> cd /home/&lt;user&gt;/.ssh (mkdir if need be, making user correct if uploaded)<br>create authorized_keys<br>in that file you put the public half of any SSH keys you want to use for password-less logging in<br>you'll want to "chmod 700 .ssh"<br>and "chmod 600 authorized_keys" (read/write only by user) that keeps SSH happier.<br>You only put the public half on servers you are logging into. The private file always stays with you, so you can use the key pair (pvt/pub) to login to as many servers as you care to setup.<br>

Latest revision as of 08:55, 7 December 2019

These are instructions for providing a new geek with full access to the Freegle servers.

Software

On access from Windows, try these:

SmartFTP (paid) or FileZilla (free) are good FTP clients.

Create access key

Use puttygen to create public and private SSH keys:

  • SSH-2 RSA, 2048 bits
  • save the public and private keys -  ?no need for a passphrase on the private key

Add user

An existing geek needs to login and "sudu su" to root:

  • Add a user:
    • adduser <user>
  • giving an initial password
  • Give them su permissions
    • usermod -G sudo -a <user>
  • -G says add to your list of supplemental groups (as opposed to your primary group)
  • -a says append, not replace the list of supplemental groups

 Login

The new geek will need to log in using putty (with username and password) then change their password so it's secret.

Set SSH Key

The new geek should set up logging in using SSH as it is more secure:

  • mkdir /home/<user>/.ssh
  • In that directory create file authorized_keys
    • in that file you put the public half of any SSH keys you want to use for password-less logging in, ie usually starting with ssh-rsa and ending with rsa-key-20100411
  • You'll want to "chmod 700 .ssh" and "chmod 600 authorized_keys" (read/write only by user) to keep SSH happier.
  • Set up putty and WinSCP to use SSH to login.  In both cases refer to your local private key file.
  • You should now normally access the server using the SSH methods.
  • Note that in WinSCP you cannot "sudo su" to root so some files will not be accessible.

You only put the public half on servers you are logging into. The private file always stays with you, so you can use the key pair (pvt/pub) to login to as many servers as you care to setup.


Back to Geeks Team Remit

Retrieved from ‘https://wiki.ilovefreegle.org/index.php?title=Providing_geek_access_to_our_servers&oldid=51522