Providing geek access to our servers: Difference between revisions

From Freegle Wiki
Jump to navigationJump to search
(Created page with 'These are instructions for providing a new geek with full access to our server(s). == Software == On access from Windows, try these: *Putty: [http://www.chiark.greenend.org.uk…')
 
(Add these instructions - these are standard instructions and are not a security breach)
Line 1: Line 1:
These are instructions for providing a new geek with full access to our server(s).
These are instructions for providing a new geek with full access to our server(s).  


== Software ==
== Software ==


On access from Windows, try these:
On access from Windows, try these:  


*Putty: [http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/] - provides shell prompt
*Putty: [http://www.chiark.greenend.org.uk/~sgtatham/putty/ http://www.chiark.greenend.org.uk/~sgtatham/putty/] - provides shell prompt  
*WinSCP: [http://winscp.net/eng/index.php http://winscp.net/eng/index.php] - provides file access
*WinSCP: [http://winscp.net/eng/index.php http://winscp.net/eng/index.php] - provides file access


== Create access key ==
== Create access key ==


Use puttygen to create public and private keys:
Use puttygen to create public and private SSH keys:  


SSH-2 RSA, 2048 bits
*SSH-2 RSA, 2048 bits  
*save the public and private keys -  ?no need for a passphrase on the private key


save the public and private keys - ?no need for a passphrase on the private key
== Add user  ==


== Add user ==
An existing geek needs to login and "sudu su" to root:


An existing geek needs to login and sudu su to root:
*Add a user:
**adduser <user>
*giving an initial password
*Give them su permissions
**usermod -G sudo -a <user>
*-G says add to your list of supplemental groups (as opposed to your primary group)
*-a says append, not replace the list of supplemental groups


Add a user:
==  Login  ==


adduser <user>
The new geek will need to log in using putty (with username and password) then change their password so it's secret.


giving an initial password
== Set SSH Key  ==


Give them su permissions
The new geek should set up logging in using SSH as it is more secure:


usermod -G sudo -a <user>
*mkdir /home/<user>/.ssh
*In that directory create file authorized_keys
**in that file you put the public half of any SSH keys you want to use for password-less logging in, ie usually starting with ssh-rsa and ending with rsa-key-20100411
*You'll want to "chmod 700 .ssh" and "chmod 600 authorized_keys" (read/write only by user) to keep SSH happier.
*Set up putty and WinSCP to use SSH to login.  In both cases refer to your local private key file.
*You should now normally access the server using the SSH methods.
*Note that in WinSCP you cannot "sudo su" to root so some files will not be accessible.


-G says add to your list of supplemental groups (as opposed to your primary group)
You only put the public half on servers you are logging into. The private file always stays with you, so you can use the key pair (pvt/pub) to login to as many servers as you care to setup.
 
-a says append, not replace the list of supplemental groups
 
== Login ==
 
The new geek will need to log in using putty and the password then change their password so it's secret.
 
== Set SSH Key ==
 
Set SSH keys<br> cd /home/&lt;user&gt;/.ssh (mkdir if need be, making user correct if uploaded)<br>create authorized_keys<br>in that file you put the public half of any SSH keys you want to use for password-less logging in<br>you'll want to "chmod 700 .ssh"<br>and "chmod 600 authorized_keys" (read/write only by user) that keeps SSH happier.<br>You only put the public half on servers you are logging into. The private file always stays with you, so you can use the key pair (pvt/pub) to login to as many servers as you care to setup.<br>

Revision as of 12:29, 30 October 2011

These are instructions for providing a new geek with full access to our server(s).

Software

On access from Windows, try these:

Create access key

Use puttygen to create public and private SSH keys:

  • SSH-2 RSA, 2048 bits
  • save the public and private keys -  ?no need for a passphrase on the private key

Add user

An existing geek needs to login and "sudu su" to root:

  • Add a user:
    • adduser <user>
  • giving an initial password
  • Give them su permissions
    • usermod -G sudo -a <user>
  • -G says add to your list of supplemental groups (as opposed to your primary group)
  • -a says append, not replace the list of supplemental groups

 Login

The new geek will need to log in using putty (with username and password) then change their password so it's secret.

Set SSH Key

The new geek should set up logging in using SSH as it is more secure:

  • mkdir /home/<user>/.ssh
  • In that directory create file authorized_keys
    • in that file you put the public half of any SSH keys you want to use for password-less logging in, ie usually starting with ssh-rsa and ending with rsa-key-20100411
  • You'll want to "chmod 700 .ssh" and "chmod 600 authorized_keys" (read/write only by user) to keep SSH happier.
  • Set up putty and WinSCP to use SSH to login.  In both cases refer to your local private key file.
  • You should now normally access the server using the SSH methods.
  • Note that in WinSCP you cannot "sudo su" to root so some files will not be accessible.

You only put the public half on servers you are logging into. The private file always stays with you, so you can use the key pair (pvt/pub) to login to as many servers as you care to setup.

Retrieved from ‘https://wiki.ilovefreegle.org/index.php?title=Providing_geek_access_to_our_servers&oldid=5448