SSH (Secure Shell) is a protocol used in Linux to access and manage servers remotely. This allows for the remote execution of commands, file transfers, and other tasks.
Creating new users with specific permissions is an important aspect of server management. It’s crucial to understand the risks of granting root access, which should only be given to trusted users and monitored to maintain security.
This tutorial covers creating a new user, granting superuser privileges, and setting up a home directory
2. Creating a New SSH User
First. we’ll need to open the terminal and log in as the root user. To log in as the root user, use the command su and enter the root password when prompted. Avoid logging in as the root user unless necessary, as it poses a security risk:
$ su Password: ******
We’ll use the command adduser followed by the desired username. For example, adduser newuser will create a new user named newuser. The adduser command will prompt us to enter a password for the new user and ask us to enter some additional information, such as the user’s full name and contact information:
$ adduser newuser Adding user 'newuser' ... Adding new group 'newuser' (1001) ... Adding new user 'newuser' (1001) with group 'newuser' ... Creating home directory '/home/newuser' ... Copying files from '/etc/skel' ... Enter new UNIX password: ****** Retype new UNIX password: ******
To change the user’s password, we can use the passwd command with the user name as an argument:
$ passwd newuser Enter new UNIX password: ****** Retype new UNIX password: ******
We can also set a specific home directory for the new user with the usermod command:
$ usermod -d /home/newuser -m newuser
This will create a new directory /home/newuser and set it as the home directory for the user newuser.
Please remember that these commands should be run on the terminal with appropriate privileges.
3. Granting root or sudo Access
If we want to grant root or sudo access to our new user, we can use the usermod command:
$ usermod -aG sudo newuser
This adds our new user to the sudo group.
We can test the new user’s access by logging out of the root account and logging back in as the new user. Then, use the command sudo to execute commands with superuser privileges.
4. Establishing an SSH Connection
Once we’ve created a new user and granted them root or sudo access, we can establish an SSH connection to a server:
- On the SSH host (the server), make sure the SSH service is running. To check if the SSH service is running, we run the command:
$ systemctl status sshd
If the SSH service isn’t running, we’ll need to start it:
$ systemctl start sshd
- On the remote machine (the client), open the terminal and enter the following command to establish an SSH connection:
$ ssh [email protected]
Replace username with the name of the user we created and host with the IP address or domain name of the SSH host. For example, if we created a user named newuser and the host has an IP address of 192.168.1.100, the command would be:
$ ssh [email protected]
- If this is the first time we connect to the SSH host, we’ll be prompted to add the host’s fingerprint to our list of known hosts. Type yes to add the host’s fingerprint.
- Enter the password for the new user when prompted.
- Once we are logged in, we can execute commands on the SSH host using the terminal on the remote machine.
Following these steps, we can establish an SSH connection and remotely manage the server with the new user we created.
Creating new users with root or sudo access should be done with caution for trusted users only and must be monitored to prevent security risks. Managing SSH keys and configuring the SSH server settings are crucial for maintaining a secure server.
Always be sure to implement best practices for user management, SSH key management, and server settings, including monitoring user activity, regularly updating the server’s software, and implementing a firewall to block unauthorized access.
Additionally, keeping the server’s operating system and software up-to-date with the latest security patches and updates is important, and we should also have disaster recovery and regular backups in place.