=> Here I am creating a user called xxtomcat under new group xxtomcat
Note: Below commands to be run as root user. Login as opc and switch to root
[opc@oci-compute-host-001 ~]# sudo su - root
[root@oci-compute-host-001 ~]# groupadd xxtomcat
[root@oci-compute-host-001 ~]# useradd -g xxtomcat -d /home/xxtomcat xxtomcat
[root@oci-compute-host-001 ~]# id xxtomcat
uid=54324(xxtomcat) gid=54332(xxtomcat) groups=54332(xxtomcat)
[root@oci-compute-host-001 ~]#
=> Create .ssh directory under $HOME directory and give 0700 permissions.
Note 1 : Below commands should be run as xxtomcat user
Note 2 : These permissions are required for Public and Private Key authentication to work.
[xxtomcat@oci-compute-host-001 ~]$ mkdir .ssh
[xxtomcat@oci-compute-host-001 ~]$ chmod 0700 .ssh
[xxtomcat@oci-compute-host-001 ~]$ cd .ssh
=> Create authorized_keys under .ssh directory and give 0600 permissions
Note 1 : Below commands should be run as xxtomcat user
Note 2 : These permissions are required for Public and Private Key authentication to work.
[xxtomcat@oci-compute-host-001 .ssh]$ touch authorized_keys
[xxtomcat@oci-compute-host-001 .ssh]$ chmod 0600 authorized_keys
[xxtomcat@oci-compute-host-001 .ssh]$ ls -ltr
total 4
-rw------- 1 xxtomcat xxtomcat 398 Apr 12 12:28 authorized_keys
[xxtomcat@oci-compute-host-001 .ssh]$
=> Disable Password Expiry for xxtomcat user
[root@oci-compute-host-001 ~]# chage -m 0 -M 99999 -I -1 -E -1 xxtomcat
[root@oci-compute-host-001 ~]# chage -l xxtomcat
Last password change : Apr 28, 2022
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
[root@oci-compute-host-001 ~]#
=> Enable SSH for the user
Note: Below commands to be run as root user. Login as opc and switch to root
Add the entry AllowUsers xxtomcat at the end of /etc/ssh/sshd_config file
[root@oci-compute-host-001 ~]# grep -i AllowUsers /etc/ssh/sshd_config
AllowUsers xxtomcat
[root@oci-compute-host-001 ~]#
=> Restart sshd service
[root@oci-compute-host-001 ~]# /sbin/service sshd restart
=> To login the server from Putty directly as xxtomcat user, you have to generate Public and Private Key Pair using Putty Key Gen Tool
Make sure below 3 default values are selected in PuttyGen Tool
=> Click on Generate
Generate some randomness by hovering mouse on the blank area
=> Copy the public key content and paste it in the authorized_keys file in the server as xxtomcat user $HOME/.ssh/authorized_keys
Note: Do not click on save public key, as this will save in putty supported format
=> Click on Save private key to save the private key in Putty supported format .ppk
=> Login to the server through putty as xxtomcat user by providing private key file
=> Enter the server IP address
=> Select the Private Key : SSH => Auth => Private Key
=> Login as xxtomcat user
No comments:
Post a Comment