Some useful notes taken while studying this topic on Udacity
- It is very common to disable the ability to remotly log in as root.
- What if we want to use root commands?
- we can create another user and give it root access
- It is not recommended to use SU commands. (You may mess up your system)
- All available pakege sources are listed in
cat /etc/apt/sources.list
- Update them
sudo apt-get update
- This will update the package list (Not updating all applications)
- Upgrade the installed packages
sudo apt-get upgrade
- Remove unused packages
sudo apt-get
autoremove
- To print all users thar are currently logged in the system
finger
- To see more info about particular user
finger yourUserNmae
- This is a very important file on your system! It's used to keep track of all users on the system.
cat /etc/passwd
- username:password:UID:GID:UID info:home directory:command/shell
- Create user
sudo adduser student
- This user doesn't have root permissions
- Connect to the new user remotely
ssh student@120.0.0.1 -p 2222
- We used port 2222 because port 22 already usde by our local machine.
- vagrant initiated port 2222 automatically for us.
- This file shows all users that have Sudo permisions
cat /etc/sudoers
- New sudo users are listed under this file
sudo ls /etc/sudoers.d
- Each sudo user have a file in sudoers.d directory
- New sudo users are listed under this file
- Copy a sudo user's file (vagrant) and rename it to the new users's name (student)
sudo cp /etc/sudoers.d/vagrant /etc/sudoers.d/student
- Go inside the file student and run the command
sudo nano /etc/sudoers.d/student
- rename vagrant to student
- save the file
- To force a user to hcange his password next time when they log in
sudo passwd -e student
- -e means Expire
- To generate public and private keys use
ssh-key-gen
- Enter the location of resulting pair
- You will get two files
- private key fileName
- public key fileName.pub
- we will store this file in our server
- Supported Key Types
- DSA
- ECDSA
- ED12219
- RSA is the defualut
- In your server's home directory, run
mkdir .ssh
to make .ssh directory - In .ssh directory, make file and call it authorized_keys
- Get the public key from your local machine and paste it inside authorized_keys from your server
- In the server
- Give permission 700 to the directory .ssh
chmod 700 .ssh
- Give permission 644 to authorized_keys
chmod 644 .ssh/authorized_keys
- Give permission 700 to the directory .ssh
- Now, the client can access the server using the account student
ssh student@120.0.0.1 -p 2222 -i ~/.ssh/linuxCourse
- ~/.ssh/linuxCours is where the private key is stored
- sshd_config is the service in your server that is lestining to every ssh connection to your server.
- Edit it using
sudo nano /etc/ssh/sshd_config
- Change PasswordAuthentication to no
- Restart the service to read the new configurations
sudo service ssh restart
- Now, login users can't log using username and password. Only key pair login is permitted.