Ubuntu Server – Users / SSH

Asif Ahmed

Previously, we have talked about how to set up an Ubuntu Server on Amazon EC2. We have also shown how to set up a web server on this. Today we will cover a couple more advanced techniques like how to add SSH users. I will be working of an Ubuntu 12.10 install on EC2 for this tutorial.

Let’s log into our system with our .pem keyfile. We don’t always want to log in with in this keyfile. What if we are on a different computer? What if we want to grant access to a client but don’t want to give them full access (logging in with the keyfile pretty much gives you full access and sudo powers). Here is how you would add an SSH user:

sudo useradd -d /home/{user_name} -m {username}
sudo passwd {username}

Basically you use the ‘useradd’ command (read more here). You usually want to give them a home directory also. After creating the user, you will want to give them a password (you will have to enter it twice). We have the user set up…but we still have to do some things to log in with this new user. This next step is a personal preference but if you want to customize the Shell the user will start off with type sudo vim /etc/passwd and scroll to the bottom to see the user you just created. Replace the ‘sh’ at the end with ‘bash’. If you want to read more about different types of Unix shells be sure to check out the link. I find that the bash shell is the most comfortable to use. The next step is to enable SSH with Password Authentication. To do so, open up the ssh config file and change the ‘no’ in Password Authentication no to a ‘yes’. This file is located at /etc/ssh/ssh_config (sudo vim /etc/ssh/sshd_config). Now restart ssh – sudo service ssh restart and enjoy being able to login without the keyfile!

We may want to add users to various user groups. This is helpful if you want users to have “sudo” power. If you want them to have sudo power then add them to the “admin” group. Also this becomes important if we have a group owning a directory (like the www-data group for our Web directory – /var/www/). This will mean that everyone in the group will be able to edit each others files in the directory. Here are some helpful group related commands:

primary group
-this will change the primary group of the user
sudo usermod -g admin {username}
supplemental group
-this will add the user to another group
sudo usermod -a -G www-data {username}
other commands
groups {username} – see which group a user is in.
groupadd {groupname} – add a group.

Awesome! Now we have a user and their group setup. We can log in and do stuff. After a few times of logging in, you may get tired of typing in your password (it could be hard to remember and long). You could set up SSH keys to help you with this process. This article goes over how to set up SSH keys very well – http://paulkeck.com/ssh/. It’s pretty much been the top result when you google SSH keys for years.

Next time, we will talk about other PHP modules you should install and about Apache configuration.