Unix/New ssh user

This is a step by step guide for adding new user of Fedora8 and setting up the account for ssh access.


1. Create a new user like so:

     [root@myserver]# useradd newusername

  Note: sometimes there is a conflict with the path to the command in this case you may see an error message like this

       [root@warewolf d3n1S]# useradd blah
        bash: useradd: command not found

     All you need to do is just supply the full path to the executable. We can locale it by using the find command like so:

       [root@myserver]# find / -iname useradd

    and then you can just call it dorectly like so:

        [root@myserver]# /usr/sbin/useradd newusername

At this stage we have created a new user account which is blocked.


2. Setup password using the passwd command:

     [root@myserver]# passwd newusername
      Changing password for user newusername.
      New UNIX password:
      Retype new UNIX password:
      passwd: all authentication tokens updated successfully.

  At the point where is prompt to type new and retype you need to enter a valid password.


3. Unless you have disabled the SSH you should now be able to login

      If for some reason you cannot login through SSH, it is probably because it is disabled in the config.   


Points to note:

     NEVER copy and paste any command from the blogs/tutorials unless you have run man on it and made sure it does exactly what the article suggestes.

     ALWAYS select a strong password - should be more than 10 characters and containing diifferent case letters, numbers and some special characters like $()@ and so on. Usually you can just think of a rememrable word and then replace some of the characters with numbers or other symbols that look alike. E.g. 0 for o, 4 for h, 3 for E and so on.

     GOOD PRACTICE not to have name for logins - add some numbers to it at least (same technique as for passwords), this will make it even harded to match

     GOOD PRACTICE disable the root login (and any other system account logins, such as oracle, www, apache, mysql, etc.). Here is how you can do that.

     GOOD PRACTICE consult the logs for recent attack attempts, like so:

        [root@myserver]# lastb | awk '{print $1}' | sort | uniq -c | sort -rn | head -5
           7220 root
             450 oracle
             430 test
             262 admin
             176 guest




This page was last updated on: 22/04/2011 08:43