This Article is copied entirely from
Before You Begin
Purpose
This tutorial shows how to create an SSH-enabled user on an Oracle Compute Cloud Service instance and grant sudo
privileges to the new user.
Time to Complete
15 minutes
Background
Oracle Compute Cloud Service provides the compute, networking and block storage infrastructure for instances of Oracle Java Cloud Service and Oracle Database Cloud Service.
When you create instances of Oracle Java Cloud Service or Oracle Database Cloud Service, a user named opc
is created automatically on the underlying Oracle Compute Cloud Service VMs. You can ssh
to these VMs, as opc
, by using the private SSH key corresponding to the public key that was specified while creating the instances. At times, you may want to create additional SSH-enabled users on the Oracle Compute Cloud Service VMs.
Note: When an Oracle Java Cloud Service instance is stopped and restarted, any changes you have made to the underlying Oracle Compute Cloud Service VMs, including user creation, will be lost.
What Do You Need?
The public IP address of the Oracle Java Cloud Service or Oracle Database Cloud Service node on which you want to create new users.
Generating an SSH Key Pair
- On your local machine (not the Oracle Java Cloud Service or Oracle Database Cloud Service nodes), generate an SSH key pair for use by the new user, as shown in the following example.At the prompt for a file name, enter a file name of your choice. At the prompt for a passphrase, press Enter to proceed without a passphrase.
$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/joe/.ssh/id_rsa): /home/joe/.ssh/myadmin Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/joe/.ssh/myadmin. Your public key has been saved in /home/joe/.ssh/myadmin.pub. The key fingerprint is: e1:e0:f7:31:83:96:a5:8d:f6:f7:9c:1d:cb:2d:3e:7f joe@abc01234 The key's randomart image is: +--[ RSA 2048]----+ | | | | | . . . | | . o O | | . S = | | + o + | | o . . | | . o+oE| | .=*=| +-----------------+
In this example, the private key is stored in
/home/joe/.ssh/myadmin
, and the public key is stored in/home/joe/.ssh/myadmin.pub.
- Copy the public key value to a text file. You’ll need this value later in this tutorial.
$ cat /home/joe/.ssh/myadmin.pub ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuOb4NO1l6QckeVgk/8ZdJc8UkfYYK/8CiAewxZdMRkuTMmjmmgr21ulRd4MompURb+Xw/cVOlK2eaBJRL9TXzG2Mf5gj8lyeve2GoIhiFXrV6bU9DlVSrf+y3BqNMixsF1/aSizP2PHmnECZyWdIKi5KdvNtyVE6f5Ul/286yJf3LCNP+bKLHv6uL8KwhArlz8cfv1OGYpzVW6e7Ja824RdHRTXOuh7JAR/1tGtd9lbZW/qqClyJlSbWVOh46l/2DdqoWQx6L7qzW3AzWVnTniFY4T8W06qT9pNbE08ygyCPVRfu8ZlBmRihFYRxdX4wm1P5qWj7RVhfmpq/AFrEyQ== joe@abc01234
Creating a User and Enabling SSH Access for the User
ssh
asopc
to the Oracle Database Cloud Service or Oracle Java Cloud Service node on which you want to create a new user.In thessh
command, use the-i
option to provide the private key that corresponds to the public key that you specified while creating the Oracle Java Cloud Service or Oracle Database Cloud Service instance.$ ssh -i ~/.ssh/occs [email protected] Authorized uses only. All activity may be monitored and reported.
- To add users, you must be the
root
user. Run the following command:[opc@joedb ~]$ sudo su
- Create a user, say
myadmin
.[root@joedb opc]# useradd myadmin
- Create a
.ssh
directory in the new user’s home directory.[root@joedb opc]# mkdir /home/myadmin/.ssh
- Copy the public key value that you noted in step 2 of Generating an SSH Key Pair to the
/home/myadmin/.ssh/authorized_keys
file on the Oracle Database Cloud Service or Oracle Java Cloud Service node.[root@joedb opc]# echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0ibAEmysI4o1zfb4dOJIyaN67pya8AnOozVewilpv560jiagTzwrPG8bmK4GL3KEUc3lxZ/Xhj7RvdOD0qMAx0fFB3r80ZSy1KlkIXwKumUY+YBMyn1xdMluWS/J4JWKBpuoOMNTGy7QdCPIHrt07OnwSxvZsoyTsh9QZ/eJv4qR0YaFkAHyH9Si2hTC/6G6CZdXkw93LyEtW1ykxxkSJB6JYwB8FsBMcXPvYJ5CiR30fKqo6GP+WTz1xbTbahLLO31mx/qSDntcXEYgfpw7Abi8W6LSkExFOxrsKir8QqZregznVeWPiht9kf4PT9C3WOoDzA0aF1q+g1CJ1EhZow== joe@abc01234" > /home/myadmin/.ssh/authorized_keys
- Verify that the public key was copied successfully to the Oracle Database Cloud Service or Oracle Java Cloud Service node.
[root@joedb opc]# cat /home/myadmin/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0ibAEmysI4o1zfb4dOJIyaN67pya8AnOozVewilpv560jiagTzwrPG8bmK4GL3KEUc3lxZ/Xhj7RvdOD0qMAx0fFB3r80ZSy1KlkIXwKumUY+YBMyn1xdMluWS/J4JWKBpuoOMNTGy7QdCPIHrt07OnwSxvZsoyTsh9QZ/eJv4qR0YaFkAHyH9Si2hTC/6G6CZdXkw93LyEtW1ykxxkSJB6JYwB8FsBMcXPvYJ5CiR30fKqo6GP+WTz1xbTbahLLO31mx/qSDntcXEYgfpw7Abi8W6LSkExFOxrsKir8QqZregznVeWPiht9kf4PT9C3WOoDzA0aF1q+g1CJ1EhZow== joe@abc01234
- To enable SSH access for the new user, edit the
AllowUsers
parameter in the/etc/ssh/sshd_config
file by usingvi
or any other editor.The defaultAllowUsers
setting in/etc/ssh/sshd_config
is:AllowUsers oracle opc
Change the
AllowUsers
setting as shown below:AllowUsers oracle opc myadmin
- Change (recursively) the owner and the group of the
/home/myadmin/.ssh
directory fromroot
to the new user,myadmin
.[root@joedb opc]# chown -R myadmin:myadmin /home/myadmin/.ssh
- Restart the
sshd
service.[root@joedb opc]# /sbin/service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ]
Enabling sudo Privileges for the New User
- To enable
sudo
privileges for the new user, edit the/etc/sudoers
file by using thevisudo
command:sudo visudo -f /etc/sudoers
In
/etc/sudoers
, look for the following line:%opc ALL=(ALL) NOPASSWD: ALL
Add the following line right after the above line:
%myadmin ALL=(ALL) NOPASSWD: ALL
Here,
myadmin
code> is the autocreated group to which the newmyadmin
user belongs. - Exit the root user session and exit from the Oracle Database Cloud Service or the Oracle Java Cloud Service node.
You can now ssh
to the Oracle Database Cloud Service or the Oracle Java Cloud Service node, as myadmin
, by using the private key that you generated in step 1 of Generating an SSH Key Pair.
$ ssh -i /path/to/private/key myadmin@public_ip_address
Authorized uses only. All activity may be monitored and reported.
[myadmin@joedb ~]$
Note: When an Oracle Java Cloud Service instance is stopped and restarted, any changes you have made to the underlying Oracle Compute Cloud Service VMs, including user creation, will be lost.