Creating an SSH-Enabled User on an Oracle Cloud Infrastructure Compute Classic Oracle Linux Instance


Options



Before You Begin

Purpose

This tutorial shows you how to create an SSH-enabled user on a Compute Classic Oracle Linux instance and grant sudo privileges to the new user.

Time to Complete

15 minutes

Background

When you create a Compute Classic instance using an Oracle-provided Oracle Linux image, a user named opc is created automatically. You can use ssh to log in to your instance as the opc user, using the SSH private key that corresponds to the SSH public key that you specified while creating the instance. After you have logged in to your instance as the opc user, you can create additional SSH-enabled users on your Compute Classic instance.

Note: When a Compute Classic instance that is set up to boot from a nonpersistent boot disk is stopped and re-created, any OS-level changes you may have made before the instance was stopped, including user creation, are lost.

What Do You Need?

You must know the public IP address of the Compute Classic instance on which you want to create new users. In this tutorial, we assume that the public IP address of your instance is 203.0.113.5

Generating an SSH Key Pair

  1. On a local machine (not the Compute Classic instance), generate an SSH key pair for use by the new user, as shown in the following example.

    When you are prompted for a file name, enter a file name of your choice. When you are prompted for a passphrase, press Enter to proceed without a passphrase.

    $ ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/joe/.ssh/id_rsa): /home/joe/.ssh/myadmin
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/joe/.ssh/myadmin.
    Your public key has been saved in /home/joe/.ssh/myadmin.pub.
    The key fingerprint is:
    e1:e0:f7:31:83:96:a5:8d:f6:f7:9c:1d:cb:2d:3e:7f joe@abc01234
    The key's randomart image is:
    +--[ RSA 2048]----+
    |                 |
    |                 |
    |      . . .      |
    |     . o O       |
    |      . S =      |
    |       + o +     |
    |          o .  . |
    |           . o+oE|
    |             .=*=|
    +-----------------+

    In this example, the private key is stored in /home/joe/.ssh/myadmin, and the public key is stored in /home/joe/.ssh/myadmin.pub.

  2. Copy the public key value to a text file. You'll need this value later in this tutorial.

    $ cat /home/joe/.ssh/myadmin.pub
    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuOb4NO1l6QckeVgk/8ZdJc8UkfYYK/8CiAewxZdMRkuTMmjmmgr21ulRd4MompURb+Xw/cVOlK2eaBJRL9TXzG2Mf5gj8lyeve2GoIhiFXrV6bU9DlVSrf+y3BqNMixsF1/aSizP2PHmnECZyWdIKi5KdvNtyVE6f5Ul/286yJf3LCNP+bKLHv6uL8KwhArlz8cfv1OGYpzVW6e7Ja824RdHRTXOuh7JAR/1tGtd9lbZW/qqClyJlSbWVOh46l/2DdqoWQx6L7qzW3AzWVnTniFY4T8W06qT9pNbE08ygyCPVRfu8ZlBmRihFYRxdX4wm1P5qWj7RVhfmpq/AFrEyQ== joe@abc01234

Creating a User and Enabling SSH Access for the User

  1. Use ssh to connect as the opc user to the Compute Classic instance on which you want to create a new user.

    In the ssh command, use the -i option to provide the private key that corresponds to the public key that you specified while creating the Compute Classic instance.

    Example:

    $ ssh -i ~/.ssh/occs opc@203.0.113.5

    If this is the first time you're logging in to the instance, a message similar to the following is displayed:

    The authenticity of host '203.0.113.5 (203.0.113.5)' can't be established.
    RSA key fingerprint is 95:65:90:6f:10:0d:ff:d8:f1:cb:d0:21:d3:30:2e:b3.
    Are you sure you want to continue connecting (yes/no)?
    

    At the prompt, enter yes to proceed.

    The following message is displayed:

    Warning: Permanently added '203.0.113.5' (RSA) to the list of known hosts.
    Authorized uses only. All activity may be monitored and reported.
  2. To add users, you must be the root user. Enter the following command:
    [opc@joedb ~]$ sudo su
  3. Create a user, say myadmin.

    [root@joedb opc]# useradd myadmin
  4. Create a .ssh directory in the new user's home directory.

    [root@joedb opc]# mkdir /home/myadmin/.ssh
  5. Copy the public key value that you noted in step 2 of Generating an SSH Key Pair to the /home/myadmin/.ssh/authorized_keys file on the Compute Classic instance.

    [root@joedb opc]# echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0ibAEmysI4o1zfb4dOJIyaN67pya8AnOozVewilpv560jiagTzwrPG8bmK4GL3KEUc3lxZ/Xhj7RvdOD0qMAx0fFB3r80ZSy1KlkIXwKumUY+YBMyn1xdMluWS/J4JWKBpuoOMNTGy7QdCPIHrt07OnwSxvZsoyTsh9QZ/eJv4qR0YaFkAHyH9Si2hTC/6G6CZdXkw93LyEtW1ykxxkSJB6JYwB8FsBMcXPvYJ5CiR30fKqo6GP+WTz1xbTbahLLO31mx/qSDntcXEYgfpw7Abi8W6LSkExFOxrsKir8QqZregznVeWPiht9kf4PT9C3WOoDzA0aF1q+g1CJ1EhZow== joe@abc01234" > /home/myadmin/.ssh/authorized_keys
  6. Verify that the public key was copied successfully to the Compute Classic instance.

    [root@joedb opc]# cat /home/myadmin/.ssh/authorized_keys
    ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0ibAEmysI4o1zfb4dOJIyaN67pya8AnOozVewilpv560jiagTzwrPG8bmK4GL3KEUc3lxZ/Xhj7RvdOD0qMAx0fFB3r80ZSy1KlkIXwKumUY+YBMyn1xdMluWS/J4JWKBpuoOMNTGy7QdCPIHrt07OnwSxvZsoyTsh9QZ/eJv4qR0YaFkAHyH9Si2hTC/6G6CZdXkw93LyEtW1ykxxkSJB6JYwB8FsBMcXPvYJ5CiR30fKqo6GP+WTz1xbTbahLLO31mx/qSDntcXEYgfpw7Abi8W6LSkExFOxrsKir8QqZregznVeWPiht9kf4PT9C3WOoDzA0aF1q+g1CJ1EhZow== joe@abc01234
  7. To enable SSH access for the new user, edit the AllowUsers parameter in the /etc/ssh/sshd_config file by using vi or any other text editor.

    The default AllowUsers setting in /etc/ssh/sshd_config is:

    AllowUsers oracle opc

    Change the AllowUsers setting as shown below:

    AllowUsers oracle opc myadmin
  8. Change (recursively) the owner and the group of the /home/myadmin/.ssh directory from root to the new user, myadmin.

    [root@joedb opc]# chown -R myadmin:myadmin /home/myadmin/.ssh 
  9. Restart the sshd service.

    [root@joedb opc]# /sbin/service sshd restart
    Stopping sshd:                                             [  OK  ]
    Starting sshd:                                             [  OK  ]

Enabling sudo Privileges for the New User

  1. To enable sudo privileges for the new user, edit the /etc/sudoers file by using the visudo command:

    sudo visudo -f /etc/sudoers

    Note: This step must be done by the root user or by any other user who has sudo privileges. On instances creating using Oracle-provided Oracle Linux images, the opc user has sudo privileges.

    In /etc/sudoers, look for the following line:

    %opc    ALL=(ALL)       NOPASSWD: ALL 

    Add the following line right after the above line:

    %myadmin   ALL=(ALL)       NOPASSWD: ALL

    Here, myadmin is the autocreated group to which the new myadmin user belongs.

  2. Exit the root user session and exit from the Compute Classic instance.

You can now use ssh to log in to the Compute Classic instance as the myadmin user, by using the private key that you generated in step 1 of Generating an SSH Key Pair.

$ ssh -i /path/to/private/key myadmin@203.0.113.5
Authorized uses only. All activity may be monitored and reported.
[myadmin@joedb ~]$

Note: When a Compute Classic instance that is set up to boot from a nonpersistent boot disk is stopped and re-created, any OS-level changes you've made, including user creation, are lost.

Want to Learn More?

Credits

  • Lead Curriculum Developer: Kumar Dhanagopal

  • Other Contributors: Octave Orgeron, Vimal Patel, Anamika Mukherjee