Creating an SSH-Enabled User on an Oracle Cloud Infrastructure Compute Classic Oracle Solaris Instance

Purpose

This tutorial shows you how to create an SSH-enabled user with the System Administrator profile on a Compute Classic Solaris instance.

Time to Complete

20 minutes

Background

When you create a Compute Classic instance using an Oracle-provided Solaris image, a user named opc is created automatically. Use ssh to log in to your instance as the opc user, with the SSH private key that corresponds to the SSH public key that you specified while creating the instance. After you've logged in to your instance as the opc user, create additional SSH-enabled users on your Compute Classic instance.

Note: When a Compute Classic instance that is set up to boot from a nonpersistent boot disk is stopped and re-created, any OS-level changes you may have made before the instance was stopped, including user creation, are lost. Therefore, use a bootable storage volume to make your changes persistent.

What Do You Need?

• You've already created a Compute Classic Solaris instance.

• You know the public IP address of the Compute Classic Solaris instance on which you want to create new users.

• You have your SSH private key to log in to the Compute Classic Solaris instance.

• You have root password for the Compute Classic Solaris instance. See Accessing an Oracle Solaris Instance Using SSH in Using Oracle Cloud Infrastructure Compute Classic.

Generate the SSH key pair for the new user. See Generating an SSH Key Pair in Using Oracle Cloud Infrastructure Compute Classic.

Make a note of the following:

• The file name and the path at which the SSH key pair is saved.
• The passphrase for the SSH key if it was set while generating the key pair.

Log in as the opc user

1. Log in to the Compute Classic Solaris instance as the opcuser with the following command:

   $ ssh opc@ip_address -i ssh_private_key

   • ip_address is the public IP address of your Compute Classic Solaris instance.

   • ssh_private_key is the complete path and file name of your SSH private key.

2. Enter the passphrase for your SSH key if it was set while generating the key pair.

   You are now logged in as the opc user.

   opc@xyz:~$ 

Switch to the root role

Run the following command and enter the root password when prompted:

opc@xyz:~$ su –

The root prompt appears.

root@xyz:~#

Create the New User

1. Create the new user with the System Administrator profile and the root role using the following command:

   root@xyz:~# useradd -m -P "System Administrator" -R root user

   Example:

   root@c74eb2:~# useradd -m -P "System Administrator" -R root jane
   

2. Check whether a dataset has been created for the new user.

   root@xyz:~# zfs list -r rpool/export/home

   The output includes the home directory of the new user, as shown in the following example:

   NAME 			USED	AVAIL	REFER	MOUNTPOINT
   rpool/export/home	106K	25.7G	  33K	/export/home
   rpool/export/home/jane 	 38K	25.7G	  38K	/export/home/jane
   rpool/export/home/opc  35.5K	25.7G	35.5K	/export/home/opc

Set the Password for the New User

1. Set the password for the new user using the following command:

   root@xyz:~# passwd user

   Example:

   root@ c74eb2:~# passwd jane

2. Enter the new password and re-enter it to confirm.

   The password is successfully set for the new user.

3. Check whether the new user has been created with the specified role and profile, by running the following command:

   root@xyz:~# cat /etc/user_attr

   The following is a sample of the output of this command:

   #
   # Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
   #
   # The system provided entries are stored in different files
   # under "/etc/user_attr.d".  They should not be copied to this file.
   #
   # Only local changes should be stored in this file.
   #
   root::::type=role
   opc::::lock_after_retries=no;profiles=System Administrator;roles=root;clearance=ADMIN_HIGH;min_label=ADMIN_LOW
   jane::::profiles=System Administrator;roles=root
   

   In the output, note that the user jane has been provisioned the System Administrator profile and the root role.

1. Log out of rootrole.

   root@xyz:~# logout

2. Log in as the new user.

   opc@xyz:~$ su – user

   Example:

   opc@c74eb2:~$ su – jane

3. Enter the password you created for the new user.

4. Verify that the new user can take on the root role. Run the following command:

   user@xyz:~$ su -
   

5. Enter the root password. 

   The root prompt appears:

   root@xyz:~#

1. Log out of rootrole. You're now logged in as the new user.

2. Create a .ssh directory.

   user@xyz:~$ mkdir .ssh

3. Go to the .ssh directory and create the authorized_keys file:

   user@xyz:~$ cd .ssh/
   
   user@xyz:~/.ssh$ vi authorized_keys

   The file authorized_keysopens in vi editor. Copy the content of the public SSH key file created earlier (Example: jane_ssh_rsa.pub) and paste it in the authorized_keys file. Save the file and exit the vi editor.

   The following is a sample of the file authorized_keysafter pasting the content of the public SSH key file:

   ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAkDn2ZexgOwqQhEu+jwIOYW0wmvOhV264pP4lFOj5YctJkFNx2imFhuomuSvcHZnihtAzE+wlF6B3ub383eAgaD3GfU0PrPtOiGmMn+4STjddA+3zx/X9u6gO0QlMsq1S8wmrMbVA5e6iofGEqt1sNRe6j4e+CCVM6N1YrEz/VD/4wJOEwsZuMDrkMZhECNbVqZILGHySXUx7dv1iObE0NP2aSUY0OmHOS8su9Kxp0kcXMWtX1+qjfYhb2+lmtVBZfYmiEPSaf/BOMDF1I9MHOIgsFo7GTE824CV25BCsxw3bHtpiIyv0micqztksDAUIiHYPXKKyfMCvuGjg1cqSrQ== rsa-key-20160704
   

4. Log out of the instance.

1. Log in to the Compute Classic Solaris instance with the SSH private key of the new user using the following command:

   ssh user@ip_address -i ssh_private_key

   • user is the new user added on the instance (Example: jane).

   • ip_address is the public IP address of the Solaris instance.

   • ssh_private_key is the complete path and file name of the SSH private key.

   Example:

   ssh jane@129.144.29.99 -i /home/.ssh/jane_ssh_rsa

2. Enter the passphrase for the SSH key of the new user.

   user@xyz:~$