Creating an SSH-Enabled User on an Oracle Compute Cloud Service Instance


Options



Before You Begin

Purpose

This tutorial shows how to create an SSH-enabled user on an Oracle Compute Cloud Service instance and grant sudo privileges to the new user.

Time to Complete

15 minutes

Background

Oracle Compute Cloud Service provides the compute, networking and block storage infrastructure for instances of Oracle Java Cloud Service and Oracle Database Cloud Service.

When you create instances of Oracle Java Cloud Service or Oracle Database Cloud Service, a user named opc is created automatically on the underlying Oracle Compute Cloud Service VMs. You can ssh to these VMs, as opc, by using the private SSH key corresponding to the public key that was specified while creating the instances. At times, you may want to create additional SSH-enabled users on the Oracle Compute Cloud Service VMs.

Note: When an Oracle Java Cloud Service instance is stopped and restarted, any changes you have made to the underlying Oracle Compute Cloud Service VMs, including user creation, will be lost.

What Do You Need?

The public IP address of the Oracle Java Cloud Service or Oracle Database Cloud Service node on which you want to create new users.

Generating an SSH Key Pair

  1. On your local machine (not the Oracle Java Cloud Service or Oracle Database Cloud Service nodes), generate an SSH key pair for use by the new user, as shown in the following example.

    At the prompt for a file name, enter a file name of your choice. At the prompt for a passphrase, press Enter to proceed without a passphrase.

    $ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/joe/.ssh/id_rsa): /home/joe/.ssh/myadmin
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/joe/.ssh/myadmin.
Your public key has been saved in /home/joe/.ssh/myadmin.pub.
The key fingerprint is:
e1:e0:f7:31:83:96:a5:8d:f6:f7:9c:1d:cb:2d:3e:7f joe@abc01234
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|      . . .      |
|     . o O       |
|      . S =      |
|       + o +     |
|          o .  . |
|           . o+oE|
|             .=*=|
+-----------------+

    In this example, the private key is stored in /home/joe/.ssh/myadmin, and the public key is stored in /home/joe/.ssh/myadmin.pub.

  2. Copy the public key value to a text file. You'll need this value later in this tutorial. 

    $ cat /home/joe/.ssh/myadmin.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuOb4NO1l6QckeVgk/8ZdJc8UkfYYK/8CiAewxZdMRkuTMmjmmgr21ulRd4MompURb+Xw/cVOlK2eaBJRL9TXzG2Mf5gj8lyeve2GoIhiFXrV6bU9DlVSrf+y3BqNMixsF1/aSizP2PHmnECZyWdIKi5KdvNtyVE6f5Ul/286yJf3LCNP+bKLHv6uL8KwhArlz8cfv1OGYpzVW6e7Ja824RdHRTXOuh7JAR/1tGtd9lbZW/qqClyJlSbWVOh46l/2DdqoWQx6L7qzW3AzWVnTniFY4T8W06qT9pNbE08ygyCPVRfu8ZlBmRihFYRxdX4wm1P5qWj7RVhfmpq/AFrEyQ== joe@abc01234

Creating a User and Enabling SSH Access for the User

  1. ssh as opc to the Oracle Database Cloud Service or Oracle Java Cloud Service node on which you want to create a new user.

    In the ssh command, use the -i option to provide the private key that corresponds to the public key that you specified while creating the Oracle Java Cloud Service or Oracle Database Cloud Service instance.

    $ ssh -i ~/.ssh/occs opc@11.12.13.14
Authorized uses only. All activity may be monitored and reported.
  2. To add users, you must be the root user. Run the following command: 
    [opc@joedb ~]$ sudo su

  3. Create a user, say myadmin. 

    [root@joedb opc]# useradd myadmin

  4. Create a .ssh directory in the new user's home directory. 

    [root@joedb opc]# mkdir /home/myadmin/.ssh

  5. Copy the public key value that you noted in step 2 of Generating an SSH Key Pair to the /home/myadmin/.ssh/authorized_keys file on the Oracle Database Cloud Service or Oracle Java Cloud Service node.

    [root@joedb opc]# echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0ibAEmysI4o1zfb4dOJIyaN67pya8AnOozVewilpv560jiagTzwrPG8bmK4GL3KEUc3lxZ/Xhj7RvdOD0qMAx0fFB3r80ZSy1KlkIXwKumUY+YBMyn1xdMluWS/J4JWKBpuoOMNTGy7QdCPIHrt07OnwSxvZsoyTsh9QZ/eJv4qR0YaFkAHyH9Si2hTC/6G6CZdXkw93LyEtW1ykxxkSJB6JYwB8FsBMcXPvYJ5CiR30fKqo6GP+WTz1xbTbahLLO31mx/qSDntcXEYgfpw7Abi8W6LSkExFOxrsKir8QqZregznVeWPiht9kf4PT9C3WOoDzA0aF1q+g1CJ1EhZow== joe@abc01234" > /home/myadmin/.ssh/authorized_keys

  6. Verify that the public key was copied successfully to the Oracle Database Cloud Service or Oracle Java Cloud Service node. 

    [root@joedb opc]# cat /home/myadmin/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0ibAEmysI4o1zfb4dOJIyaN67pya8AnOozVewilpv560jiagTzwrPG8bmK4GL3KEUc3lxZ/Xhj7RvdOD0qMAx0fFB3r80ZSy1KlkIXwKumUY+YBMyn1xdMluWS/J4JWKBpuoOMNTGy7QdCPIHrt07OnwSxvZsoyTsh9QZ/eJv4qR0YaFkAHyH9Si2hTC/6G6CZdXkw93LyEtW1ykxxkSJB6JYwB8FsBMcXPvYJ5CiR30fKqo6GP+WTz1xbTbahLLO31mx/qSDntcXEYgfpw7Abi8W6LSkExFOxrsKir8QqZregznVeWPiht9kf4PT9C3WOoDzA0aF1q+g1CJ1EhZow== joe@abc01234

  7. To enable SSH access for the new user, edit the AllowUsers parameter in the /etc/ssh/sshd_config file by using vi or any other editor.

    The default AllowUsers setting in /etc/ssh/sshd_config is: 

    AllowUsers oracle opc

    Change the AllowUsers setting as shown below: 

    AllowUsers oracle opc myadmin

  8. Change (recursively) the owner and the group of the /home/myadmin/.ssh directory from root to the new user, myadmin. 

    [root@joedb opc]# chown -R myadmin:myadmin /home/myadmin/.ssh

  9. Restart the sshd service. 

    [root@joedb opc]# /sbin/service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

Enabling sudo Privileges for the New User

  1. To enable sudo privileges for the new user, edit the /etc/sudoers file by using the visudo command:

    sudo visudo -f /etc/sudoers

    In /etc/sudoers, look for the following line: 

    %opc    ALL=(ALL)       NOPASSWD: ALL

    Add the following line right after the above line: 

    %myadmin   ALL=(ALL)       NOPASSWD: ALL

    Here, myadmincode> is the autocreated group to which the new myadmin user belongs.

  2. Exit the root user session and exit from the Oracle Database Cloud Service or the Oracle Java Cloud Service node.

You can now ssh to the Oracle Database Cloud Service or the Oracle Java Cloud Service node, as myadmin, by using the private key that you generated in step 1 of Generating an SSH Key Pair.

$ ssh -i /path/to/private/key myadmin@public_ip_address
Authorized uses only. All activity may be monitored and reported.
[myadmin@joedb ~]$

Note: When an Oracle Java Cloud Service instance is stopped and restarted, any changes you have made to the underlying Oracle Compute Cloud Service VMs, including user creation, will be lost.