Linux Practice-Create User

Linux Practice-Create User

Create an admin user for daily operations (root authority is too high to be used directly).

Create new user

adduser [username]

[root@VM_0_8_centos ~]# adduser admin

set password

passwd [username]

The system has certain requirements for the password, it can't be too simple, otherwise. . .

[root@VM_0_8_centos ~]# passwd admin
Change the password of the user admin.
New password:
Invalid password: the password did not pass the dictionary check-it does not contain enough different characters
Re-enter the new password:
Sorry, the passwords do not match.
New password:
Invalid password: the password did not pass the dictionary check-too simplistic/systematic
Re-enter the new password:
Sorry, the passwords do not match.
New password:
Invalid password: the password failed the dictionary check-it is based on the dictionary word
Re-enter the new password:
Sorry, the passwords do not match.
passwd: The maximum number of service retries has been exceeded
[root@VM_0_8_centos ~]#
[root@VM_0_8_centos ~]#
[root@VM_0_8_centos ~]#
[root@VM_0_8_centos ~]# passwd admin
Change the password of the user admin.
New password:
[root@VM_0_8_centos ~]# passwd admin
Change the password of the user admin.
New password:
Re-enter the new password:
passwd: All authentication tokens have been successfully updated.
[root@VM_0_8_centos ~]#

Log in as a new user

Try to log in with the user you just created.

PS: I can't remember the ip, so I set an alias in the hosts file of the personal computer, because the Tencent Cloud server used is called qqcloud.

➜ hexo ssh admin@qqcloud
The authenticity of host'qqcloud (mosaic)' can't be established.
ECDSA key fingerprint is SHA256: mosaic.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added'qqcloud' (ECDSA) to the list of known hosts.
admin@qqcloud's password:
Last failed login: ThuOct2419:00:16 CST 2019 from Mosaic on ssh:notty
There were 286 failed login attempts since the last successful login.
[admin@VM_0_8_centos ~]$

There is a sentence that caught my attention:

There were 286 failed login attempts since the last successful login.

I have been attempted to log in 286 times in this while, presumably some malicious programs are trying to scramble, no wonder I am not allowed to use a simple password.

sudo

sudo [Exclusive command for root user]

Although root users are not suitable for daily use, they still need its power occasionally, such as changing hosts. These sensitive commands require root privileges. To execute these commands when logging in with a non-root privileged user, you only need to add sudo in front of the command.

[admin@VM_0_8_centos ~]$ sudo vim/etc/hosts

We trust that you have learned the daily precautions from the system administrator.
To sum up, it is nothing more than these three points:

#1) Respect the privacy of others.
#2) Consider (consequences and risks) before input.
#3) The greater the power, the greater the responsibility.

[sudo] admin's password:
admin is not in the sudoers file. This matter will be reported.
[admin@VM_0_8_centos ~]$

The new user does not have sudo privileges. Moreover, although my machine seems to be a bit low by default in Chinese, it is actually quite convenient to read these prompts.

Authorize sudo to the new user

vim/etc/sudoers

After opening the configuration file, find the configuration of the root user, and add admin as it is. When saving, it prompts that the file is read-only, just save it forcibly (wq!).

vim usage

## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
admin ALL=(ALL) ALL

#sudo no need to enter a password
#admin ALL=(ALL) NOPASSWD:ALL

Password-free login

To log in to your own cloud server from your computer, you also need to hammer the password.

First initialize on the cloud server, command:

ssh-keygen

Just press Enter where you need to enter.

[admin@VM_0_8_centos ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/admin/.ssh/id_rsa):
Created directory'/home/admin/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in/home/admin/.ssh/id_rsa.
Your public key has been saved in/home/admin/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256: mosaic admin@VM_0_8_centos
The key's randomart image is:
+---[RSA 2048]----+
| Mosaic |
| Mosaic |
| Mosaic++o |
| Mosaic |
| Mosaic |
| Mosaic Mosaic |
| Mosaic Mosaic |
| Mosaic Mosaic |
| Mosaic Mosaic |
+----[SHA256]-----+

Generated directory:/home/admin/.ssh

[admin@VM_0_8_centos .ssh]$ pwd
/home/admin/.ssh
[admin@VM_0_8_centos .ssh]$ ll
Total amount 8
-rw------- 1 admin admin 167910 month 2500:23 id_rsa
-rw-r--r-- 1 admin admin 40110 month 2500:23 id_rsa.pub
[admin@VM_0_8_centos .ssh]$
  • id_rsa secret key, need to be kept secret
  • id_rsa.pub public key, exposed to others

Because this server needs to trust certain machines so that they can enter without entering a password, it is necessary to maintain a list of trusted users. The list contains the unique identifier of the trusted user, that is, the public key of the other party.

Create a file authorized_keys in the/home/admin/.ssh directory, and then enter the public key of the computer you want to be trusted, separated by multiple lines.

Almost, the permission of authorized_keys needs to be set to 600, otherwise it will not take effect.

chmod 600 authorized_keys

-END-