diff --git a/tutos/computer.txt b/tutos/computer.txt index 8e05601..3ad283a 100644 --- a/tutos/computer.txt +++ b/tutos/computer.txt @@ -271,14 +271,30 @@ find | sort | grep -ve "node_modules/" -e ".git/" | sed 's#[^/]*/#|__ #g;s#__ |# - add vimrc, zshrc, and screenrc in default screen windows **ecowan server :** + - list user : **cat /etc/passwd** + - change user passwd : **sudo passwd ** - changed user "root" and "ecowan" password - - sudo passwd username - - created "huho" user (with same passwd) - - added it to the sudo group so it can use sudo (`sudo usermod -aG sudo huho`) + - **sudo passwd username** + - created "huho" user with **sudo adduser ** + - added it to the sudo group so it can use sudo (**sudo usermod -aG sudo huho**) - did not add it to the sudoers file (`visudo` then add line `huho ALL=(ALL) ALL`) - - disabling user "ecowan" shell access with `sudo usermod --shell /sbin/nologin ecowan` - - https://unix.stackexchange.com/questions/10852/whats-the-difference-between-sbin-nologin-and-bin-false#10867 - - its possible to re-enable it with `sudo usermod --shell /bin/bash ecowan` + - disabling user "ecowan" shell access with **sudo usermod --shell /sbin/nologin ecowan** + - https://unix.stackexchange.com/questions/10852/whats-the-difference-between-sbin-nologin-and-bin-false#10867 + - its possible to re-enable it with **sudo usermod --shell /bin/bash ecowan** + - to see the shell of a user : **grep /etc/passwd** - added ssh pub key by running this command in local : - - ssh-copy-id username@server_ip + - **ssh-copy-id username@server_ip** + - then changed ssh configuration file `/etc/ssh/sshd_config` to enable ssh key connection only : + - Set PasswordAuthentication no to disable password-based authentication + - Set ChallengeResponseAuthentication no to disable any keyboard-interactive authentication + - Ensure that PubkeyAuthentication yes is set to allow public key authentication + - restart ssh with **sudo service ssh restart** + - create a new user "user_sav" with the same ssh key to have a backup connection + - if i wanted i should change file `/etc/ssh/sshd_config`, and add the 3 commented lines : + - #Match User user_sav + #PasswordAuthentication yes + #Match all + PasswordAuthentication no + PermitEmptyPasswords no + - to let user_sav be able to connect with a password instead of a ssh key