Re: [bitfolk] Adding a new user

Hello,

On Tue, Sep 14, 2021 at 09:01:35AM +0100, Andres Muniz wrote:
> I would like to add a new user to the server.
>
> I found the following guide works for me:
>
> https://thucnc.medium.com/how-to-create-a-sudo-user-on-ubuntu-and-allow-ssh-login-20e28065d9ff

Seems okay only a couple of comments:

- I don't know why it's saying "ssh root@server_address" as the
first step when root login is normally disabled on ubuntu, and
then it doesn't use root login anywhere else in the instructions
anyway - it just uses sudo.

- Creating ~/.ssh and editing ~/.ssh/authorized_keys: It might be
worth mentioning that the permissions on these files/directory
need to be quite tight. Depending on what your user's umask is,
creating them may leave them as "other" readable and then sshd
will ignore them.

I tend to recursively remove all group and other permissions after
creating authorized_keys:

$ chmod -Rc go= ~/.ssh

Or if doing this for another user:

$ sudo chmod -Rc go= ~user/.ssh

R - recursive
c - show changes
go= - set group and other permissions to nothing

I would echo the other comments about securing SSH. If possible it
would be really good to turn off password access and only allow
access by SSH public keys. The most common form of compromise here
is still brute force SSH dictionary attack. It only takes someone to
set their password to something weak, or for example if someone were
to add a user "mysite" with password "mysite" never intended to log
in only to hold files for a web site. That has happened before
(there are better ways to do that though).

Cheers,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting