Quickly and securely create user accounts for Linux operating systems

Article Title: quickly and securely create a Linux operating system user account. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

If you need to create a user account to allow access to the system shell, the only logical choice for the logon tool is OpenSSH. All you need is the public key of the user. The user only needs your IP address or host name (the user needs to log on here ). Generally, this is enough.

Sometimes, users may need to know what their passwords are. If you need to use the Sudo program, you must use a password for authentication. Ideally, this information is provided by phone or encrypted email, but the password itself is sometimes provided through an email in plaintext or plain text.

Ideally, create a user account, obtain the user's SSH public key, and create a random password for the user. After the user logs on, change the password immediately. These are easy to complete.

This is quite simple for users. To create a pair of public/private keys, run the following command:

$ Ssh-keygen-t dsa

You should also ask the user to send ~ /. Ssh/id_dsa.pub file. On the server side, things are not too difficult. First, you need to create a user account:

# Useradd-c "Joe User"-s/bin/bash-m joe

# Openssl rand-base64 6 | tee-~ Joe/. password | passwd-stdin joe

This creates a user named joe, assigns a random password to the user, and stores the same password in ~ In joe/. password, joe can see the password here.

If you have locked your account through/etc/ssh/sshd_config, remember to add the following command to allow joe to access the system:

AllowUsers joe

In addition, set PasswordAuthentication to no to force all logins to use the public key.

Finally, you must copy the id_dsa.pub key to your home directory and assign the following ownership and permissions:

# Mkdir ~ Joe/. ssh

# Chmod 700 ~ Joe/. ssh

# Cp id_dsa.pub ~ Joe/. ssh/authorized_keys

# Chmod 600 ~ Joe/. ssh/authorized_keys

# Chown-R joe: joe ~ Joe/. ssh

All right, all done. Now users can use their SSH private key to log on, and can access Sudo or need an actual password for authentication.