SocSci Computing Services Help Pages

User Tools

Site Tools

Trace:
howto:setup-sscs-linux-account-public-keys

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
howto:setup-sscs-linux-account-public-keys [2025/03/10 20:24] – created jnilssonhowto:setup-sscs-linux-account-public-keys [2025/07/17 18:32] (current) – [How to: Disable SSH Password Authentication] jnilsson
Line 7: Line 7:
 ===== One-stop script to create the sscs account ===== ===== One-stop script to create the sscs account =====
  
-You can simply copy and paste the below code:+You can simply copy and paste the below code to download a script that we've set up for this purpose and execute it with sudo: 
 + 
 +<code> 
 +curl -O -L https://sites.socsci.uci.edu/~jnilsson/sscs/setup-sscs-account.sh 
 +chmod +x ./setup-sscs-account.sh 
 +sudo ./setup-sscs-account.sh 
 +</code> 
 + 
 +Or if you prefer to run commands yourself, these are the equivalent commands:
 <file> <file>
 SSCS_HOME=/home/sscs SSCS_HOME=/home/sscs
 sudo useradd -c "Computing Services" -m -d $SSCS_HOME -s /bin/bash sscs sudo useradd -c "Computing Services" -m -d $SSCS_HOME -s /bin/bash sscs
-echo "sscs    ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/sscs+echo "sscs    ALL=(ALL)   ALL" | sudo tee /etc/sudoers.d/sscs > /dev/null
 sudo mkdir -p $SSCS_HOME/.ssh sudo mkdir -p $SSCS_HOME/.ssh
 sudo chmod 700 $SSCS_HOME/.ssh sudo chmod 700 $SSCS_HOME/.ssh
 sudo touch $SSCS_HOME/.ssh/authorized_keys sudo touch $SSCS_HOME/.ssh/authorized_keys
 sudo chmod 600 $SSCS_HOME/.ssh/authorized_keys sudo chmod 600 $SSCS_HOME/.ssh/authorized_keys
-echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWfC91AllbEn9VYT9a0838A/55rWtrSY/dm48fedc38 jnilsson@C21121501.local" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys+sudo chown -R sscs:sscs $SSCS_HOME/.ssh 
 +echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWfC91AllbEn9VYT9a0838A/55rWtrSY/dm48fedc38 jnilsson@storgy.local" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys 
 +echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDoygQr0UQLtpguLWJYiEBZWXUFEkUXVacE6sBZtn/6Z jnilsson@devjpn" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys 
 +echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH3jg7avVgdyx1jltUp9nJ02DOE9XH3hfcGBQI6KrVs sscs@gunship" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys 
 +echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqAc8VSY9DFEzzumkn1d2S1ytpYOWHSJkbOWN1HjFQR sscs@crateria" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys 
 +echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4u9RrufB93/AS2lsBVet4+U5rizO8noDKTSHhcLmli justip6@Zaire" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys 
 +echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIErG9uQN2VUNqIjNowRw1J18T8dORd2HhJi3zl9Vs7+t justip6@zeon.ss2k.uci.edu" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys 
 +echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtdfuw5hq6naiRnVCAKEUhpYTazWC5WE7rxCcXLN/cU lhtran@bahamut-zero.local" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys 
 +echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK5DC1gTDzQtcNhvoCkgUzsf7ntvP/Ldac3EAgZ9Y/yc soceco\lmonzon@TECDSHHS9WX3" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
 </file> </file>
  
-Or download and run the script that we've set up to do this for you+If you don't want the home directory to be /home/sscs, you can easily set your own SSCS_HOME variable to whatever location you choose and then copy/paste the rest of the commands. Or if you download the ''setup-sscs-account.sh'' script and you want to change the location of the sscs account home directory, modify the script accordingly before executing it. 
-<code> + 
-curl -O -L https://sites.socsci.uci.edu/~jnilsson/sscs/setup-sscs-account.sh + 
-sudo ./setup-sscs-account.sh+===== How to: Disable SSH Password Authentication ====== 
 + 
 +Disabling Password Authentication is generally as simple as setting the option ''PasswordAuthentication no'' in the /etc/ssh/sshd_config file and then restarting the sshd service. 
 + 
 +However, we've discovered that some linux distributions add another configuration file **/etc/ssh/sshd_config.d/50-cloud-init.conf** which contains ''PasswordAuthentication yes'' to force password authentication to be enabled. 
 + 
 +Therefore, the easiest way to universally disable password authentication is to create a new file that sorts lexicographically before any other files that might be created in there, such as **00-disable-password-auth.conf**: 
 +<file> 
 +PasswordAuthentication no 
 +</file> 
 + 
 +After setting the ''PasswordAuthentication'' option to ''no'' you must reload the sshd daemon to get this setting to take effect: 
 + 
 +  * on Debian/Ubuntu:<code> 
 +sudo systemctl reload ssh 
 +</code> 
 +  * on RHEL/Rocky:<code> 
 +sudo systemctl reload sshd
 </code> </code>
  
-If you don't want the home directory to be /home/sscs, you can easily set your own SSCS_HOME variable to whatever location you choose and then copy/paste the rest of the commands. Or if you download the ''setup-sscs-account.sh'' script and you want to change the location of the sscs account home directory, modify the script accordingly before executing it. 
howto/setup-sscs-linux-account-public-keys.1741638276.txt.gz · Last modified: 2025/03/10 20:24 by jnilsson