Differences

This shows you the differences between two versions of the page.

--- howto:setup-sscs-linux-account-public-keys [2025/03/10 20:25] – [One-stop script to create the sscs account] jnilsson
+++ howto:setup-sscs-linux-account-public-keys [2025/03/12 22:01] (current) – [One-stop script to create the sscs account] jnilsson
@@ Line 11: / Line 11: @@
 <code>
 curl -O -L https://sites.socsci.uci.edu/~jnilsson/sscs/setup-sscs-account.sh
+chmod +x ./setup-sscs-account.sh
 sudo ./setup-sscs-account.sh
 </code>
@@ Line 18: / Line 19: @@
 SSCS_HOME=/home/sscs
 sudo useradd -c "Computing Services" -m -d $SSCS_HOME -s /bin/bash sscs
-echo "sscs    ALL=(ALL)   ALL" | sudo tee -a /etc/sudoers.d/sscs
+echo "sscs    ALL=(ALL)   ALL" | sudo tee /etc/sudoers.d/sscs > /dev/null
 sudo mkdir -p $SSCS_HOME/.ssh
 sudo chmod 700 $SSCS_HOME/.ssh
 sudo touch $SSCS_HOME/.ssh/authorized_keys
 sudo chmod 600 $SSCS_HOME/.ssh/authorized_keys
-echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWfC91AllbEn9VYT9a0838A/55rWtrSY/dm48fedc38 jnilsson@C21121501.local" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
+sudo chown -R sscs:sscs $SSCS_HOME/.ssh
+echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPWfC91AllbEn9VYT9a0838A/55rWtrSY/dm48fedc38 jnilsson@storgy.local" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
+echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDoygQr0UQLtpguLWJYiEBZWXUFEkUXVacE6sBZtn/6Z jnilsson@devjpn" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
+echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKH3jg7avVgdyx1jltUp9nJ02DOE9XH3hfcGBQI6KrVs sscs@gunship" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
+echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqAc8VSY9DFEzzumkn1d2S1ytpYOWHSJkbOWN1HjFQR sscs@crateria" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
+echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4u9RrufB93/AS2lsBVet4+U5rizO8noDKTSHhcLmli justip6@Zaire" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
+echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIErG9uQN2VUNqIjNowRw1J18T8dORd2HhJi3zl9Vs7+t justip6@zeon.ss2k.uci.edu" | sudo tee -a $SSCS_HOME/.ssh/authorized_keys
 </file>
 If you don't want the home directory to be /home/sscs, you can easily set your own SSCS_HOME variable to whatever location you choose and then copy/paste the rest of the commands. Or if you download the ''setup-sscs-account.sh'' script and you want to change the location of the sscs account home directory, modify the script accordingly before executing it.
+===== How to: Disable SSH Password Authentication ======
+Disabling Password Authentication is generally as simple as setting the option ''PasswordAuthentication no'' in the /etc/ssh/sshd_config file and then restarting the sshd service.
+However, we've discovered that some linux distributions add another configuration file **/etc/ssh/sshd_config.d/50-cloud-init.conf** which contains ''PasswordAuthentication yes'' to force password authentication to be enabled.
+Therefore, the easiest way to universally disable password authentication is to create a new file that sorts lexicographically before any other files that might be created in there, such as **00-disable-password-auth.conf**:
+<file>
+PasswordAuthentication no
+</file>
+After setting the ''PasswordAuthentication'' option to ''no'' you must reload the sshd daemon to get this setting to take effect:
+  * on Debian/Ubuntu:<code>
+systemctl reload ssh
+</code>
+  * on RHEL/Rocky:<code>
+systemctl reload sshd
+</code>