Initial draft.

3 files changed, 109 insertions, 0 deletions

diff --git a/ADMIN.md b/ADMIN.md
new file mode 100644
index 0000000..9e3943a
--- /dev/null
+++ b/ADMIN.md
@@ -0,0 +1,51 @@
+# Shell access administration
+
+Accounts can optionally be granted shell access.
+
+
+## Shell
+
+Enable shell access like this:
+
+	chsh -s /bin/bash $USER
+
+Disable shell access like this:
+
+	chsh -s /bin/false $USER
+
+
+### Remote
+
+Ensure that the account contains user contact info
+(full name, email, and cellphone number).
+
+Request one or more ssh public keys from the user.
+
+Create folder ~$USER/.ssh:
+
+	mkdir -p ~$USER/.ssh
+	chown $USER: ~$USER/.ssh
+	chmod u=rwX,go= ~$USER/.ssh
+
+Create the file ~$USER/.ssh/authorized_keys:
+
+	touch ~$USER/.ssh/authorized_keys
+	chown $USER: ~$USER/.ssh/authorized_keys
+	chmod u=rw,go= ~$USER/.ssh/authorized_keys
+
+Add SSH key in ~$USER/.ssh/authorized_keys
+
+RFC4716-style keys e.g. from PuTTY can be converted like this:
+
+	ssh-keygen -f $FILE -i
+
+
+## Root
+
+Check that the user understands the responsibilities involved!
+
+Check again!
+
+Add account to group "sudo":
+
+	adduser $USER sudo
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0cf772d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,17 @@
+# Overview of shell accounts
+
+[[domain virtual-assembly]] offers optional shell accounts for members.
+User must provide contact information.
+
+
+## Privacy
+
+Account content is readable by other users by default.
+User contact information is accessible to other users.
+
+
+## Features
+
+Access via Secure Shell (ssh) is granted by default.
+
+Access to other accounts, including root access, is granted as needed.
diff --git a/USE.md b/USE.md
new file mode 100644
index 0000000..e5774bd
--- /dev/null
+++ b/USE.md
@@ -0,0 +1,41 @@
+# Shell introduction
+
+As member of [[org Virtual Assembly]]
+you can get a shell account at [[!host shell.virtual-assembly.org]].
+
+You need to [[contact sysadmins]] to get your shell account created.
+Provide your full name, email, and cellphone number,
+which is shared with all users
+for use in case of problems with your account.
+You may also suggest a name for your account
+(only lower-case simple letters).
+
+
+## Remote access
+
+Your shell environment is accessed via Secure Shell (ssh)
+authenticated by one or more public keys that you provide.
+
+Ssh public keys are stored on your own computer.
+
+Existing public keys can often be shown like this:
+
+	cat ~/.ssh/id_*.pub
+
+You can create a new key with a command like this:
+
+	ssh-keygen -t ed25519
+
+On Windows systems above does not work,
+and you can instead try use the tool PuTTY.
+
+
+## Mosh
+
+Regular SSH access require a reliable and responsive internet access.
+
+Optionally you can use the SSH wrapper tool [Mosh][]
+which allows your shell sessions to survive disruptive connections.
+
+[Mosh]: <https://mosh.org/>
+  "Mobile Shell"