From e2ac1f9c5132d6616e103604c14466788fa49014 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Sat, 24 Nov 2018 12:38:25 +0100 Subject: Initial draft. --- ADMIN.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 17 +++++++++++++++++ USE.md | 41 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 109 insertions(+) create mode 100644 ADMIN.md create mode 100644 README.md create mode 100644 USE.md diff --git a/ADMIN.md b/ADMIN.md new file mode 100644 index 0000000..9e3943a --- /dev/null +++ b/ADMIN.md @@ -0,0 +1,51 @@ +# Shell access administration + +Accounts can optionally be granted shell access. + + +## Shell + +Enable shell access like this: + + chsh -s /bin/bash $USER + +Disable shell access like this: + + chsh -s /bin/false $USER + + +### Remote + +Ensure that the account contains user contact info +(full name, email, and cellphone number). + +Request one or more ssh public keys from the user. + +Create folder ~$USER/.ssh: + + mkdir -p ~$USER/.ssh + chown $USER: ~$USER/.ssh + chmod u=rwX,go= ~$USER/.ssh + +Create the file ~$USER/.ssh/authorized_keys: + + touch ~$USER/.ssh/authorized_keys + chown $USER: ~$USER/.ssh/authorized_keys + chmod u=rw,go= ~$USER/.ssh/authorized_keys + +Add SSH key in ~$USER/.ssh/authorized_keys + +RFC4716-style keys e.g. from PuTTY can be converted like this: + + ssh-keygen -f $FILE -i + + +## Root + +Check that the user understands the responsibilities involved! + +Check again! + +Add account to group "sudo": + + adduser $USER sudo diff --git a/README.md b/README.md new file mode 100644 index 0000000..0cf772d --- /dev/null +++ b/README.md @@ -0,0 +1,17 @@ +# Overview of shell accounts + +[[domain virtual-assembly]] offers optional shell accounts for members. +User must provide contact information. + + +## Privacy + +Account content is readable by other users by default. +User contact information is accessible to other users. + + +## Features + +Access via Secure Shell (ssh) is granted by default. + +Access to other accounts, including root access, is granted as needed. diff --git a/USE.md b/USE.md new file mode 100644 index 0000000..e5774bd --- /dev/null +++ b/USE.md @@ -0,0 +1,41 @@ +# Shell introduction + +As member of [[org Virtual Assembly]] +you can get a shell account at [[!host shell.virtual-assembly.org]]. + +You need to [[contact sysadmins]] to get your shell account created. +Provide your full name, email, and cellphone number, +which is shared with all users +for use in case of problems with your account. +You may also suggest a name for your account +(only lower-case simple letters). + + +## Remote access + +Your shell environment is accessed via Secure Shell (ssh) +authenticated by one or more public keys that you provide. + +Ssh public keys are stored on your own computer. + +Existing public keys can often be shown like this: + + cat ~/.ssh/id_*.pub + +You can create a new key with a command like this: + + ssh-keygen -t ed25519 + +On Windows systems above does not work, +and you can instead try use the tool PuTTY. + + +## Mosh + +Regular SSH access require a reliable and responsive internet access. + +Optionally you can use the SSH wrapper tool [Mosh][] +which allows your shell sessions to survive disruptive connections. + +[Mosh]: + "Mobile Shell" -- cgit v1.2.3