From e2ac1f9c5132d6616e103604c14466788fa49014 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sat, 24 Nov 2018 12:38:25 +0100
Subject: Initial draft.

---
 ADMIN.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 ADMIN.md

(limited to 'ADMIN.md')

diff --git a/ADMIN.md b/ADMIN.md
new file mode 100644
index 0000000..9e3943a
--- /dev/null
+++ b/ADMIN.md
@@ -0,0 +1,51 @@
+# Shell access administration
+
+Accounts can optionally be granted shell access.
+
+
+## Shell
+
+Enable shell access like this:
+
+	chsh -s /bin/bash $USER
+
+Disable shell access like this:
+
+	chsh -s /bin/false $USER
+
+
+### Remote
+
+Ensure that the account contains user contact info
+(full name, email, and cellphone number).
+
+Request one or more ssh public keys from the user.
+
+Create folder ~$USER/.ssh:
+
+	mkdir -p ~$USER/.ssh
+	chown $USER: ~$USER/.ssh
+	chmod u=rwX,go= ~$USER/.ssh
+
+Create the file ~$USER/.ssh/authorized_keys:
+
+	touch ~$USER/.ssh/authorized_keys
+	chown $USER: ~$USER/.ssh/authorized_keys
+	chmod u=rw,go= ~$USER/.ssh/authorized_keys
+
+Add SSH key in ~$USER/.ssh/authorized_keys
+
+RFC4716-style keys e.g. from PuTTY can be converted like this:
+
+	ssh-keygen -f $FILE -i
+
+
+## Root
+
+Check that the user understands the responsibilities involved!
+
+Check again!
+
+Add account to group "sudo":
+
+	adduser $USER sudo
-- 
cgit v1.2.3