Shell access administration
Accounts can optionally be granted shell access.
Shell
Enable shell access like this:
chsh -s /bin/bash $USER
Disable shell access like this:
chsh -s /bin/false $USER
Remote
Ensure that the account contains user contact info
(full name, email, and cellphone number).
Request one or more ssh public keys from the user.
Create folder ~$USER/.ssh:
mkdir -p ~$USER/.ssh
chown $USER: ~$USER/.ssh
chmod u=rwX,go= ~$USER/.ssh
Create the file ~$USER/.ssh/authorized_keys:
touch ~$USER/.ssh/authorized_keys
chown $USER: ~$USER/.ssh/authorized_keys
chmod u=rw,go= ~$USER/.ssh/authorized_keys
Add SSH key in ~$USER/.ssh/authorized_keys
RFC4716-style keys e.g. from PuTTY can be converted like this:
ssh-keygen -f $FILE -i
Root
Check that the user understands the responsibilities involved!
Check again!
Add account to group "sudo":
adduser $USER sudo
