====== Create a new user and allow ssh access ======
useradd -g group_name nyeates
passwd nyeates
su - nyeates
cd $HOME/.ssh/authorized_keys # paste public key in this file
/etc/ssh/sshd_config # important directory for ssh settings
====== Setup remote SSH keypair connection ======
This explains how to setup SSH key authentication to remote unix servers. Basically you can SSH into a shell without having to remember the password. The remote server has your public key, and your local machine has the matching private key. The remote server can verify you are legit by seeing if the public key it has, matches the private key that you keep secret.
===== 1) Make a new SSH keypair (public & private) =====
* ssh-keygen -b 1024
* makes ~/.ssh/id_rsa and id_rsa.pub
* Can also use option -b 2048 for longer, more secure keys
===== 2) See public key =====
* cat ~/.ssh/*.pub
===== 3) Give public key to server you want access to =====
==== Get file to server's authorized_keys file ====
* Method 1: Secure copy it over
*
scp ~/.ssh/id_rsa.pub remoteuser@remotehost:~/
ssh remoteuser@remotehost
cat id_rsa.pub >> ~/.ssh/authorized_keys
rm id_rsa.pub
exit
ssh remoteuser@remotehost (no password needed now!)
* Method 2: Copy/paste it over
* login to remote server (ssh)
* nano authorized_keys
* add pub key to new line (from cat above)
Howto also located at: http://www.debuntu.org/ssh-key-based-authentication
====== More Information ======
===== Using the config file for easy access =====
Following allows a shortcut of ''ssh lms'' to be used
In your ~/.ssh/ directory create or edit the ''config'' file
Host lms*
User admin
KeepAlive yes
Hostname lms.yeates.com
IdentityFile ~/awsnickkey.pem
http://linux.die.net/man/5/ssh_config
===== Reverse tunnel =====
ssh -R 5501:localhost:22 customer@bastion.host.com
* Port forward anything that comes into 5501 on bastion, to 22 on local that this command is run from
* customer is a special account for others connecting in; it is an acct on the bastion server
ssh nyeates@bastion.host.com
ssh -v -p 5501 remoteuser@localhost
OR
ssh -v -p 5501 '-L*:23502:localhost:80' remoteuser@localhost
* Connect to bastion and then to customer
* Second and third commands are to be run from bastion.host.com
* Third command forwards requests from the service providers local machine, through bastions 23502, and to the remoteusers port 80 (web). This way you can see a web interface that is exposed on the client side.
http://bastion.host.com:23502/
* See the remoteusers web interface
===== Sudo access for other user =====
edit ''/etc/sudoers'' as root and add the following line:
nyeates ALL=(zenoss) NOPASSWD: ALL
It will allow the zenoss user to run any command as user zenoss, without a password prompt.