We can setup Linux VMs in Azure for various reasons. Maybe it is for setting up a Jenkins or Ansible server. If we are setting up Ansible on a Linux VM in Azure it is recommended to use a separate user with Admin permissions, instead of the default user who has the root access as well. This is beneficial as in case we need to reset access for the default user, we can do so without harming anything setup for Ansible. In this post let us look at steps to add an additional admin user to Ubuntu Linux VM in Azure and how we can enable ssh to the VM with that user.
First SSH into the Linux VM in Azure using the private key for the default user. You can use putty on Windows if your machine is running on Windows.
To create the user, we can use the useradd command. The user with home as home/username will be created when we use the command with -m.
sudo useradd -m <username>
Using the usermod command as below will allow us to add the user as admin (who can execute sudo commands).
sudo usermod -aG sudo <username>
For setting up a password for new user we can use the passwd command. We need a password until we setup public key of the user. Later on we can remove the password of the new user.
sudo passwd <username>
Then to ensure we are not overwriting anything on the default user lets switch user using su command to the new user. Once we do you can see the new user is selected as the current user.
sudo su <username>
Just to ensure that we do not tamper with the default user public key, let’s check ~/.ssh/authorized_keys, where the public key for a user would be stored. When we try to print content there is n such public key or path indicates that we have correctly switched to the new user and we are not touching the public key path if the default user of the Linux VM.
cat ~/.ssh/authorized_keys
Now let’s create folder for keeping public key for the new user.
sudo mkdir ~/.ssh
As next step let’s create and store the public key in authorized_keys in the ~./ssh folder for the new user. nano file path will open up an editor window.
nano ~/.ssh/authorized_keys
Now in your windows machine you can create new key pair with puttygen for the new user. Save both public and private keys to your Windows machine. You may use a paraphrase so that you have to provide it while ssh to the Linux VM with the new user. If used puttygen to generate keypair, make sure to copy and bring public key to a single line string as it is generated as multiline. Open in a notepad and prefix ssh-rsa and ensure single string for public key without return keys. Then paste the ssh key into the nano editor and save the file as authorized_keys.
Now if you print the content of the path ~/.ssh/authorized_keys for the new user it should show the public key.
cat ~/.ssh/authorized_keys
For further securing the public key for the user you can execute chmod 0700 command for ~/ssh folder so that only the owner is allowed to read, write, execute permissions in the folder. Then we can set the new user as owner of the folder using chown command. To further secure the public key we can make it read only for everyone by using chmod 0644 for the file.
sudo chmod 0700 ~/.ssh
sudo chown <username> ~/.ssh
sudo chmod 0644 ~/.ssh/authorized_keys
Then we can switch back to the default user and remove the password of the new user completely so that the user would only be able to ssh with the private key of the key pair and using the paraphrase. To delete new user password, you can execute passwd command with -d switch to delete password and -l switch to disable adding a new password (However can add a new password with sudo if needed).
sudo passwd -d -l <username>
Now you can ssh with new user to the Linux VM in Azure.
No comments:
Post a Comment