(Ci vuole un Fiore)

It takes a Flower

Tomorrowdata's Blog

Create a cloud-ready user on Ubuntu

You have an ubuntu server machine on some cloud.
You want to ssh without being prompted for the password.
You want to sudo without being prompted for the password.
You need to remotely automate some tasks on that machine and you need a suitable user to do that.

At the end: you need a user without a password. That is a cloud-ready user.

Let’s say the username you want to create is “admin”, and that you can temporary login with another sudoers user.

First of all (use adduser, avoid useradd):
sudo adduser --disabled-password admin

Prepare ssh authorization stuff:

sudo mkdir ~/../admin/.ssh
sudo chmod 700 ~/../admin/.ssh/
sudo touch ~/../admin/.ssh/authorized_keys
sudo chmod 600 ~/../admin/.ssh/authorized_keys
sudo chown admin:admin ~/../admin/.ssh/
sudo chown admin:admin ~/../admin/.ssh/authorized_keys

Make sure sshd is configured to accept RSA and pubkey authentication:
sudo nano /etc/ssh/sshd_config
verify the following lines are present, otherwise add / correct them:
RSAAuthentication yes
PubkeyAuthentication yes
Please note that key #AuthorizedKeysFile can stay commented out.
If you had to change the config:
sudo service ssh restart

If you don’t already have one, generate your pub/private cert:
From your desktop (or from wherever you want to start ssh into the cloud):
mkdir ~/.ssh
chmod 700 ~/.ssh
ssh-keygen -t rsa
Then (via ssh on previous user) copy-paste the pub key into ~/../admin/.ssh/authorized_keys

Last, add admin user to the NOPASSWD sudoers:
sudo visudo
add the following at the end:
admin ALL=(ALL) NOPASSWD:ALL
and restart sudo service:
sudo service sudo restart

And now, to connect from your local desktop:
ssh -i ~/.ssh/[your private key] admin@[IP or hostname of your remote cloud ubuntu]

or you can add a ~/.ssh/config file with the following:
Host [your favorite endpoint name]
Hostname IP or hostname of your remote cloud ubuntu
User admin
IdentityFile ~/.ssh/[your private key]

and with that, simply:
ssh [your favorite endpoint name]
to come in and start working!