Add a new user for ssh access

Software SW tweaks
1

I want to use another user, not root, for access with ssh. I want to use the command su to elevate the rights of this user when logged in via ssh. I also want to have a key only login for this user and disable root from ssh access. I’ve done this before on other -nix systems. I used the useradd command and created a user. I’m used to get some questions about the user ie. which group and so on, but I got nothing. I cannot see any administrative possibilities via LuCi to configure the user. I need some pointers on how to achieve this in Turris.

2 Likes
2

There is no su command in OpenWRT or TurrisOS. You can create regular users by manually editting /etc/passwd but such users will not be able to do any administrative tasks.

I would recommend creating a LXC container, where you can use linux distribution of your choice in a way you are used to.

3

Thank you Ondrej. That might be a bit to ambitious for me :wink: I’ll stay with root for the moment.

4

Simple:

  1. Access the LuCI interface

  2. Go to System->Software and look for the sudo package

  3. Install the sudo package

  4. Login to the CLI of the Omnia

  5. Create a home folder
    mkdir /home

  6. Create a new user by running useradd
    useradd -m -b /home -g 100 -s /bin/ash <username>

  7. Set the password
    passwd <username>

  8. Create the sudo group
    groupadd sudo

  9. Add user to sudo group
    usermod -a -G sudo <username>

  10. Edit the sudoers file to allow user of group sudo to become root
    vi /etc/sudoers

remove the # from the line: # %sudo ALL=(ALL) ALL
close and save the file

  1. Try to login with the new user to confirm its working
  2. Ensure that ROOT can not be used as login with SSH in the future:
    vi /etc/config/sshd

add a # infront of the line: option PermitRootLogin yes
close and save the file

  1. Restart the sshd
    /etc/init.d/sshd restart

  2. Done - now only the user can loigin

  3. To run a command with root rights use
    sudo <command>

If you add more users like above they can also login via SSH. If you add them to the sudo’er group they also can elevate right to root.

Actually surprised that a moderator does not know this - basic linux 101 …

9 Likes