I want to use another user, not root, for access with ssh. I want to use the command su to elevate the rights of this user when logged in via ssh. I also want to have a key only login for this user and disable root from ssh access. I’ve done this before on other -nix systems. I used the useradd command and created a user. I’m used to get some questions about the user ie. which group and so on, but I got nothing. I cannot see any administrative possibilities via LuCi to configure the user. I need some pointers on how to achieve this in Turris.
There is no su
command in OpenWRT or TurrisOS. You can create regular users by manually editting /etc/passwd
but such users will not be able to do any administrative tasks.
I would recommend creating a LXC container, where you can use linux distribution of your choice in a way you are used to.
Thank you Ondrej. That might be a bit to ambitious for me I’ll stay with root for the moment.
Simple:
-
Access the LuCI interface
-
Go to System->Software and look for the sudo package
-
Install the sudo package
-
Login to the CLI of the Omnia
-
Create a home folder
mkdir /home
-
Create a new user by running useradd
useradd -m -b /home -g 100 -s /bin/ash <username>
-
Set the password
passwd <username>
-
Create the sudo group
groupadd sudo
-
Add user to sudo group
usermod -a -G sudo <username>
-
Edit the sudoers file to allow user of group sudo to become root
vi /etc/sudoers
remove the # from the line: # %sudo ALL=(ALL) ALL
close and save the file
- Try to login with the new user to confirm its working
- Ensure that ROOT can not be used as login with SSH in the future:
vi /etc/config/sshd
add a # infront of the line: option PermitRootLogin yes
close and save the file
-
Restart the sshd
/etc/init.d/sshd restart
-
Done - now only the user can loigin
-
To run a command with root rights use
sudo <command>
If you add more users like above they can also login via SSH. If you add them to the sudo’er group they also can elevate right to root.
Actually surprised that a moderator
does not know this - basic linux 101 …