3초기억력

AWS-CentOS use not user 'root' 본문

플밍_기타

AWS-CentOS use not user 'root'

잠수콩 2018. 11. 14. 12:48



제목 : AWS-CentOS use not user 'root'




소스 :




내용 :


CentOS allows SSH access for the user root. Following security best practices it is advisable to disable SSH access for the user root and access SSH using accounts other than root and use the sudo command when root privileges are required. This document describes how to manually replace the root user with a new user. The following steps assume you have installed a CentOS AMI [Amazon Machine Image] Data contained in is user defined Commands are in italic This example creates ec2-user as both the group and the new user, this is not required you are free to use any naming convention. 1. Add a new Group and user ssh to your newly launched EC2 CentOS Instance using the default root user Create a new group groupadd –g <500> Create a new user useradd Add user to the new group useradd -g ec2-user ec2-user 2. Create the .ssh dir When your user has been created you will need to add the .ssh directory, to store the authentication_keys file. mkdir /home/ec2-user/.ssh 3. Add the new group and user to sudoers file sudo visudo add the following lines to the sudoers file PLEASE NOTE: Changes to sudoers MUST be carried out using visudo to avoid errors. Usage notes: when editing a file using vim: i = insert mode, use this to enter text. Once you have entered the entire text; exit insert mode by hitting escape key. To save the file use :wq add to user section ALL=(ALL) ALL add to the group section %ec2-user ALL=(ALL) ALL then add, typically just below group %ec2-user ALL=(ALL) NOPASSWD: ALL save the file, and exit 4. Copy ssh public key from root cp /root/.ssh/authorized_keys /home//.ssh/authorized_keys 5. Set permissions The new user needs permission to authorized_keys chown -R ec2-user:ec2-user /home/ec2-user/ Test that your new user works as expected, login and try a sudo command 6. Clean up Remove /root/.ssh/authorized_keys Sudo rm /root/.ssh/authorized_keys





예제 소스 파일 : 

CentOS_User_Add_Instructions.pdf



 출처 :  https://awsmp-usageinstructions.s3.amazonaws.com/CentOS_User_Add_Instructions.pdf




Comments