How to Create an Account with only SSH Access

matthew.collins · 03-09-2006, 07:57 PM

Hello,

Sorry for the complete newbie question but...

I have a Windows 2003 Domain with a SME linux box running as my gateway. I can SSH into the SME box and then RDP into my desktop at work; using the root account on the SME box.

I'd like to set this kind of access up for some of the executives at place of work, but dont want them logging in with the root account. Can someone please send me a quick how-to for setting up an account on the SME box that only has SSH access and can't modify or change anything on the it?

Any help would be much appreciated!

Thanks,

Matthew Collins

gilead · 03-09-2006, 08:13 PM

It sounds like you just want to add an ordinary user to the Linux box. Have you tried the useradd tool (it creates a user based on the command line parameters you give it) or the adduser tool (it creates a user based on the answers you give to its prompts)?

In either case an ordinary user is limited in what they can change or access on the box. I'd recommend that you don't use root to login to the SSH server either. Just su when you need to perform administrative tasks.

matthew.collins · 03-09-2006, 08:15 PM

Gilead,

Thanks...You sure just adding a user using useradd will not give them too much permission on the box? I figured there'd be some way of locking it down more.

Matthew Collins

gilead · 03-09-2006, 08:27 PM

Usually that's fine Matthew. With default permissions they can't delete system configuration files or application programs and they can't see inside system logs. They can delete their own stuff in their home directory, but that sort of thing can be retrieved from backups.

Unix system are designed for multiple users so you can be pretty confident. Just don't give them the root account's password

matthew.collins · 03-09-2006, 08:30 PM

Steve,

Thank you... I'll keep the root password in a safe spot

Matthew Collins