How to give SSH access to another person, such as a customer?
Step 1: Create private/public keys for the new account
If the person to whom you wish to give access does not have a private/public key pair yet, he or she must first generate this key pair.
To generate a new SSH key pair, use PuTTYgen (Windows) or the ssh-keygen command (Linux and Mac OS X). For instructions on how to use PuTTYgen, refer to this page. For instructions on how to use ssh-keygen, refer to this page.
The generated key pair will contain two files:
- A private key. This should not be shared with anyone else. The user will need this to access the server.
- A public key. The user should share this with you to gain access to the server. Copy this public key file to the server. This example assumes that the public key file is named USERNAME.pub.
Now, there are two ways to proceed:
- Option A: Create a separate account for the new user (recommended).
- Option B: Allow the new user to log into the server using the existing bitnami user account.
Step 2 (Option A): Create a separate account for the new user
Follow the steps below:
- Log in to the server console as the bitnami user.
Create a new user account that will share the same user privileges as the bitnami user. Replace the USERNAME placeholder with the username for the new account.
$ sudo useradd -s /bin/bash -o -u `id -u` -g `id -g` USERNAME
This will create an alias user for the bitnami account, giving it the same privileges.
Configure SSH access for the new user account, by copying the /home/bitnami/.ssh directory to the new user's home directory. As before, replace the USERNAME placeholder with the username for the new account.
$ sudo mkdir ~USERNAME/ $ sudo cp -rp ~bitnami/.ssh ~USERNAME/ $ sudo cp -rp ~bitnami/.bashrc ~USERNAME/ $ sudo cp -rp ~bitnami/.profile ~USERNAME/
Add the content of the user's public key file to the /home/USERNAME/.ssh/authorized_keys file. In this example, the user's public key is assumed to be in USERNAME.pub:
$ cat USERNAME.pub >> /home/USERNAME/.ssh/authorized_keys
To grant other users access to the server using this same account, repeat the last step and add each user's public key to the authorized_keys file.
To allow the new user to execute commands as the root user, add the new user account to the bitnami-admins group, by executing the following command when logged in as the bitnami user:
$ sudo usermod -G bitnami-admins USERNAME
To delete the new user account, execute the following command:
$ sudo userdel USERNAME -f
Confirm that the account has been successfully removed by executing the command below:
$ id USERNAME
Step 2 (Option B): Allow the new user to log in using the bitnami account
Follow these steps:
Back up your list of authorized keys:
$ cp /home/bitnami/.ssh/authorized_keys /home/bitnami/.ssh/authorized_keys.bak
Add the new user's public key to the authorized_keys file. Perform this step carefully to ensure that existing keys are not modified or deleted, as an error could result in you losing all SSH access to the server. In this example, the new user's public key is assumed to be in USERNAME.pub:
$ cat USERNAME.pub >> /home/bitnami/.ssh/authorized_keys
The new user should now be able to access the machine by logging in as bitnami.
To revert the changes, remove the last line (the most recently added key) from the /home/bitnami/.ssh/authorized_keys file or restore the old authorized_keys file:
$ cp /home/bitnami/.ssh/authorized_keys.bak /home/bitnami/.ssh/authorized_keys