Create SSH access for my developer - HOW?

Support for security such as Firewalls and securing linux
Post Reply
iwas9409
Posts: 4
Joined: 2020/11/20 23:44:04

Create SSH access for my developer - HOW?

Post by iwas9409 » 2020/11/20 23:51:00

I have a new Centos 7 cloud server.

I have hired a developer to setup the server to serve PHP, mySQL web app.

The developer needs SSH-Root access.

I have Root SSH access, BUT I am guessing I should create new SSH user account for the developer.

What are the SSH commands for me to create a new user for my developer?

Thank you in advance...from a guy learning about server access for a developer.

-Tom

User avatar
KernelOops
Posts: 428
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: Create SSH access for my developer - HOW?

Post by KernelOops » 2020/11/21 11:27:02

Root is only one, so you need to share the same account, by using two different ssh keys.

The file /root/.ssh/authorized_keys should already contain your own public key. All you need to do, is add your developers public key and he'll get full root access to the server.

So first step, is to ask him for his public key, second step is to add it to your authorized_keys file.
--
R.I.P. CentOS :cry:
--

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Create SSH access for my developer - HOW?

Post by jlehtone » 2020/11/21 15:32:39

The best practice is to completely disable login as root.

Create normal account for each user. Give those accounts permission to use 'sudo'.

User avatar
KernelOops
Posts: 428
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: Create SSH access for my developer - HOW?

Post by KernelOops » 2020/11/21 17:21:18

sudo is for the weak minded and those who don't really know what they are doing :mrgreen:
--
R.I.P. CentOS :cry:
--

iwas9409
Posts: 4
Joined: 2020/11/20 23:44:04

Re: Create SSH access for my developer - HOW?

Post by iwas9409 » 2020/11/21 21:27:41

@KernelOops do you have a best practice recommendation?

User avatar
KernelOops
Posts: 428
Joined: 2013/12/18 15:04:03
Location: xfs file system

Re: Create SSH access for my developer - HOW?

Post by KernelOops » 2020/11/21 21:43:13

I was just making fun with my last comment.

In a more serious note, the recommendation to use sudo is valid in some cases when you MONITOR ssh access, thus separate accounts get their own login session logged separately, while if you ssh as root, then there is no separation between admin logins. In other words, you know what you are doing and you have a monitor system in place, so use sudo. For everyone else, sudo is just a stupid extra step to becoming root. So my best practice suggestion, is to not use sudo, it will just confuse you by prefixing sudo on your commands.

Another reason why sudo is stupid, is because these days serious management is being done with tools like Ansible, no need to login to 100+ servers to run a command or to change some config file. Ansible offers a reliable, documented, smooth and secure way to manage servers.

It makes me smile when I see people sudo this... sudo that... sudo the next.. wtf people.
--
R.I.P. CentOS :cry:
--

iwas9409
Posts: 4
Joined: 2020/11/20 23:44:04

Re: Create SSH access for my developer - HOW?

Post by iwas9409 » 2020/11/21 21:47:27

Thanks, So do i give my developer the root username/password?

What do you recommend to get developer(s)access to the server?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Create SSH access for my developer - HOW?

Post by TrevorH » 2020/11/21 22:05:17

No, you don't give anyone the root credentials. You set up a user for them, you give them sudo access to run anything that does need root ability as that is logged and you can keep track of what they're doing.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

iwas9409
Posts: 4
Joined: 2020/11/20 23:44:04

Re: Create SSH access for my developer - HOW?

Post by iwas9409 » 2020/11/21 22:16:46

Ok...so to setup a new user I do this...right?

adduser mynewuser
Then setup a password for the new user...passwd mynewuser

I need the developer to setup the sever a a web serve: Apache, PHP, MySQL. and move the laravel files up to the server. They are in GitHub.

How do I give this new user sudo access to run anything that does need root ability?
I have found somewhere that I might have to tweak visudo to include:
## Allow root to run any commands anywhere
mynewuser ALL=(ALL) ALL

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Create SSH access for my developer - HOW?

Post by jlehtone » 2020/11/22 11:38:37

If you really want the developer to be able to run all commands as any user, then it is easier to just add the account to group 'wheel' (and not edit any sudoers config).

The 'useradd' command has option '--groups' to do that.
If you have already created the account, then command 'usermod' is the tool to change group memberships.


However, services like Apache, PHP, MySQL have three parts:
1. The packages that have to be installed. Note that if you grant just the right to run 'yum' as root, you do already make it possible to run all commands as any user via installing a suitable (self-written) package.
2. Configuration of the service. This usually requires admin access.
3. Content. "Moving files to server." This does not require admin access.

Could you collaborate with your developer so that you do the steps 1 and 2 and she focuses on the 3?

Post Reply