`ssh-adduser` will
1. add the user `me`
- 2. sets a random, 32-character password (as a failsafe)
+ 2. set a random, 32-character password (as a failsafe)
3. copy the `root` user's **`~/.ssh/authorized_keys`** (so the same users can still login)
- 4. gives the `me` user `sudo` (admin) privileges
- 5. allows `me` to `sudo` without a password
+ 4. give the `me` user `sudo` (admin) privileges
+ 5. allow `me` to `sudo` without a password
---
How to create a new user named 'me':
```bash
-# Note: --disable-password means that the user cannot yet login
+# --disable-password prevents a password prompt
+# --gecos "" skips the useless questions
adduser --disabled-password --gecos "" me
```
How to create a and set a random password:
```bash
-# store a random 16-byte password into 'my_password'
+# sets 'my_password' to 32 random hex characters (16 bytes)
my_password=$(openssl rand -hex 16)
-# use 'my_password' to set the user 'me's password
+# uses 'my_password' for to reset and confirm 'me's password
printf "$my_password"'\n'"$my_password" | passwd me
```
adduser --disabled-password --gecos "" me
my_password=$(openssl rand -hex 16)
printf "$my_password"'\n'"$my_password" | passwd me
+
+ # make 'me' a sudo-er (admin)
adduser me sudo
echo "me ALL=(ALL:ALL) NOPASSWD: ALL" | tee /etc/sudoers.d/me
- sudo -i -u me bash -c 'ssh-keygen -b 2048 -t rsa -f /home/me/.ssh/id_rsa -q -N ""'
+
+ # allow users who can already login as 'root' to login as 'me'
mkdir -p /home/me/.ssh/
chmod 0700 /home/me/.ssh/
cp -r "$HOME/.ssh/authorized_keys" /home/me/.ssh/
chmod 0600 /home/me/.ssh/authorized_keys
chown -R me:me /home/me/.ssh/
- # Install webi for the new user
+ # ensure that 'me' has an SSH Keypair
+ sudo -i -u me bash -c 'ssh-keygen -b 2048 -t rsa -f /home/me/.ssh/id_rsa -q -N ""'
+
+ # Install webi for the new 'me' user
sudo -i -u me bash -c 'curl -fsSL https://webinstall.dev/webi | bash' \
|| sudo -i -u me bash -c 'wget -q -O - https://webinstall.dev/webi | bash'
projects / webi-installers / .git / commitdiff