New User for CentOS VPS Created Using SSH
Create a New User CentOS Account on a VPS
A tutorial to add a user using SSH to access a CentOS VPS (the method applies to other Linux versions). In summary the steps are:
- Use useradd to add the new user.
- Use passwd to create the user's password.
- Use visudo to make the user a sudoer.
- Login as the new user to test the sudo ability.
What's Required for This Tutorial
The use of a Virtual Private Server (VPS) to run systems in the Cloud is a core aspect of modern computing (see What is a VPS?). Being able to access a VPS via a secure shell (SSH) is an essential skill. This tutorial shows how to add a new user to a VPS via SSH. It assumes that a VPS is installed and running and that a SSH client is available. It is recommended that a test system is used to become familiar with the process. This example uses a virtual machine (VM) running a minimal install of CentOS. The PuTTY program is used to access the CentOS VM.
To replicate this set up on a Windows machine follow these articles:
- Virtualization Software for Windows, Run Another OS for Free
- Virtual CentOS on Windows Using VirtualBox to Run the VM
- SSH into VPS Virtual Machine on Windows Using PuTTY
It is assumed that the live VPS system has a default operating system (OS) install. If a hosting company is providing the VPS they should have helpful documentation providing an overview of what is installed and how to access, configure and stop and start the VPS. Hopefully the default root superuser login has been given a strong password which was provided when the VPS account was obtained.
Security is a Top Priority
Once a VPS is up and running adding a new user account is one of the first tasks to do. For management purposes the default root user is not used for day-to-day (general administration) operations. This reduces the risk of inadvertent changes. A new user can be set up to do common administration tasks. The new user can temporarily elevate their privileges to perform the admin task. Note that not all users are given this ability. Only those who are trusted and need it for their work role.
Choosing Good User Names and Passwords
Do not use simple user names that are easily guessed, such as user, admin, guest, demo, test etc. A combination of letters and numbers is better. For example someone called John Doe could have JDoe478 where the number part is the employee number, or John478DOE. The user name needs to be both easy to remember (for the user) but not immediately obvious (to help security). Notice the use of mix case to aid with the security.
A good password is a long string of random looking numbers, letters and punctuation. Words that can be found in dictionaries and common passwords such as password, 123456, letmein etc. are very poor. One way to generate a good password is to visualise a phrase that is personal and take the letter of each word of the phrase. For example: My mother lives at number 27 she likes squirrels' fluffy tails. This produces Mmlan27slsft, which has mixed case and numbers and is of a reasonable length.
Log in as root to Create the New User CentOS Account
Run a SSH client, here PuTTY is used on a Windows machine. Enter the appropriate IP address and port number for the VPS (on the test configuration it is localhost and 2222, on a live system it will be a valid IP address and likely port 22 for SSH).
If connecting for the first time an alert confirmation message will need to be accepted, select Yes to accept the message. Log in as root. Enter the root password and the prompt will be displayed.
Issue the useradd command with the required user name (the command adduser is a synonym for useradd). Note in this article a hash sigh, #, is used to indicate the end of the prompt line on the terminal. Type everything after the #.
# useradd JDoe478
Create the new users password with the passwd command, typing it twice.
# passwd JDoe478
Changing password for user JDoe478.
New password:
Retype new password:
passwd: all authentication tokens updated successfully
A warning is displayed if the password is considered weak. Run passwd again if required.
(To list users use cat /etc/passwd
which shows the user names and other information, such as user id and group. Use cat /etc/passwd | cut -d ":" -f1
to list just the names. System defined users will be in the list.)
Add the New User CentOS Account to the Root Privileges
For the new user to be able to run admin commands, just like root, the sudoers configuration file must be update with the new user's log in name. This is done with the visudo command.
# visudo
Move the cursor down to MACHINE=COMMANDS section. How the section is commented may vary between operating systems. For the CentOS 6.5 minimal version, used in this example, place the cursor just after:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
Press the a key to enter add (insert) mode. Duplicate the root line for the new user:
JDoe478 ALL=(ALL) ALL
Thus the MACHINE=COMMANDS section will now have:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
JDoe478 ALL=(ALL) ALL
Press the Escape key then enter the write and quit command with :wq (colon w q). The new user is now able to perform system administration commands.
Run a new PuTTY session to test the new user. The last character of the command line will be a $ to indicate a standard user.
Super User Do – sudo
Once logged in under the new account use the sudo command to run a privilege command. For example the visudo command was used by root to edit the sudoers configuration. Trying to run visudo under the new user will fail with Permission denied.
$ visudo
visudo: /etc/sudoers: Permission denied
As the new user, with root privileges, run visudo with sudo short for super user do:
$ sudo visudo
The password for the new user (not the root user) is requested. This is used to confirm the action to execute a root level command (and also log the action).
$ sudo visudo
[sudo] password for JDoe478
If you see:
visudo: /etc/sudoers: Permission denied
The password may be entered incorrectly. If a message starting with the user name and continuing with "is not allowed to run sudo on srv" is displayed. Check the above steps to ensure the user and sudoers configuration are set correctly. Sometimes the word ALL in the MACHINE=COMMANDS section is spelt incorrectly with lowercase l instead of uppercase L.
Another sudo example is the shutdown command. Run a restart command without sudo:
$ shutdown -r now
shutdown: Need to be root
And with sudo:
$ sudo shutdown -r now
[sudo] password for JDoe478:
Broadcast message from JDoe478@test.server
The system is going down for reboot NOW!
Remember that executing a root command using sudo requires the user to re-enter their password, ensuring confirmation of the command (and logging it in the system). To finish SSH sessions use logout or exit.
Summary on Configuring a New User in CentOS Via SSH
- Use a SSH terminal client program to access the VPS.
- Login as a user with root privileges.
- Use useradd (or adduser) to add the new user (e.g.
useradd JDoe478
). - Use passwd to set the users password (e.g.
passwd JDoe478
). - Add the new user to the MACHINE=COMMAND section in the sudoers configuration file (e.g.
JDoe478 ALL=(ALL) ALL
) with visudo. - When logged in under the new user use the sudo command to run root commands (e.g.
sudo shutdown -r now
).
See Also
- CentOS Version Command and Update CentOS to New Version
- For a full list of the articles on Tek Eye see the website's index.
Author:Daniel S. Fowler Published: