Tek Eye Logo

Tek Eye

New User for CentOS VPS Created Using SSH

Create a New User CentOS Account on a VPS

A tutorial to add a user using SSH to access a CentOS VPS (the method applies to other Linux versions). In summary the steps are:

  1. Use useradd to add the new user.
  2. Use passwd to create the user's password.
  3. Use visudo to make the user a sudoer.
  4. Login as the new user to test the sudo ability.

CentOS

What's Required for This Tutorial

The use of a Virtual Private Server (VPS) to run systems in the Cloud is a core aspect of modern computing (see What is a VPS?). Being able to access a VPS via a secure shell (SSH) is an essential skill. This tutorial shows how to add a new user to a VPS via SSH. It assumes that a VPS is installed and running and that a SSH client is available. It is recommended that a test system is used to become familiar with the process. This example uses a virtual machine (VM) running a minimal install of CentOS. The PuTTY program is used to access the CentOS VM.

To replicate this set up on a Windows machine follow these articles:

It is assumed that the live VPS system has a default operating system (OS) install. If a hosting company is providing the VPS they should have helpful documentation providing an overview of what is installed and how to access, configure and stop and start the VPS. Hopefully the default root superuser login has been given a strong password which was provided when the VPS account was obtained.

Security is a Top Priority

Once a VPS is up and running adding a new user account is one of the first tasks to do. For management purposes the default root user is not used for day-to-day (general administration) operations. This reduces the risk of inadvertent changes. A new user can be set up to do common administration tasks. The new user can temporarily elevate their privileges to perform the admin task. Note that not all users are given this ability. Only those who are trusted and need it for their work role.

Choosing Good User Names and Passwords

Do not use simple user names that are easily guessed, such as user, admin, guest, demo, test etc. A combination of letters and numbers is better. For example someone called John Doe could have JDoe478 where the number part is the employee number, or John478DOE. The user name needs to be both easy to remember (for the user) but not immediately obvious (to help security). Notice the use of mix case to aid with the security.

A good password is a long string of random looking numbers, letters and punctuation. Words that can be found in dictionaries and common passwords such as password, 123456, letmein etc. are very poor. One way to generate a good password is to visualise a phrase that is personal and take the letter of each word of the phrase. For example: My mother lives at number 27 she likes squirrels' fluffy tails. This produces Mmlan27slsft, which has mixed case and numbers and is of a reasonable length.

Log in as root to Create the New User CentOS Account

Run a SSH client, here PuTTY is used on a Windows machine. Enter the appropriate IP address and port number for the VPS (on the test configuration it is localhost and 2222, on a live system it will be a valid IP address and likely port 22 for SSH).

If connecting for the first time an alert confirmation message will need to be accepted, select Yes to accept the message. Log in as root. Enter the root password and the prompt will be displayed.

Using PuTTY for SSH New User CentOS

Issue the useradd command with the required user name (the command adduser is a synonym for useradd). Note in this article a hash sigh, #, is used to indicate the end of the prompt line on the terminal. Type everything after the #.

# useradd JDoe478

Create the new users password with the passwd command, typing it twice.

# passwd JDoe478  
Changing password for user JDoe478.  
New password:  
Retype new password:  
passwd: all authentication tokens updated successfully

A warning is displayed if the password is considered weak. Run passwd again if required.

(To list users use cat /etc/passwd which shows the user names and other information, such as user id and group. Use cat /etc/passwd | cut -d ":" -f1 to list just the names. System defined users will be in the list.)

Add the New User CentOS Account to the Root Privileges

For the new user to be able to run admin commands, just like root, the sudoers configuration file must be update with the new user's log in name. This is done with the visudo command.

# visudo

Move the cursor down to MACHINE=COMMANDS section. How the section is commented may vary between operating systems. For the CentOS 6.5 minimal version, used in this example, place the cursor just after:

## Allow root to run any commands anywhere
root    ALL=(ALL)    ALL

Press the a key to enter add (insert) mode. Duplicate the root line for the new user:

JDoe478    ALL=(ALL)    ALL

Thus the MACHINE=COMMANDS section will now have:

## Allow root to run any commands anywhere  
root       ALL=(ALL)    ALL  
JDoe478    ALL=(ALL)    ALL

Press the Escape key then enter the write and quit command with :wq (colon w q). The new user is now able to perform system administration commands.

Run a new PuTTY session to test the new user. The last character of the command line will be a $ to indicate a standard user.

Super User Do – sudo

Once logged in under the new account use the sudo command to run a privilege command. For example the visudo command was used by root to edit the sudoers configuration. Trying to run visudo under the new user will fail with Permission denied.

$ visudo
visudo: /etc/sudoers: Permission denied

As the new user, with root privileges, run visudo with sudo short for super user do:

$ sudo visudo

The password for the new user (not the root user) is requested. This is used to confirm the action to execute a root level command (and also log the action).

$ sudo visudo
[sudo] password for JDoe478

If you see:

visudo: /etc/sudoers: Permission denied

The password may be entered incorrectly. If a message starting with the user name and continuing with "is not allowed to run sudo on srv" is displayed. Check the above steps to ensure the user and sudoers configuration are set correctly. Sometimes the word ALL in the MACHINE=COMMANDS section is spelt incorrectly with lowercase l instead of uppercase L.

Another sudo example is the shutdown command. Run a restart command without sudo:

$ shutdown -r now  
shutdown: Need to be root

And with sudo:

$ sudo shutdown -r now  
[sudo] password for JDoe478:

Broadcast message from JDoe478@test.server
The system is going down for reboot NOW!

Remember that executing a root command using sudo requires the user to re-enter their password, ensuring confirmation of the command (and logging it in the system). To finish SSH sessions use logout or exit.

Summary on Configuring a New User in CentOS Via SSH

  • Use a SSH terminal client program to access the VPS.
  • Login as a user with root privileges.
  • Use useradd (or adduser) to add the new user (e.g. useradd JDoe478).
  • Use passwd to set the users password (e.g. passwd JDoe478).
  • Add the new user to the MACHINE=COMMAND section in the sudoers configuration file (e.g. JDoe478 ALL=(ALL) ALL) with visudo.
  • When logged in under the new user use the sudo command to run root commands (e.g. sudo shutdown -r now).

See Also

Author:  Published:  

ShareSubmit to TwitterSubmit to FacebookSubmit to LinkedInSubmit to redditPrint Page

Do you have a question or comment about this article?

(Alternatively, use the email address at the bottom of the web page.)

 This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

markdown CMS Small Logo Icon ↓markdown↓ CMS is fast and simple. Build websites quickly and publish easily. For beginner to expert.


Articles on:

Android Programming and Android Practice Projects, HTML, VPS, Computing, IT, Computer History, ↓markdown↓ CMS, C# Programming, Using Windows for Programming


Free Android Projects and Samples:

Android Examples, Android List Examples, Android UI Examples



Tek Eye Published Projects