カテゴリー
【VPS・Linuxサーバー入門】ConoHa VPSでDebianインスタンスの初期設定〜ユーザーの追加してみる
※ 当ページには【広告/PR】を含む場合があります。
2022/11/21
2022/12/12
新しいユーザーを追加する
root
.ssh/config
#👇root用のSSH設定
Host conoha-root
HostName <インスタンスに割り当てられたIPアドレス>
User root
Port 22
IdentityFile "~/.ssh/<SSH秘密鍵>.pem"
$ ssh conoha-root
Linux xxx-xxx-xxx-xxx 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Nov 20 09:52:25 2022 from xxx-xxx-xxx-xxx
root@xxx-xxx-xxx-xxx:~#
Debianインスタンスの動作環境確認
~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
新規ユーザーを追加
hoge
#👇ユーザーの新規登録
~# useradd hoge
#👇sudoグループに追加したユーザーを参加させる
~# gpasswd -a hoge sudo
Adding user hoge to group sudo
#👇ユーザーにsudoするときのパスワードを設定
~# passwd hoge
New password:
Retype new password:
passwd: password updated successfully
~# cat /etc/group
#...中略
sudo:x:27:hoge
#...中略
hoge:x:1000:
sudo
~# su - hoge
su: warning: cannot change directory to /home/hoge: No such file or directory
$ sudo ls
sudo: unable to resolve host xxx-xxx-xxx-xxx: Name or service not known
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for hoge:
sudo
/home/<ユーザー名>
$ echo $HOME
/home/hoge
Cntl+D
~# mkdir /home/hoge
~# su - hoge
$
「unable to resolve host ***」の警告を消す
sudo
$ sudo ls
sudo: unable to resolve host xxx-xxx-xxx-xxx: Name or service not known
sudo
/etc/hosts
/etc/hosts
$ cat /etc/hosts
127.0.0.1 localhost
127.0.1.1 localhost
#The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
127.0.1.1
/etc/hosts
$ sudo sh -c 'echo 127.0.1.1 $(hostname) >> /etc/hosts'
sudo: unable to resolve host xxx-xxx-xxx-xxx: Name or service not known
#👇以降のsudoでは警告が出ない
$ sudo ls
/etc/hosts
$ cat /etc/hosts
#...
#👇ここが追加されている
127.0.1.1 xxx-xxx-xxx-xxx
rootのSSH公開鍵をユーザーにも複製・付与する
.ssh
authorized_keys
~# mkdir /home/hoge/.ssh
~# cp .ssh/authorized_keys /home/hoge/.ssh/
~# ls -la /home/hoge/.ssh/
drwxr-xr-x 2 root root 4096 Nov 21 00:50 .
drwxr-xr-x 3 root root 4096 Nov 21 00:49 ..
-rw------- 1 root root 399 Nov 21 00:50 authorized_keys
/home/hoge
~# chown -hR hoge:hoge /home/hoge
~# ls -la /home/hoge/.ssh/
total 12
drwxr-xr-x 2 hoge hoge 4096 Nov 21 00:50 .
drwxr-xr-x 3 hoge hoge 4096 Nov 21 00:49 ..
-rw------- 1 hoge hoge 399 Nov 21 00:50 authorized_keys
.ssh/config
#👇ユーザー用のSSH設定
Host conoha-vps
HostName <インスタンスに割り当てられたIPアドレス>
User hoge
Port 22
IdentityFile "~/.ssh/<SSH秘密鍵>.pem"
$ ssh conoha-vps
Linux xxx-xxx-xxx-xxx 5.10.0-19-amd64 #1 SMP Debian 5.10.149-2 (2022-10-21) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Nov 21 00:32:34 2022
$ whoami
hoge
SSHのポート番号の変更
/etc/ssh/sshd_config
Port
$ sudo nano /etc/ssh/sshd_config
#...
#Port 22
Port 55555
#...
$ sudo /etc/init.d/ssh restart
Restarting ssh (via systemctl): ssh.service.
$ ssh conoha-vps
ssh: connect to host xxx.xxx.xxx.xxx port 22: Connection refused
.ssh/config
#👇ユーザー用のSSH設定
Host conoha-vps
HostName <インスタンスに割り当てられたIPアドレス>
User hoge
Port 55555
IdentityFile "~/.ssh/<SSH秘密鍵>.pem"
$ ssh conoha-vps
Linux xxx-xxxx-xxx-xxx 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Nov 28 11:13:03 2022 from xxx.xxx.xxx.xxx
~$
.profileを設定してターミナルが正常に動作するようにする
#👇矢印キーを入力したつもりが...
$ ^[[A^[[D^[[A^[[C
.profile
$ nano .profile
.profile
#~/.profile: executed by Bourne-compatible login shells.
if [ "$BASH" ]; then
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi
fi
mesg n 2> /dev/null || true
$ cat /etc/shells
#/etc/shells: valid login shells
/bin/sh
/bin/bash
/usr/bin/bash
/bin/rbash
/usr/bin/rbash
/bin/dash
/usr/bin/dash
chsh
/usr/bin/bash
$ chsh
Password:
Changing the login shell for hoge
Enter the new value, or press ENTER for the default
Login Shell [/bin/sh]: /usr/bin/bash
$ ssh conoha-vps
Linux xxx-xxx-xxx-xxx 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Nov 21 11:11:01 2022 from xxx.xxx.xxx.xxx
hoge@xxx-xxx-xxx-xxx:~$
$ echo $SHELL
/usr/bin/bash
$ bash --version
GNU bash, version 5.1.4(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
rootでのログインを無効化する
/etc/ssh/sshd_config
$ cat /etc/ssh/sshd_config
#...中略
#Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#...以下略
PermitRootLogin yes
$ sudo nano /etc/ssh/sshd_config
#...中略
#👇値をnoに変更
PermitRootLogin no
$ sudo systemctl restart ssh
% ssh conoha-root
root@xxx-xxx-xxx-xxx: Permission denied (publickey).
しばらく放置するとSSH接続が途切れるときの対処法
/etc/ssh/sshd_config
...
#👇コメントアウトし、クライアントの生存確認インターバルを120秒=2分間隔に設定
ClientAliveInterval 120
#👇コメントアウトし、クライアントの生存確認のリトライ数を3回に設定
ClientAliveCountMax 3
...
ClientAliveInterval
ClientAliveCountMax
/etc/ssh/sshd_config
$ sudo systemctl restart sshd
.ssh/config
#👇ユーザー用のSSH設定
Host conoha-vps
HostName <インスタンスに割り当てられたIPアドレス>
User hoge
Port 55555
IdentityFile "~/.ssh/<SSH秘密鍵>.pem"
#👇👇追加
ServerAliveInterval 120
ServerAliveCountMax 3
ServerAliveInterval
ServerAliveCountMax
まとめ
記事を書いた人
ナンデモ系エンジニア
主にAngularでフロントエンド開発することが多いです。 開発環境はLinuxメインで進めているので、シェルコマンドも多用しております。 コツコツとプログラミングするのが好きな人間です。
カテゴリー