728x90
root 사용자를 먼저 변경해야 한다.
root@mylearn-239626:~# passwd
New password:
Retype new password:
passwd: password updated successfully
root@mylearn-239626:~#
새로운 사용자 추가하기
Creating home directory `/home/stzuser' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for stzuser
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
root@mylearn-239626:~#
사용자 제거하기 (홈디렉토리 포함)
root@mylearn-239626:~# ls /home
stzuser ubuntu
root@mylearn-239626:~#
root@mylearn-239626:~# deluser ubuntu --remove-home
Looking for files to backup/remove ...
Removing files ...
Removing user `ubuntu' ...
Warning: group `ubuntu' has no more members.
Done.
root@mylearn-239626:~# ls /home
stzuser
root@mylearn-239626:~#
추가한 사용자 비밀번호 변경
root@mylearn-239626:~# passwd stzuser
New password:
Retype new password:
passwd: password updated successfully
root@mylearn-239626:~#
기본 편집도구 변경
root@mylearn-239626:~# update-alternatives --config editor
There are 4 choices for the alternative editor (providing /usr/bin/editor).
Selection Path Priority Status
------------------------------------------------------------
* 0 /bin/nano 40 auto mode
1 /bin/ed -100 manual mode
2 /bin/nano 40 manual mode
3 /usr/bin/vim.basic 30 manual mode
4 /usr/bin/vim.tiny 15 manual mode
Press <enter> to keep the current choice[*], or type selection number:
root@mylearn-239626:~#
Non-Root User에게 Root 권한의 명령어를 실행할 수 있도록 하기
root@mylearn-239626:~# visudo
# User privilege specification
root ALL=(ALL:ALL) ALL
stzuser ALL=(ALL:ALL) ALL
첫번째 ALL : 모든 호스트
두번째 ALL : 모든 User로 명령어 실행이 가능
세번째 ALL : can run commands as all groups
네번째 ALL : 모든 명령어를 실행할 수 있다.
root 사용자가 서버에 로그인하는 것을 금지하자.
root@mylearn-239626:~# cd /etc/ssh
root@mylearn-239626:/etc/ssh# ls
moduli ssh_host_dsa_key.pub ssh_host_ed25519_key.pub sshd_config
ssh_config ssh_host_ecdsa_key ssh_host_rsa_key sshd_config.d
ssh_config.d ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub
ssh_host_dsa_key ssh_host_ed25519_key ssh_import_id
root@mylearn-239626:/etc/ssh# cp sshd_config sshd_config.bak
root@mylearn-239626:/etc/ssh# nano sshd_config
수정사항
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
root@mylearn-239626:/etc/ssh# systemctl restart sshd
root@mylearn-239626:/etc/ssh# systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-02-28 16:32:36 KST; 5s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 1606 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 1608 (sshd)
Tasks: 1 (limit: 1101)
Memory: 1.7M
CPU: 119ms
CGroup: /system.slice/ssh.service
└─1608 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"
Feb 28 16:32:36 mylearn-239626 systemd[1]: Starting OpenBSD Secure Shell server...
Feb 28 16:32:36 mylearn-239626 sshd[1608]: Server listening on 0.0.0.0 port 22.
Feb 28 16:32:36 mylearn-239626 sshd[1608]: Server listening on :: port 22.
Feb 28 16:32:36 mylearn-239626 systemd[1]: Started OpenBSD Secure Shell server.
root@mylearn-239626:/etc/ssh#
일반 사용자로 로그인 후에 Root 사용자로 변경하기
stzuser@mylearn-239626:~$ su - # su : switch user
Password: # root의 패스워드를 입력
root@mylearn-239626:~#
stzuser@mylearn-239626:~$ whoami
stzuser
stzuser@mylearn-239626:~$ su -
Password: # root 패스워드 입력
root@mylearn-239626:~# whoami
root
root@mylearn-239626:~#
728x90
'WordPress > Linux' 카테고리의 다른 글
Server 최적화하기(Shared Memory, Network Layer) (0) | 2024.03.04 |
---|---|
Server 최적화하기(timezone, SWAP) (0) | 2024.03.01 |
(처음서버설정) SUDO, SSH key 인증, Server Updates (0) | 2024.02.28 |
Server Firewall (0) | 2024.02.21 |