VPN User Management

From sokwedb
Jump to navigation Jump to search

Users who need direct access to the SokweDB database require their own Unix login.

Creating a VPN User

Before You Begin

Before you begin you need some information from the user. You need:

  • The user's name, email, or other identifying information
  • The username to create
  • The user's public key

Instructions the user should follow to get this information to you is found here.

Create a Unix Login Used to Establish a Direct-To-Database VPN

Use these commands to create a Unix login for VPN user.

These commands are a template. Substitutions are made with variables. Begin by assigning these variables the appropriate values at the shell prompt: 

NEWLOGIN="somelogin"     ;# The user's Unix login

# The user's name, email address, and whatever other descriptive information
# might be useful
NAMEANDEMAIL="First Last <myself@example.com>"

# The user's public key.  This is a long string, all on one line.  It will
# contain spaces and should end with the user's name or similar.
PUBLICKEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkhyVx11deEXlvf6OQxepGQAS8qJS1DPc8rX8wJATyy First Last, University State University"

Finish by cutting and pasting the entire block of code below, and then press "Enter" on the keyboard: 

# NOTICE: In Ubuntu > v22 --gecos is likely to change to --comment
# When this happens, update the next command (and remove these comments)
adduser --disabled-password --gecos "$NAMEANDEMAIL" $NEWLOGIN
adduser $NEWLOGIN vpn   ;# Do not omit this step
mkdir /home/$NEWLOGIN/.ssh
echo "$PUBLICKEY" > /home/$NEWLOGIN/.ssh/authorized_keys
chown -R $NEWLOGIN:$NEWLOGIN /home/$NEWLOGIN/.ssh
chmod -R g=,o= /home/$NEWLOGIN/.ssh

When done, check that vpn shows up in the output of: 

groups $NEWLOGIN

Deleting a VPN User

Delete a VPN user with: 

deluser --remove-home SOMEUSER

VPN User Account Suspension

A VPN user account can be suspended, preventing use, and then un-suspended, re-enabling use.

Suspend a VPN User Account

usermod --shell /usr/sbin/nologin SOMEUSER

Un-Suspend a VPN User Account

usermod --shell "" SOMEUSER
Retrieved from "https://sokwe.janegoodall.org/w/index.php?title=VPN_User_Management&oldid=316"