Configure User
This page is partially adopted from https://wiki.archlinux.org/title/General_recommendations
Add non-root user
We will be adding a non-root user. The example uses piston as the name.
Run
useradd -m -G wheel -s /bin/bash pistonuseradd -m -G wheel -s /bin/bash pistonTIP
-m will create /home/piston. -G will add the user to the wheel group, which is used for sudo access.
TIP
If you want to use a different shell, change the -s flag. The shell needs to be listed in /etc/shells. See https://wiki.archlinux.org/title/Users_and_groups#Example_adding_a_user for more defailts.
Then set the password for the new user with
passwd pistonpasswd pistonAdding the wheel group to sudoer
Run
EDITOR=nvim visudoEDITOR=nvim visudoSearch for wheel and uncomment this line
%wheel ALL=(ALL) ALL%wheel ALL=(ALL) ALLEnabling SSH
Run
systemctl enable sshd
systemctl start sshdsystemctl enable sshd
systemctl start sshdSSH into the VM with your new user, replace <IP> with the IP address of the VM
ssh piston@<IP>ssh piston@<IP>WARNING
Your IP address might have changed. Run ip address to get it again
TIP
If you can't login, make sure you have a shell set for the user that is listed in /etc/shells. For example /usr/bin/bash will not work out of the box and you need to use /bin/bash instead
(Optional) SSH Keys
It's more secure to use SSH key for login and disable password login for servers. However, since the VM is on your local computer, it's not really necessary.
If you still like to use SSH keys (for example, in case you type the password on stream accidentally), you can do that.
In Windows Powershell, run
ssh-keygen -t ed25519ssh-keygen -t ed25519TIP
Windows use 2048 bit RSA keys by default. We use ed25519 here because it's better
You can change the key location or use the default. Optionally you can setup a passphrase for the key.
WARNING
You might want to change the location if you also have an SSH key for things like GitHub
Then run this in Powershell to copy the public key to the VM
type <path\to\key.pub> | ssh piston@<IP> "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"type <path\to\key.pub> | ssh piston@<IP> "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"TIP
Credit to https://chrisjhart.com/Windows-10-ssh-copy-id/ for the powershell command. If you have WSL, you can simply use
ssh-copy-id -i <path/to/key.pub> piston@<IP>ssh-copy-id -i <path/to/key.pub> piston@<IP>Now you can ssh into the VM with the key
ssh -i <path/to/key> piston@<IP>ssh -i <path/to/key> piston@<IP>TIP
Save this as an powershell alias for easier access
Disable password login
With SSH key setup you can disable password login to be extra secure.
- Login via SSH with your key
- Edit
/etc/ssh/sshd_configsudo nvim /etc/ssh/sshd_configsudo nvim /etc/ssh/sshd_config - Search for
PasswordAuthentication. Uncomment the line and change it tonoPasswordAuthentication noPasswordAuthentication no - Save and exit
nvim - Restart the SSH service
sudo systemctl restart sshdsudo systemctl restart sshd - Logout with
logoutor Ctrl-D, and try to login with password. It should fail.ssh piston@<IP>ssh piston@<IP>