UPDC Client Wiki - User contributions [en]

Main Page

2025-11-03T11:29:12Z

Updc admin:

#REDIRECT [[UPDC Home]]

Policies and Agreements

2025-09-25T09:45:27Z

Updc admin:

<html>
<style>
.updc-policies-page {
max-width: 1000px;
margin: 0 auto;
padding: 20px;
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
line-height: 1.6;
}

.updc-policies-page h2 {
color: #014421;
margin-top: 30px;
margin-bottom: 15px;
}

.updc-policies-page ul {
margin: 15px 0;
padding-left: 30px;
}

.updc-policies-page li {
margin: 8px 0;
}

.updc-policies-page a {
color: #007cba;
text-decoration: none;
font-weight: 500;
}

.updc-policies-page a:hover {
text-decoration: underline;
}

.updc-policies-page .section-box {
background: #f8f9fa;
border-left: 4px solid #014421;
padding: 20px;
margin: 20px 0;
border-radius: 0 8px 8px 0;
}

.updc-policies-page .intro {
background: #e8f4f8;
padding: 20px;
border-radius: 8px;
margin: 20px 0;
font-size: 1.1em;
}
</style>

<div class="updc-policies-page">
<div class="intro">
<p>This section lists the different policies and guidelines implemented by the UPDC team concerning data management, security, and operational procedures.</p>
</div>

<h2>Acceptable Use Policies</h2>
<ul>
<li><a href="/wiki/index.php/Acceptable_Use_Policy">Acceptable Use Policy (AUP)</a></li>
<li><a href="/wiki/index.php/User_Conduct_Guidelines">User Conduct Guidelines</a></li>
<li><a href="/wiki/index.php/Resource_Usage_Policies">Resource Usage Policies</a></li>
<li><a href="/wiki/index.php/Prohibited_Activities">Prohibited Activities</a></li>
</ul>

<h2>Data Policies</h2>
<ul>
<li><a href="/wiki/index.php/Data_Policy">Data Policy</a></li>
<li><a href="/wiki/index.php/Data_Classification_Guidelines">UPDC Data Classification Guidelines</a></li>
<li><a href="/wiki/index.php/Data_Retention_Policy">Data Retention Policy</a></li>
<li><a href="/wiki/index.php/Data_Sharing_Policy">Data Sharing Policy</a></li>
<li><a href="/wiki/index.php/Data_Backup_Policy">Data Backup Policy</a></li>
</ul>

<h2>Privacy and Security</h2>
<ul>
<li><a href="/wiki/index.php/Privacy_Policy">Privacy Policy</a></li>
<li><a href="/wiki/index.php/Privacy_Notice">Privacy Notice</a></li>
<li><a href="/wiki/index.php/Security_Policy">Security Policy</a></li>
<li><a href="/wiki/index.php/Access_Control_Policy">Access Control Policy</a></li>
<li><a href="/wiki/index.php/Incident_Response_Policy">Incident Response Policy</a></li>
</ul>

<h2>Service Agreements</h2>
<ul>
<li><a href="/wiki/index.php/Service_Level_Agreement">Service Level Agreement (SLA)</a></li>
<li><a href="/wiki/index.php/UPDC_End_User_License_Agreement">UPDC End User License Agreement</a></li>
<li><a href="/wiki/index.php/Terms_of_Service">Terms of Service</a></li>
<li><a href="/wiki/index.php/Service_Availability_Policy">Service Availability Policy</a></li>
</ul>

<h2>Account Management</h2>
<ul>
<li><a href="/wiki/index.php/Account_Purging_Guidelines">UPDC Account Purging Guidelines</a></li>
<li><a href="/wiki/index.php/Account_Suspension_Policy">Account Suspension Policy</a></li>
<li><a href="/wiki/index.php/Password_Policy">Password Policy</a></li>
<li><a href="/wiki/index.php/Account_Recovery_Policy">Account Recovery Policy</a></li>
</ul>

<h2>Research and Academic Use</h2>
<ul>
<li><a href="/wiki/index.php/Research_Data_Policy">Research Data Policy</a></li>
<li><a href="/wiki/index.php/Academic_Use_Guidelines">Academic Use Guidelines</a></li>
<li><a href="/wiki/index.php/Publication_Policy">Publication Policy</a></li>
<li><a href="/wiki/index.php/Collaboration_Policy">Collaboration Policy</a></li>
</ul>

<h2>Compliance and Governance</h2>
<ul>
<li><a href="/wiki/index.php/Compliance_Framework">Compliance Framework</a></li>
<li><a href="/wiki/index.php/Audit_Policy">Audit Policy</a></li>
<li><a href="/wiki/index.php/Governance_Structure">Governance Structure</a></li>
<li><a href="/wiki/index.php/Policy_Review_Process">Policy Review Process</a></li>
</ul>

<div class="section-box">
<h3>Policy Updates</h3>
<p>Policies are reviewed and updated regularly. Users are responsible for staying informed about current policies and guidelines. Major policy changes will be communicated through official UPDC channels.</p>
</div>

<div class="section-box">
<h3>Questions About Policies</h3>
<p><strong>UPDC Team</strong><br>
Email: datacommons@up.edu.ph<br>
</div>

<hr>
<p><em>For the most up-to-date information, please refer to our <a href="/wiki/index.php/Main_Page">main documentation</a> or contact our policy team.</em></p>
</div>
</html>

About UPDC

2025-09-25T09:40:36Z

Updc admin:

<html>
<style>
.updc-about-page {
max-width: 1000px;
margin: 0 auto;
padding: 20px;
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
line-height: 1.6;
}

.updc-about-page h2 {
color: #014421;
margin-top: 30px;
margin-bottom: 15px;
}

.updc-about-page ul {
margin: 15px 0;
padding-left: 30px;
}

.updc-about-page li {
margin: 8px 0;
}

.updc-about-page a {
color: #007cba;
text-decoration: none;
font-weight: 500;
}

.updc-about-page a:hover {
text-decoration: underline;
}

.updc-about-page .section-box {
background: #f8f9fa;
border-left: 4px solid #014421;
padding: 20px;
margin: 20px 0;
border-radius: 0 8px 8px 0;
}

.updc-about-page .intro {
background: #e8f4f8;
padding: 20px;
border-radius: 8px;
margin: 20px 0;
font-size: 1.1em;
}
</style>

<div class="updc-about-page">
<div class="intro">
<p>This section contains Wiki pages that describe what the UPDC Data Commons is, the services that we offer, and the team that maintains our operations.</p>
</div>

<h2>Overview</h2>
<ul>
<li><a href="/wiki/index.php/UPDC_Overview">UPDC Overview</a></li>
<li><a href="/wiki/index.php/What_is_UPDC">What is UPDC</a></li>
<li><a href="/wiki/index.php/UPDC_Mission_and_Vision">Mission and Vision</a></li>
<li><a href="/wiki/index.php/UPDC_History">History</a></li>
</ul>

<h2>What We Offer</h2>
<ul>
<li><a href="/wiki/index.php/Data_Management_Services">Data Management Services</a></li>
<li><a href="/wiki/index.php/Cloud_Computing_Services">Cloud Computing Services</a></li>
<li><a href="/wiki/index.php/Data_Archiving_Services">Data Archiving Services</a></li>
<li><a href="/wiki/index.php/Research_Support_Services">Research Support Services</a></li>
<li><a href="/wiki/index.php/Technical_Consultation">Technical Consultation</a></li>
</ul>

<h2>Service Catalogue</h2>
<ul>
<li><a href="/wiki/index.php/Service_Catalogue">Complete Service Catalogue</a></li>
<li><a href="/wiki/index.php/Service_Level_Agreements">Service Level Agreements</a></li>
<li><a href="/wiki/index.php/Pricing_and_Allocation">Pricing and Resource Allocation</a></li>
<li><a href="/wiki/index.php/Service_Availability">Service Availability</a></li>
</ul>

<h2>Who We Are</h2>
<ul>
<li><a href="/wiki/index.php/UPDC_Team">UPDC Team</a></li>
<li><a href="/wiki/index.php/Leadership">Leadership</a></li>
<li><a href="/wiki/index.php/Technical_Staff">Technical Team</a></li>
</ul>

<div class="section-box">
<h3>Quick Contact</h3>
<p><strong>UPDC Technical Team</strong><br>
Email: datacommons@up.edu.ph<br>
</div>

<hr>
<p><em>For the most up-to-date information, please refer to our <a href="/wiki/index.php/Main_Page">main documentation</a> or contact our team.</em></p>
</div>
</html>

MediaWiki:Tagline

2025-09-25T09:17:48Z

Updc admin: Add last edited and author to taglines

Last edited by {{REVISIONUSER}} on {{REVISIONDAY2}} {{REVISIONMONTH}} {{REVISIONYEAR}}

MediaWiki:Tagline

2025-09-25T09:16:59Z

Updc admin: Add last edited and author to taglines

Last edited by {{REVISIONUSER}} on {{REVISIONDAY2}} {{REVISIONMONTH}} {{REVISIONYEAR}}, {{REVISIONTIMESTAMP}}

MediaWiki:Tagline

2025-09-25T08:59:02Z

Updc admin: Add last edited and author to taglines

Last edited on {{REVISIONDAY}} {{REVISIONMONTHNAME}} {{REVISIONYEAR}} by {{REVISIONUSER}}

Using UPDC Services

2025-09-25T08:02:09Z

Updc admin:

<html>
<style>
.updc-services-page {
max-width: 1000px;
margin: 0 auto;
padding: 20px;
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
line-height: 1.6;
}

.updc-services-page h2 {
color: #014421;
margin-top: 30px;
margin-bottom: 15px;
}

.updc-services-page ul {
margin: 15px 0;
padding-left: 30px;
}

.updc-services-page li {
margin: 8px 0;
}

.updc-services-page a {
color: #007cba;
text-decoration: none;
font-weight: 500;
}

.updc-services-page a:hover {
text-decoration: underline;
}

.updc-services-page .section-box {
background: #f8f9fa;
border-left: 4px solid #014421;
padding: 20px;
margin: 20px 0;
border-radius: 0 8px 8px 0;
}

.updc-services-page .intro {
background: #e8f4f8;
padding: 20px;
border-radius: 8px;
margin: 20px 0;
font-size: 1.1em;
}
</style>

<div class="updc-services-page">
<div class="intro">
<p>This section details how users can access UPDC services, utilize our data management tools, and communicate service requests to our team via the support portal.</p>
</div>

<h2>Applying for UPDC Access</h2>
<ul>
<li><a href="/wiki/index.php/Applying_for_UPDC_Access">Applying for UPDC Access</a></li>
<li><a href="/wiki/index.php/Account_Application">Account Application</a></li>
<li><a href="/wiki/index.php/Account_Renewal">Account Renewal</a></li>
</ul>

<h2>Data Management Services</h2>
<ul>
<li><a href="/wiki/index.php/Data_Storage">Data Storage</a></li>
<li><a href="/wiki/index.php/Data_Processing">Data Processing</a></li>
<li><a href="/wiki/index.php/Data_Sharing">Data Sharing</a></li>
<li><a href="/wiki/index.php/Data_Archiving">Data Archiving</a></li>
</ul>

<h2>Cloud Computing Services</h2>
<ul>
<li><a href="/wiki/index.php/Virtual_Machines">Virtual Machines</a></li>
<li><a href="/wiki/index.php/Container_Services">Container Services</a></li>
<li><a href="/wiki/index.php/GPU_Computing">GPU Computing</a></li>
<li><a href="/wiki/index.php/Batch_Processing">Batch Processing</a></li>
</ul>

<h2>UPDC User Portal</h2>
<ul>
<li><a href="/wiki/index.php/Accessing_the_Portal">Accessing the Portal</a></li>
<li><a href="/wiki/index.php/Ticket_Creation_and_Management">Ticket Creation and Management</a></li>
<li><a href="/wiki/index.php/Relevant_Concepts_and_Terms">Relevant Concepts and Terms</a></li>
</ul>

<h2>Getting Help</h2>
<ul>
<li><a href="/wiki/index.php/Contact_Us">Contact Us</a></li>
<li><a href="/wiki/index.php/FAQ">FAQ</a></li>
<li><a href="/wiki/index.php/Support_Response_Times">Support Response Times</a></li>
</ul>

<div class="section-box">
<h3>Quick Contact</h3>
<p><strong>UPDC Technical Team</strong><br>
Email: datacommons@up.edu.ph<br>
</div>

<hr>
<p><em>For the most up-to-date information, please refer to our <a href="/wiki/index.php/Main_Page">main documentation</a> or contact our support team.</em></p>
</div>
</html>

Security Hardening

2025-09-12T10:19:22Z

Updc admin: Created page with "{{DISPLAYTITLE:VM Security Features}} == Quick Reference == Overview of security features implemented on UPDC VMs through the automated security hardening script. == Security Features Overview == * '''Root Access Disabled''' - Root login and shell disabled * '''SSH Key Authentication''' - Password authentication disabled, key-only access * '''Password Policy''' - 12+ chars, complexity, 90-day expiry, history tracking * '''Firewall Protection''' - UFW configured with..."

{{DISPLAYTITLE:VM Security Features}}

== Quick Reference ==

Overview of security features implemented on UPDC VMs through the automated security hardening script.

== Security Features Overview ==

* '''Root Access Disabled''' - Root login and shell disabled
* '''SSH Key Authentication''' - Password authentication disabled, key-only access
* '''Password Policy''' - 12+ chars, complexity, 90-day expiry, history tracking
* '''Firewall Protection''' - UFW configured with SSH-only access
* '''Intrusion Prevention''' - Fail2Ban with 5-attempt lockout
* '''Security Monitoring''' - Wazuh agent for centralized monitoring
* '''Audit Logging''' - Comprehensive auditd rules for system events
* '''Log Retention''' - Extended retention with compression
* '''Service Hardening''' - Unused services disabled

== Detailed Security Features ==

=== Access Control ===
* '''Root Account''': Disabled login and shell access
* '''SSH Configuration''': Key-only authentication, no passwords
* '''User Management''': Sudo user creation with proper permissions
* '''Session Limits''': Limited SSH sessions and auth attempts

=== Network Security ===
* '''UFW Firewall''': Default deny incoming, allow SSH only
* '''SSH Restrictions''': Standard port, rate limiting enabled
* '''Connection Monitoring''': Fail2Ban with configurable ban duration

=== Password Security ===
* '''Complexity''': Uppercase, lowercase, digits, special characters
* '''Length''': Minimum 12 characters
* '''History''': Prevents password reuse
* '''Expiration''': Password expiry and warning periods
* '''Lockout''': Failed attempts and lockout duration

=== Monitoring & Logging ===
* '''Wazuh Agent''': Centralized security monitoring
* '''Audit Logging''': File access, user management, system changes
* '''Log Retention''': Extended retention with compression
* '''Security Events''': Authentication, privilege escalation, file modifications

=== System Hardening ===
* '''Service Disabling''': Unused services (bluetooth, cups, etc.) disabled
* '''File Permissions''': Secure SSH directory and key permissions
* '''Process Monitoring''': System call auditing for security events

== Security Tools ==

=== Fail2Ban ===
* '''Purpose''': Intrusion prevention system
* '''Monitoring''': SSH, authentication failures
* '''Integration''': Works with UFW firewall

=== Wazuh Agent ===
* '''Purpose''': Security information and event management (SIEM)
* '''Features''': Real-time monitoring, threat detection, compliance
* '''Logs''': System events, security alerts, file integrity
* '''Manager''': Centralized dashboard for all VMs

=== Auditd ===
* '''Purpose''': System audit logging
* '''Monitors''': File access, user management, privilege escalation
* '''Retention''': Extended log retention

== Quick Commands ==

=== Check Security Status ===
<source lang="bash">
# Check Fail2Ban status
sudo fail2ban-client status sshd

# Check Wazuh agent
sudo systemctl status wazuh-agent

# Check audit logs
sudo ausearch -k authentication

# Check firewall status
sudo ufw status verbose
</source>

== Security Verification ==

After VM setup, verify these security features:

* [ ] Root login disabled (`sudo passwd -S root`)
* [ ] SSH key authentication working
* [ ] Password policy enforced
* [ ] UFW firewall active
* [ ] Fail2Ban monitoring SSH
* [ ] Wazuh agent connected
* [ ] Audit logging active
* [ ] Unused services disabled

[[Category:Security]]
[[Category:VM Operations]]

Password Policies

2025-09-12T09:47:31Z

Updc admin: Created page with "{{DISPLAYTITLE:Password Policy}} == Quick Reference == Password requirements and management policies for VM users and systems. == Password Requirements == === Minimum Standards === * '''Length''': Minimum 12 characters * '''Complexity''': Must include uppercase, lowercase, numbers, and special characters * '''History''': Cannot reuse last 5 passwords * '''Expiration''': 90 days maximum * '''Account Lockout''': 5 failed attempts, 30-minute lockout === Complexity Rule..."

{{DISPLAYTITLE:Password Policy}}

== Quick Reference ==

Password requirements and management policies for VM users and systems.

== Password Requirements ==

=== Minimum Standards ===
* '''Length''': Minimum 12 characters
* '''Complexity''': Must include uppercase, lowercase, numbers, and special characters
* '''History''': Cannot reuse last 5 passwords
* '''Expiration''': 90 days maximum
* '''Account Lockout''': 5 failed attempts, 30-minute lockout

=== Complexity Rules ===
* At least 1 uppercase letter (A-Z)
* At least 1 lowercase letter (a-z)
* At least 1 number (0-9)
* At least 1 special character (!@#$%^&)
* No dictionary words or common patterns
* No personal information (name, username, dates)

=== Check Password Quality ===
* '''Online Tool''': [//PasswordMonster.com PasswordMonster] (https://www.passwordmonster.com/) - Safe, local password strength testing

[[Category:Security]]
[[Category:Password Management]]

Adding a User to Your VM

2025-09-12T09:01:33Z

Updc admin: /* See Also */

{{DISPLAYTITLE:VM User Management and SSH Key Setup}}

== Quick Reference ==

Guide for adding users to VMs and configuring SSH key authentication.

== Add User to VM ==

<source lang="bash">
# Create user with home directory
sudo useradd -m -s /bin/bash username

# Set password
sudo passwd username

# Add to sudo group (if needed)
sudo usermod -aG sudo username
</source>

== Setup SSH Key ==

<source lang="bash">
# Create SSH directory
sudo mkdir -p /home/username/.ssh
sudo chmod 700 /home/username/.ssh
sudo chown username:username /home/username/.ssh

# Add public key
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC... user@hostname" | sudo tee /home/username/.ssh/authorized_keys
sudo chmod 600 /home/username/.ssh/authorized_keys
sudo chown username:username /home/username/.ssh/authorized_keys
</source>

== Complete Setup Script ==

For convenience, here's a complete script that automates the user creation and SSH key setup:

<source lang="bash">
#!/bin/bash

# VM User Management Script
# Usage: ./add_user.sh username "Full Name" "ssh-public-key"

if [ $# -ne 3 ]; then
echo "Usage: $0 username 'Full Name' 'ssh-public-key'"
exit 1
fi

USERNAME=$1
FULL_NAME=$2
SSH_PUBLIC_KEY=$3

echo "Creating user: $USERNAME"

# Create user account
sudo useradd -m -s /bin/bash -c "$FULL_NAME" $USERNAME

# Create SSH directory
sudo mkdir -p /home/$USERNAME/.ssh
sudo chmod 700 /home/$USERNAME/.ssh
sudo chown $USERNAME:$USERNAME /home/$USERNAME/.ssh

# Add SSH public key
echo "$SSH_PUBLIC_KEY" | sudo tee /home/$USERNAME/.ssh/authorized_keys
sudo chmod 600 /home/$USERNAME/.ssh/authorized_keys
sudo chown $USERNAME:$USERNAME /home/$USERNAME/.ssh/authorized_keys

# Copy default shell files
sudo cp /etc/skel/.bashrc /home/$USERNAME/
sudo cp /etc/skel/.profile /home/$USERNAME/
sudo chown $USERNAME:$USERNAME /home/$USERNAME/.bashrc /home/$USERNAME/.profile

echo "User $USERNAME created successfully!"
echo "SSH key configured. User can now connect via SSH."
</source>

== User Management Best Practices ==

=== Security Considerations ===

* Always use SSH key authentication instead of passwords when possible
* Regularly review and audit user accounts
* Remove access for users who no longer need it
* Use strong, unique SSH keys
* Consider implementing key rotation policies

=== Account Maintenance ===

<source lang="bash">
# List all users
cat /etc/passwd | grep -E "/bin/(bash|sh)$"

# Check user login history
last username

# Disable user account (lock)
sudo usermod -L username

# Remove user account (with home directory)
sudo userdel -r username
</source>

=== SSH Key Management ===

<source lang="bash">
# List authorized keys for a user
sudo cat /home/username/.ssh/authorized_keys

# Remove a specific SSH key
sudo nano /home/username/.ssh/authorized_keys
# Delete the line containing the key to remove

# Backup SSH keys
sudo cp -r /home/username/.ssh /backup/location/username-ssh-backup
</source>

== Troubleshooting ==

=== Common Issues ===

==== SSH Connection Refused ====

<source lang="bash">
# Check SSH service status
sudo systemctl status ssh

# Restart SSH service
sudo systemctl restart ssh

# Check SSH configuration
sudo sshd -T
</source>

==== Permission Denied ====

<source lang="bash">
# Verify file permissions
ls -la /home/username/.ssh/
# Should show: drwx------ for .ssh directory
# Should show: -rw------- for authorized_keys file

# Fix permissions if needed
sudo chmod 700 /home/username/.ssh
sudo chmod 600 /home/username/.ssh/authorized_keys
sudo chown -R username:username /home/username/.ssh
</source>

==== User Cannot Login ====

<source lang="bash">
# Check if user account is locked
sudo passwd -S username

# Check user shell
grep username /etc/passwd

# Verify home directory exists
ls -la /home/username
</source>

=== SSH Debug Mode ===

For detailed SSH connection debugging:

<source lang="bash">
# Enable verbose SSH connection
ssh -vvv username@vm-ip-address

# Check SSH server logs
sudo tail -f /var/log/auth.log
</source>

== Verification Checklist ==

After completing user setup, verify:

* [ ] User account created successfully
* [ ] Home directory exists with correct permissions
* [ ] SSH directory created with 700 permissions
* [ ] SSH public key added to authorized_keys
* [ ] authorized_keys file has 600 permissions
* [ ] User can SSH into the VM
* [ ] User has appropriate group memberships
* [ ] Shell environment is properly configured

== External Links ==

* [https://man7.org/linux/man-pages/man8/useradd.8.html useradd man page] - Linux useradd command documentation
* [https://man7.org/linux/man-pages/man1/ssh.1.html SSH man page] - SSH client documentation
* [https://man7.org/linux/man-pages/man8/sshd.8.html SSH daemon man page] - SSH server documentation
* [https://www.ssh.com/academy/ssh/authorized-key OpenSSH Authorized Keys] - SSH key authentication guide

== See Also ==

* [[Security Hardening]] - System security procedures
* [[Password Policies]] - Password policies and procedures


[[Category:User Management]]
[[Category:Security]]
[[Category:VM Operations]]
[[Category:Procedures]]
[[Category:SSH]]


{{UserManagement}}
{{Security}}
{{VMOperations}}


{{Navigation|previous=[[Standard Operating Procedures (SOPs)]]|next=[[Security Hardening]]}}

Adding a User to Your VM

2025-09-12T08:58:21Z

Updc admin: Created page with "{{DISPLAYTITLE:VM User Management and SSH Key Setup}} == Quick Reference == Guide for adding users to VMs and configuring SSH key authentication. == Add User to VM == <source lang="bash"> # Create user with home directory sudo useradd -m -s /bin/bash username # Set password sudo passwd username # Add to sudo group (if needed) sudo usermod -aG sudo username </source> == Setup SSH Key == <source lang="bash"> # Create SSH directory sudo mkdir -p /home/username/.ssh..."

{{DISPLAYTITLE:VM User Management and SSH Key Setup}}

== Quick Reference ==

Guide for adding users to VMs and configuring SSH key authentication.

== Add User to VM ==

<source lang="bash">
# Create user with home directory
sudo useradd -m -s /bin/bash username

# Set password
sudo passwd username

# Add to sudo group (if needed)
sudo usermod -aG sudo username
</source>

== Setup SSH Key ==

<source lang="bash">
# Create SSH directory
sudo mkdir -p /home/username/.ssh
sudo chmod 700 /home/username/.ssh
sudo chown username:username /home/username/.ssh

# Add public key
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC... user@hostname" | sudo tee /home/username/.ssh/authorized_keys
sudo chmod 600 /home/username/.ssh/authorized_keys
sudo chown username:username /home/username/.ssh/authorized_keys
</source>

== Complete Setup Script ==

For convenience, here's a complete script that automates the user creation and SSH key setup:

<source lang="bash">
#!/bin/bash

# VM User Management Script
# Usage: ./add_user.sh username "Full Name" "ssh-public-key"

if [ $# -ne 3 ]; then
echo "Usage: $0 username 'Full Name' 'ssh-public-key'"
exit 1
fi

USERNAME=$1
FULL_NAME=$2
SSH_PUBLIC_KEY=$3

echo "Creating user: $USERNAME"

# Create user account
sudo useradd -m -s /bin/bash -c "$FULL_NAME" $USERNAME

# Create SSH directory
sudo mkdir -p /home/$USERNAME/.ssh
sudo chmod 700 /home/$USERNAME/.ssh
sudo chown $USERNAME:$USERNAME /home/$USERNAME/.ssh

# Add SSH public key
echo "$SSH_PUBLIC_KEY" | sudo tee /home/$USERNAME/.ssh/authorized_keys
sudo chmod 600 /home/$USERNAME/.ssh/authorized_keys
sudo chown $USERNAME:$USERNAME /home/$USERNAME/.ssh/authorized_keys

# Copy default shell files
sudo cp /etc/skel/.bashrc /home/$USERNAME/
sudo cp /etc/skel/.profile /home/$USERNAME/
sudo chown $USERNAME:$USERNAME /home/$USERNAME/.bashrc /home/$USERNAME/.profile

echo "User $USERNAME created successfully!"
echo "SSH key configured. User can now connect via SSH."
</source>

== User Management Best Practices ==

=== Security Considerations ===

* Always use SSH key authentication instead of passwords when possible
* Regularly review and audit user accounts
* Remove access for users who no longer need it
* Use strong, unique SSH keys
* Consider implementing key rotation policies

=== Account Maintenance ===

<source lang="bash">
# List all users
cat /etc/passwd | grep -E "/bin/(bash|sh)$"

# Check user login history
last username

# Disable user account (lock)
sudo usermod -L username

# Remove user account (with home directory)
sudo userdel -r username
</source>

=== SSH Key Management ===

<source lang="bash">
# List authorized keys for a user
sudo cat /home/username/.ssh/authorized_keys

# Remove a specific SSH key
sudo nano /home/username/.ssh/authorized_keys
# Delete the line containing the key to remove

# Backup SSH keys
sudo cp -r /home/username/.ssh /backup/location/username-ssh-backup
</source>

== Troubleshooting ==

=== Common Issues ===

==== SSH Connection Refused ====

<source lang="bash">
# Check SSH service status
sudo systemctl status ssh

# Restart SSH service
sudo systemctl restart ssh

# Check SSH configuration
sudo sshd -T
</source>

==== Permission Denied ====

<source lang="bash">
# Verify file permissions
ls -la /home/username/.ssh/
# Should show: drwx------ for .ssh directory
# Should show: -rw------- for authorized_keys file

# Fix permissions if needed
sudo chmod 700 /home/username/.ssh
sudo chmod 600 /home/username/.ssh/authorized_keys
sudo chown -R username:username /home/username/.ssh
</source>

==== User Cannot Login ====

<source lang="bash">
# Check if user account is locked
sudo passwd -S username

# Check user shell
grep username /etc/passwd

# Verify home directory exists
ls -la /home/username
</source>

=== SSH Debug Mode ===

For detailed SSH connection debugging:

<source lang="bash">
# Enable verbose SSH connection
ssh -vvv username@vm-ip-address

# Check SSH server logs
sudo tail -f /var/log/auth.log
</source>

== Verification Checklist ==

After completing user setup, verify:

* [ ] User account created successfully
* [ ] Home directory exists with correct permissions
* [ ] SSH directory created with 700 permissions
* [ ] SSH public key added to authorized_keys
* [ ] authorized_keys file has 600 permissions
* [ ] User can SSH into the VM
* [ ] User has appropriate group memberships
* [ ] Shell environment is properly configured

== External Links ==

* [https://man7.org/linux/man-pages/man8/useradd.8.html useradd man page] - Linux useradd command documentation
* [https://man7.org/linux/man-pages/man1/ssh.1.html SSH man page] - SSH client documentation
* [https://man7.org/linux/man-pages/man8/sshd.8.html SSH daemon man page] - SSH server documentation
* [https://www.ssh.com/academy/ssh/authorized-key OpenSSH Authorized Keys] - SSH key authentication guide

== See Also ==

* [[Security Hardening]] - System security procedures
* [[Password Management]] - Password policies and procedures


[[Category:User Management]]
[[Category:Security]]
[[Category:VM Operations]]
[[Category:Procedures]]
[[Category:SSH]]


{{UserManagement}}
{{Security}}
{{VMOperations}}


{{Navigation|previous=[[Standard Operating Procedures (SOPs)]]|next=[[Security Hardening]]}}

UPDC Client Wiki:About

2025-02-05T08:14:45Z

Updc admin: Created page with "This section contains Wiki pages that describe what the UP Data Commons (UPDC) is, the services UPDC offers, and the team that maintains UPDC."

This section contains Wiki pages that describe what the UP Data Commons (UPDC) is, the services UPDC offers, and the team that maintains UPDC.