Creating Additional Users on a Linux Instance (OCI)

In general, all OCI Linux servers created with OPC user by default, which has super privileges and can be used by admin users only.  If you would like provision access to developers on Linux server, we need to create new users and will see the process below how to create and access them.

High level plan to create and new user:

1. Generate SSH key pairs for the users offline.
2. Add the new users.
3. Append a public key to the ~/.ssh/authorized_keys file for each new user.

Detailed steps:

The new users then can SSH to the instance using the appropriate private keys.

To create an additional SSH-enabled user:

1. Generate an SSH key pair for the new user.

2. Copy the public key value to a text file for use later in this procedure.

3. Log in to the instance.

4. Become the root user:
    

   sudo su

5. Create the new user:

    useradd <new_user>

6. Create a .ssh directory in the new user’s home directory:

    mkdir /home/<new_user>/.ssh

7. Copy the SSH public key that you saved to a text file into the /home/new_user/.ssh/authorized_keys file:

    echo <public_key> > /home/<new_user>/.ssh/authorized_keys

8. Change the owner and group of the /home/username/.ssh directory to the new user:

    chown -R <new_user>:<group> /home/<new_user>/.ssh

9. To enable sudo privileges for the new user, run the visudo command and edit the /etc/sudoers file as follows:

a. In /etc/sudoers, look for:

    %<username> ALL=(ALL) NOPASSWD: ALL

b. Add the following line immediately after the preceding line:

    %<group> ALL=(ALL) NOPASSWD: ALL

The new user can now sign in to the instance.

I was able to create new user and followed all above steps as is and tried to login with new user, and I got below error message.

"Server refused our key"

"No supported authentication methods available (server sent: publickey.gssapi-keyex.gassapi-with-mic)".

After couple of hours research, found 2 issues.

Issue-1:

/home/<new user>/.ssh folder doesn't have 700 permissions and it has 755, changed .ssh folder permissions to 700.

Issue-2:

/home/new_user/.ssh/authorized_keys file suppose to have 600 permissions, but it was 755, changed back to 600.

Now you were able to login the linux server with new user.

Source: https://docs.cloud.oracle.com/en-us/iaas/Content/Compute/Tasks/addingusers.htm

Permanently change the hostname of an Oracle Cloud Infrastructure (OCI) compute instance

For Oracle Linux 6:

1) Edit /etc/sysconfig/network
change the parameter value for "hostname"
example:
$ cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=instance-ol6 <--------- change here

2) In the file /etc/oci-hostname.conf change the value of PRESERVE_HOSTINFO to 2.
$cat /etc/oci-hostname.conf
PRESERVE_HOSTINFO=2

This change will be persistent across reboots.

For Oracle Linux 7:

1) Update the /etc/hostname file with below command.
    hostnamectl set-hostname <new name>

2) Edit the oci configuration file for hostnames as given below to update the needed value to 2 and save changes.
    $ vi /etc/oci-hostname.conf
    PRESERVE_HOSTINFO=2
  

3) Edit the FQDN from OCI console GUI, go to compute instances
--> select the instance
--> scroll down
--> at the left bottom corner select attached VNIC under resources
--> edit appropriate VNIC
--> change hostname to update FQDN
--> update VNIC

4) Reboot the instance

5) Check the hostname with hostname command.