Access via SSH begins with creating individual users.
It is highly recommended that individual SSH user accounts for each person who needs SSH access be created. This allows for access logging and the ability to remove a user if they no longer need access. Sharing SSH access among users can complicate future security issues related to personnel changes. Sharing also reduces accountability.
Create a SSH User
- Go to SSH > Users in the sidebar menu.
- Click + ADD SSH USER.
- Username — Enter the login username. Do not use spaces or other special characters.
- Enabled — Select "Yes" if you wish to make the new user active. Select "No" to keep them from logging into the STRATUS instance.
- Password — Enter a password for the new user. Click on Generate Password to have the system create a random password. To View the password entered, click the Eye icon in the password field to reveal the hidden password.
- Confirm Password — The created password must be entered into this field to confirm its accuracy. The Generate Password function will automatically fill this field.
- Authorized Keys — If a generated Authorized Key is preferred, enter it in this field. See ssh.com article for more on Authorized Keys.
- Click CREATE.
Once the user is created, the connection information used for the shell access can be easily copied on the Edit SSH User panel.
Edit a SSH User
To edit a user, click the name of the user in the SSH Users panel and change the desired information. Click UPDATE to save changes.
Note that when viewing the Edit SSH User panel, the password field is blank. Any existing password cannot be retrieved once the user is created; if the password is forgotten, a new password must be created and saved. If no entry is made into this password field, other fields may be edited and saved without affecting the existing password.
Delete a SSH User
To delete a user, click the name of the user in the SSH Users panel. Click DELETE to remove the user completely from the Status instance as a SSH User.
Depending on the intent, a user can be disabled by changing the Enabled field to "No." By disabling the user, their information remains for possible future use.