On production server, it is a good practice to create a user account (named deployer) which is supposed to take care jobs of deployment. The steps are described as following.
- Log in the server as rootviassh
ssh SERVER_IP
- Add new user named deployer
adduser deployer
- Add deployerto groupsudo
gpasswd -a deployer sudo
- Switch from roottodeployer
su -l deployer
- Create .sshdirectory and set proper access permission
mkdir ~/.ssh
chmod 700 ~/.ssh
- Copy the content of id_rsa.puband paste it toauthorized_keys
On local computer:
cat ~/.ssh/id_rsa.pub | pbcopy
On remote server:
vi ~/.ssh/authorized_keys
and paste the content of public key.
- Set proper access permission on authorized_keys
chmod 600 .ssh/authorized_keys
- Return to root
exit
- Disable rootlogin through SSH
vi /etc/ssh/sshd_config
and modify the line of PermitRootLogin as
PermitRootLogin no
- Restart SSH
service ssh restart
- Open a new terminal on local computer and log in the server as deployer
ssh deployer@SERVER_IP
- Let deployercan usesudowithout password
sudo visudo
Add following line at the end of file
deployer ALL=(ALL) NOPASSWD: ALL
Execute Ctrl-x -> Y -> Enter to save and exit file.
comments powered by Disqus