On production server, it is a good practice to create a user account (named deployer
) which is supposed to take care jobs of deployment. The steps are described as following.
- Log in the server as
root
viassh
ssh SERVER_IP
- Add new user named
deployer
adduser deployer
- Add
deployer
to groupsudo
gpasswd -a deployer sudo
- Switch from
root
todeployer
su -l deployer
- Create
.ssh
directory and set proper access permission
mkdir ~/.ssh
chmod 700 ~/.ssh
- Copy the content of
id_rsa.pub
and paste it toauthorized_keys
On local computer:
cat ~/.ssh/id_rsa.pub | pbcopy
On remote server:
vi ~/.ssh/authorized_keys
and paste the content of public key.
- Set proper access permission on
authorized_keys
chmod 600 .ssh/authorized_keys
- Return to
root
exit
- Disable
root
login through SSH
vi /etc/ssh/sshd_config
and modify the line of PermitRootLogin
as
PermitRootLogin no
- Restart SSH
service ssh restart
- Open a new terminal on local computer and log in the server as
deployer
ssh deployer@SERVER_IP
- Let
deployer
can usesudo
without password
sudo visudo
Add following line at the end of file
deployer ALL=(ALL) NOPASSWD: ALL
Execute Ctrl-x
-> Y
-> Enter
to save and exit file.
comments powered by Disqus