12 Accessing an Oracle Linux Instance Using SSH

If you’ve created your instance using an Oracle-provided Oracle Linux image, then you can log in to your instance using SSH as the opc user.

If you’ve created your instance using a custom machine image, then ensure that you’ve added a script to copy SSH public keys to the appropriate files for default users. This script must run automatically when your instance starts. It must retrieve the SSH public keys from the metadata stored in the instance, and copy these keys to the following path for one or more default users: /home/user/.ssh/authorized_keys. For information about retrieving SSH public keys, see Retrieving Instance Metadata.

Accessing an Instance from UNIX and UNIX-Like Systems

You can log in to an Oracle-provided Oracle Linux instance as the default user, opc. The opc user has sudo privileges.

Prerequisites

Procedure

You can use SSH to log in to your instance as the default user, opc, by using the following command:

ssh opc@ip_address —i private_key

In this command, ip_address is the public IP address of the instance, and private_key is the full path and name of the file that contains the private key corresponding to the public key associated with the instance that you want to access.

Note:

If you’ve enabled a VPN tunnel to your Compute Classic instances, you can use the private IP address of your instance to connect to the instance. To set up a VPN tunnel, see Connecting to Instances in a Multitenant Site Using VPN, Setting Up VPN Using VPNaaS, or Connecting to Oracle Cloud Infrastructure Dedicated Compute Classic Instances Using VPN. (Not available on Oracle Cloud at Customer)

If an error occurs, see Can’t connect to an instance using SSH.

When you’re logged in as the default user, opc, use the sudo command to run administrative tasks.

Accessing an Instance from Windows

You can log in to an Oracle-provided Oracle Linux instance as the default user, opc. The opc user has sudo privileges. If you’re using a Windows host, you can use PuTTY or any other similar client to connect to your instance using SSH.

Prerequisites

Procedure

  1. Run the PuTTY program.

    The PuTTY Configuration window is displayed, showing the Session panel.

  2. In Host Name (or IP address) box, enter the public IP address of your instance.

    Note:

    If you’ve enabled a VPN tunnel to your Compute Classic instances, you can use the private IP address of your instance to connect to the instance. To set up a VPN tunnel, see Connecting to Instances in a Multitenant Site Using VPN, Setting Up VPN Using VPNaaS, or Connecting to Oracle Cloud Infrastructure Dedicated Compute Classic Instances Using VPN. (Not available on Oracle Cloud at Customer)

  3. Confirm that the Connection type option is set to SSH.
  4. In the Category tree, expand Connection if necessary and then click Data.

    The Data panel is displayed.

  5. In Auto-login username box, enter opc.
  6. Confirm that the When username is not specified option is set to Prompt.
  7. In the Category tree, expand SSH and then click Auth.

    The Auth panel is displayed.

  8. Click the Browse button next to the Private key file for authentication box. Navigate to and open the private key file that matches the public key that is associated with your instance.
  9. In the Category tree, click Session.

    The Session panel is displayed.

  10. In the Saved Sessions box, enter a name for this connection configuration and click Save.
  11. Click Open to open the connection.

    The PuTTY Configuration window is closed and the PuTTY window is displayed.

  12. If this is the first time you are connecting to an instance, the PuTTY Security Alert window is displayed, prompting you to confirm the public key. Click Yes to continue connecting.

If an error occurs, see Can’t connect to an instance using SSH.

When you’re logged in as the default user, opc, use the sudo command to run administrative tasks.

Adding Users on an Oracle Linux Instance

If you’ve created your instance using an Oracle-provided Oracle Linux image, then you can use SSH to access your Oracle-provided Oracle Linux instance from a remote host as the opc user. After logging in, you can add users on your instance.

Note:

When an instance that’s set up to boot from a nonpersistent boot disk is deleted and re-created, any users that were added manually (that is, users that weren’t defined in the machine image) must be added again.

  1. Generate an SSH key pair for the new user. See Generating an SSH Key Pair on UNIX and UNIX-Like Systems.
  2. Copy the public key value to a text file. You’ll use this key later in this procedure.
  3. Log in to your instance. See Accessing an Instance from UNIX and UNIX-Like Systems.
  4. Become the root user.
    sudo su
  5. Create the new user:
    useradd new_user
  6. Create a .ssh directory in the new user’s home directory.
    mkdir /home/new_user/.ssh
  7. Copy the SSH public key that you noted earlier to the /home/new_user/.ssh/authorized_keys file.
    echo "key" > /home/new_user/.ssh/authorized_keys
    Here, key is the SSH public key value from the key pair that you generated earlier, enclosed in double quotation marks.
  8. Add the new user to the list of allowed users in the /etc/ssh/sshd_config file on your instance, by editing the AllowUsers parameter, as shown in the following example:
    AllowUsers opc myadmin
    In this example, the AllowUsers parameter already had the opc user. The myadmin user has now been added.
  9. Change the owner and group of the /home/username/.ssh directory to the new user:
    chown -R new_user:group /home/new_user/.ssh
  10. Restart the SSH daemon on your instance.
    /sbin/service sshd restart
  11. To enable sudo privileges for the new user, edit the /etc/sudoers file by running the visudo command.
    In /etc/sudoers, look for the following line:

    %opc ALL=(ALL) NOPASSWD: ALL

    Add the following line right after the preceding line:

    %group_of_new_user ALL=(ALL) NOPASSWD: ALL

You can now log in as the new user:

ssh new_user@ip_address -i private_key

In this command, ip_address is the public IP address of the instance, and private_key is the full path and name of the file that contains the private key corresponding to the public key that you added to the authorized_keys file earlier in this procedure.

Note:

If you’ve enabled a VPN tunnel to your Compute Classic instances, you can use the private IP address of your instance to connect to the instance. To set up a VPN tunnel, see Connecting to Instances in a Multitenant Site Using VPN, Setting Up VPN Using VPNaaS, or Connecting to Oracle Cloud Infrastructure Dedicated Compute Classic Instances Using VPN. (Not available on Oracle Cloud at Customer)

If an error occurs, see Can’t connect to an instance using SSH.

Use the sudo command to run administrative tasks.