Doubtful security - and weird acting

[TimeSheep]

Well, hi
This would be my first post on this Forum, and I hope to get some help here, while giving away parts of my own expertise using linux.

Anyways I have recently switched to a Linux VPS from my Windows - because frankly I don't like Windows Server 2008 - due to some issues when server applications crash.

Problem #1
Being somehow used to linux, I connected to my server using SSH and created a new user - I just called this one "servers" as all my server programs need to be able to access eachother. I chowned it's own home folder for it - as I had already uploaded my old content - so it could read it's own stuff... The first problem I ran into when starting a new session though, was that I couldn't use the password I had set using

Code:

useradd -p passwordhere servers

So I logged in as root and SU'ed to the servers user. That part didn't cause any trouble. So when I tried to change the users password using passwd after su'ing to it - it asked for my Kerberos password - which I am quite sure I have not set. So first of all I have to have it's password changed so I can login to it without going through the root user...
Also I'm using screen as I have to be able to access the server windows at the same time, so I keep them open in there.

Problem #2
So being on the new user I ran screen... Now it tells me that I am not allowed to access /dev/pts/0 - and I cannot use sudo to run screen - as I cannot set a working password for my user. So I switched back to root, chowned the file to the new user, su'ed back and ran screen. It works fine - but I have to do it for every SSH session I run, which is actually quite annoying as I also have to do this when reattaching my running screen session.

Bonus question
As a last little thing - is there other things I should do to secure my server besides from running behind the firewall the provider has set up, and having an isolated user for running servers?

Well, thanks for your patience while reading this
I suppose my 2 problems are somehow related, but I can't seem to find a solution to them on Google - so I hope you guys can

Thanks in advance
- Time Sheep

[alf55]

The passwd field in the "useradd" or "usermod" is passed in the command line in encrypted format (i.e. not in clear text). From the "man page for useradd":

Code:

       -p, --password PASSWORD
           The encrypted password, as returned by crypt(3). The default is to
           disable the password.

           Note: This option is not recommended because the password (or
           encrypted password) will be visible by users listing the processes.

           You should make sure the password respects the system's password
           policy.

[TimeSheep]

So you say I should crypt a password before running the useradd command?
So I end up doing like this:
#crypt PASSWORD
#useradd -p RESULTOFCRYPT servers

Because I don't have crypt installed, and i cannot find it on apt-get :/