Cryptographic Security Platform 1.3 - PKI Hub 1.4 installation and administration [PDF][Releases]

Adds a user to the operating system of the node.

clusterctl node user create -u <username> [-p=<password>] [-k <authorized-keys>]

For example:

$ clusterctl node user create -u john -p='S!B\*d$zDsb=' -k ~/.ssh/authorized_keys

User john created

Specifically:

You can execute this command before Installing the cluster.
You must repeat the command on all the installation nodes.
The new user belongs to the same groups as the sysadmin user.

See below for a description of each parameter.

-u, --username <username>

Set <username> as the name of the new operating system user.

Exceptions: The command throws an exception when an operating system user with the <username> name already exists on the node.

Mandatory: Yes.

-p, --password=<password>

Set <password> as the password of the new operating system user.

When specifying a password on the command line, the shell may interpret certain characters rather than passing them literally to the command. To ensure the password is processed correctly, always enclose it in double quotes and escape characters that have special meaning to the shell.

In common shells (including Bash, zsh, and other POSIX-compatible shells), the following characters can trigger shell features and must be escaped with a backslash (\) when used inside double quotes:

$ (variable expansion)
! (history expansion, especially in interactive shells)
` (command substitution)
" (string delimiter)
\ (escape character itself)

For example:

--password="P@ssw0rd\$123"
--password="MySecure\!Pass"
--password="Path\\Secure"
--password="Quote\"Inside"

Although characters such as *, ?, and spaces can also be interpreted by the shell, enclosing the password in double quotes is sufficient to prevent issues in these cases. Escaping them explicitly is optional but safe.

For complex passwords containing multiple special characters, combine quoting and escaping as needed:

Shell--password="C0mpl\!x\$Pass\\2026"

Following these rules ensures that the password is passed exactly as entered, regardless of the shell environment.

Exceptions: The command throws an exception when the password does not comply with the Password policy CIS benchmarks.

Mandatory: No. When omitting this option, the command prompts for the password interactively.

-k, --authorized-keys <authorized-keys>

Import the user's public key for SSH authentication from the <authorized-keys> file path. For example:

~/.ssh/authorized_keys

Exceptions: The command throws an exception when the key file has an invalid format.

Mandatory: No. When omitting this option, the user must use the password for SSH authentication.