Skip to content

Instantly share code, notes, and snippets.

@changeme

changeme/README.md

Forked from Jonarod/README.md
Created July 19, 2020 23:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save changeme/e254b074a372be88b04c7fc4293f919f to your computer and use it in GitHub Desktop.
Save changeme/e254b074a372be88b04c7fc4293f919f to your computer and use it in GitHub Desktop.
Download ZIP
Install Alpine Linux on Hetzner cloud
Raw
README.md
  1. Create an hetzner server using Ubuntu
  2. Go to the Hetzner's Server dashboard > Images
  3. Click on "Mount" over the alpine-linux-extended.iso image
  4. Shutdown the server
  5. Start the server
  6. Click the "Console" icon from the dashboard to open an interactive terminal session
  7. Login is root
  8. Configure the interface using the command setup-interfaces
  9. Pick to setup default eth0
  10. Custom config: no 10 (bis). When asked if you want to include a custom configuration type yes
  11. Put this:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
    dns-nameservers 213.133.100.100 213.133.98.98 213.133.99.99

# control-alias eth0
iface eth0 inet6 static
    address <YOUR_IPV6_ADDRESS_FOUND_AT_THE_TOP_OF_THE_SERVER_DASHBOARD>
    gateway fe80::1

  1. Restart network service: /etc/init.d/networking restart

  2. Check internet is available: ping 8.8.8.8

  3. Configure SSH: setup-sshd

  4. Keep openssh as default

  5. Create a user: adduser Jhon

  6. Setup password

  7. Temporarily soften ssh config to share ssh key: vi /etc/ssh/sshd_config

  8. type i in your keyboard to go in "insert mode"

  9. Find each of the following options and modify to look like this:

# TEMPORARILY Allow authentication with a password
PasswordAuthentication yes
  1. Once finished, type ESC, then :wq to quit and save changes
  2. Restart sshd service sshd restart
  3. On your laptop or somewhere else (not in the Hetzner server), generate an ssh-key: ssh-keygen -t rsa -C "your_email@example.com"
  4. Give a name to the ssh key, for example: alpine_server_rsa (your choice)
  5. Copy public key to alpine server: ssh-copy-id -i ~/.ssh/alpine_server_rsa.pub -p 22 John@WW.XX.YY.ZZ (WW.XX.YY.ZZ is the IPv4 of the Hetzner server)
  6. Enter user's password to check it's you
  7. Now you should be connected from both your local laptop and the Hetzner console. Quit your local connection: type exit then Enter.
  8. Go back to the still opened Hetzner console. We want to secure the SSH server before anything.
  9. Open SSH server config: vi /etc/ssh/sshd_config
  10. type i in your keyboard to go in "insert mode"
  11. Find each of the following options and modify to look like this:
# WOULD BE BETTER TO CHANGE DEFAULT 22 TO SOMETHING RANDOM
Port 7580

# Do not allow connection as "root"
PermitRootLogin prohibit-password

# Prevent retrying more than 6 times
MaxAuthTries 6

# Prevent authenticating with password: rsa file only
PasswordAuthentication no

# Do not allow empty/null passwords
PermitEmptyPasswords no
  1. Once finished, type ESC, then :wq to quit and save changes
  2. Restart sshd service sshd restart
  3. Now you can finally quit the Hetzner console: type exit then Enter.
  4. From your local machine, now connect using ssh: ssh -i ~/.ssh/alpine_server_rsa John@WW.XX.YY.ZZ

Hopefully you should be in, logged as the user John.

There may be some issues regarding the rsa key if shared to someone or used from another machine. Two options:

  1. In /etc/ssh/sshd_config set StrictModes no (dirty, not recommended)
  2. Make sure that:
    • ~/.ssh/authorized_keys in the remote server holds the proper PUBLIC rsa key.
    • ls -l ~/.ssh/authorized_keys prints permissions to only your current user -rw------- or chmod 600 ~/.ssh/authorized_keys
    • Both your private and public keys (in your local machine) have only -rw------- or chmod 600 ~/.ssh/* them.
    • Your/home directory (in your local machine) have only drwx------ or chmod 700 /home
    • Your /home/.ssh directory (in your local machine) have only drwx------ or chmod 700 /home
    • Check your /home directory owneship (in your local machine) matches with your remote /home directory ownership: like both root root. This one is usually tricky since people don't want to change ownership of their /home to match a server config. So in that case do the opposite: change the location of the remote ~/.ssh/authorized_keys to /etc/<WHATEVER>/authorized_keys then don't forget to change AuthorizedKeysFile /etc/<WHATEVER>/authorized_keys in /etc/ssh/sshd_config and service sshd restart.

(Optional)

Install Docker + Git + Curl:

  1. Switch user to root: su root
  2. Enter password
  3. Add apk repos to /etc/apk/repositories:
echo "http://dl-cdn.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories
echo "http://dl-cdn.alpinelinux.org/alpine/latest-stable/main" >> /etc/apk/repositories
  1. Update repos: apk update
  2. Install Docker: apk add --no-cache docker git curl
  3. Make Docker run at boot: rc-update add docker boot
  4. Launch Docker daemon manually: service docker start
  5. Autorize users to manage docker: chmod 666 /var/run/docker.sock
  6. Switch to user: su John
  7. Try Docker: docker run hello-world

Install docker-compose:

apk add --no-cache py-pip
apk add --no-cache python-dev libffi-dev openssl-dev gcc libc-dev make
pip install docker-compose

Todo

[ ] Mount /dev/sda1 to root /

So far I have come to see that the device /dev/sda has one partition /dev/sda1 but it is not mounted as root. In fact, root seems to be mounted in ram with tmpfs.

Useful commands are:

fdisk -l

and

df -h

Since root is mounted on RAM only, it uses half the available RAM and the system (and all changes to it) is volatile: everything is wiped at reboot...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment