Skip to content

Instantly share code, notes, and snippets.

@cpanic

cpanic/ubuntu-srv-vbox-vm-base-pka.md

Last active November 2, 2016 21:56
Show Gist options
  • Save cpanic/ffda48649b31460a7f32baccfb213b5a to your computer and use it in GitHub Desktop.
Save cpanic/ffda48649b31460a7f32baccfb213b5a to your computer and use it in GitHub Desktop.
Download ZIP
Ubuntu Server 16.04 LTS VirtualBox VM Base Build
Raw
ubuntu-srv-vbox-vm-base-pka.md
Ubuntu Server 16.04 LTS VirtualBox VM

Basic Server

Introduction

This guide describes how I build a basic server running Canonical's Ubuntu Server 16.04 LTS Linux operating system inside a VirtualBox virtual machine (VM). I also cover how to install the VirtualBox Guest Additions software on the freshly minted VM, as well as how to configure both host and guest accounts for public key authentication.

Although I wrote this document for myself, I make as few assumptions as is practical about the skill-level of the reader. Some of these tasks seem trivial to me now, but I still remember how difficult it was to piece this kind of information together without prior experience.

We will build a virtual machine (VM) with the following characteristics:

  • It will be called ubuntu01
  • It will use a bridged network adapter meaning it get allocated an IP address by the DHCP service
  • It's fully-qualified network hostname will be ubuntu01.local, while it's machine name will be ubuntu01
  • It will have two processors
  • It will have 1024 MB of memory
  • It will have a 128 GB sparse hard disk (the file on your host will grow as the disk fills up)
  • It will have a single unprivileged user called administrator, referred to as the administrator
  • The administrator will have superuser privileges

This guide reflects these characteristics. If you decide to change any of them then I will assume you know what you are doing.

Prerequisites

You will need the following:

  • A copy of the latest VirtualBox and VirtualBox Extension Pack software installed on your host machine.
  • A copy of the Ubuntu Server 16.04.1 LTS ISO image for your host machine architecture downloaded and easily loacated.
  • A terminal session or emulator software (e.g. Cygwin, PuTTY, WinSCP) that allows connection to remote machines over SSH.
  • A means to generate SSH public/private key-pairs (e.g. ssh-keygen, PuTTY, WinSCP).
  • Knowledge of how to use either the nano or vim text editors that come with Ubuntu Server.
  • Passing familiarity with how to use technical guides like this one. I am not going to explain how to become superuser, edit configuration files, or the significance of $ and # prompts. I will assume you already possess that knowledge.

Getting the Virtual Machine ready

Specifying the virtual hardware requirements

  • Start the VirtualBox Manager
  • From the Machine menu, select New...
  • Complete the Name and operating system dialog:
    • Name: ubuntu01
    • Type: Linux
    • Version: Ubuntu (64-bit)
  • Leave Memory size at 1024 MB
  • Set up a hard disk:
    • Select Create a virtual hard disk now and Continue
    • Select VDI (VirtualBox Disk Image) and Continue
    • Leave the storage type as Dynamically allocated and Continue
    • Leave the name as is but set the size to 128.00 GB and Create

Your new VM's name will now appear in the left of the VirtualBox Manager. It may already be selected (click on it if it isn't) and your virtual hardware specifications will appear to the right.

  • Right-click on your VM's name, select Settings...
  • Select the System category:
    • Select the Motherboard tab:
      • Uncheck Floppy
    • Select the Processor tab:
      • set Processor(s) to 2
      • Check Enable PAE/NX
  • In the Audio category:
    • Uncheck Enable Audio
  • In the Network category:
    • From Attached to options, select Bridged Adapter

These final changes to the virtual hardware specifications should now be reflected in the VirtualBox Manager.

Installing the operating system

We can now start the VM to install the operating system.

  • Right-click on your VM's name, select Start > Normal Start

The VM will boot and its console will appear in a new window. You will be asked to select a bootable medium.

  • Select the Ubuntu ISO image (if it is presented), or click on the folder icon to the right of the boot options to locate the ISO image on your host filesystem.

Under some circumstances you may not be prompted for bootable media, and your virtual machine starts but displays the following message:

FATAL: No bootable medium found! System halted.

Don't panic — this could happen if you corrected a previous mistake and reached this point again.

If this does happen then just follow the four steps below:

  • Under the VM's console there are some small icons, one of which looks like a greyed-out disk — click on it
  • If the Ubuntu ISO is presented as an option, select it
  • Otherwise select Choose disk image...:
    • Locate the Ubuntu ISO file on your host filesystem
    • Click Open
  • Close the console window:
    • When asked, select Power off the machine
  • Right-click on your virtual machine, select Start > Normal Start

All being well, your virtual machine starts and your will be prompted for the Language in which the first-time boot menu will be displayed:

  • Select your Language, press Enter
  • Select Install Ubuntu Server, press Enter

Now the Ubuntu installer will start. Be aware that you may need to use the Tab key to move between fields and buttons, while using the Enter key to enter values and progress through the installation.

  • Select your Language (again), press Enter
  • Select your Location, press Enter
  • In Configure the keyboard:
    • Choose No for Detect keyboard layout?, press Enter
    • Select an appropriate Country of origin, press Enter
    • Select an appropriate Keyboard layout, press Enter
  • In Configure the network:
    • Set Hostname to ubuntu01, and Continue
  • At Configure users and passwords
    • Set Full name for the new user to Administrator, and Continue
    • Set Username for your account to administrator, and Continue
    • Choose a password for the new user and Continue
    • Re-enter the password to verify and Continue
    • Choose No when asked if you want to Encrypt your home directory
  • At Configure the clock:
    • Confirm your time zone
  • At Partition disks:
    • Select Guided - use entire disk and set up LVM
    • Select the disk to partition (there should only be one)
    • Choose Yes to Write the changes to disks and configure LVM
    • Select the default size (136.9 GB) and Continue
    • Choose Yes to Write the changes to disks
  • In Configure the package manager:
    • Configure your HTTP proxy information (I left mine blank), and Continue
  • At Configuring tasksel:
    • Select No automatic updates
  • At Software selection:
    • Ensure that both OpenSSH server and standard system utilities are selected (use the arrow keys to move the cursor and the Space key to toggle selections), then Continue

Important If you don't install the OpenSSH server then you will not be able to connect to your virtual machine using a terminal emulator and SSH.

  • In Install the GRUB boot loader on a hard disk:
    • Choose Yes for Install the GRUB boot loader to the master record
  • In Finish the installation:
    • Ensure that the bootable medium has been unmounted — the disk icon under the VM's console should be greyed-out
    • If it wasn't then click on it and select Remove disk from virtual drive
    • Now choose Continue

Your system will now reboot and your will eventually see a login prompt in the console.

Using the console to do anything on the VM is a miserable experience: for instance, there is no easy way to cut and paste, which can make life very difficult. We should aim to do as little as possible in the console and, to that end, we will log in once to get the VM's IP address. This will enable us to access the VM using a terminal session and SSH.

Logging-in for the first time

Bring the console window into the foreground. It may have gone completely blank, so press Enter to get the login prompt back. Now we will log into the VM for the first time and, hopefully, the last time using the console:

  • Log in as administrator

  • At the $ prompt, type ifconfig and press Enter

  • You should see something like:

    enp0s3    Link encap:Ethernet  HWaddr 08:00:27:9d:ff:0f
          inet addr:192.168.1.112  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe9d:ff0f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5226 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1666 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:464893 (464.8 KB)  TX bytes:150043 (150.0 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

There should be details of two network interfaces: one Ethernet and the other a Local Loopback. The address for the Local Loopback interface is 127.0.0.1, but We need the IP address for the Ethernet interface. Mine is 192.168.1.112, but yours is likely to be something else.

Once you have your VM's IP address, just log out of the console pressing Ctrl+D, or by entering exit at the prompt. Now use your terminal emulator to log in over SSH to the administrator at that IP address.

I'm using iTerm3 on my Mac, so I would do it like this:

$ ssh administrator@192.168.1.112

The first time you have connect, you might see something like this:

The authenticity of host '192.168.1.112 (192.168.1.112)' can't be established.
ECDSA key fingerprint is SHA256:vkUo2KH+vq9rolRjsMsW8rq3izKxF+dmhqY5pgi6JKA.
Are you sure you want to continue connecting (yes/no)?

If you see it then just enter yes when prompted.

You should now be logged-in, over your network, to the administrator account on your VM. Now you can now use cut and paste, and all of the other features not offered by the VM console.

Next time you start the virtual machine, you can do so using Headless Mode and use this method to log in.

Preparing the VM for the VirtualBox Guest Additions software

Before we do away with the console forever, we need it in otder to install the VirtualBox Guest Additions software. The Guest Additions are designed to be installed inside a virtual machine after the guest operating system has been installed. They consist of device drivers and system applications that optimize the guest operating system for better performance and usability.

If you haven't done so already, boot your VM using the Normal Start and log in as administrator

We first need to prepare the system by installing a few required packages and ensuring that the server has the latest versions of the installed software:

$ sudo su
# apt install linux-image-extra-$(uname -r)
# apt install linux-image-extra-virtual
# apt install linux-headers-generic linux-generic
# apt install dkms build-essential module-assistant
# apt update
# apt upgrade
# m-a prepare

Shortly, we will restart the system and install the Guest Additions but, before we do so, there's another change we could make before the restart. The change is an optional but recommended alteration to the bootloader, particularly if you plan on deploying Docker Engine on this machine and don't wish to see the following warning:

no swap limit support

Adjusting Memory and Swap Accounting

You should still be logged in as administrator with superuser active:

  • Open the /etc/default/grub file with your favourite editor

  • Set the GRUB_CMDLINE_LINUX value:

    GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"

  • Save and close the file

  • Update GRUB:

    # update-grub

Now restart your system:

# reboot

Installing the VirtualBox Guest Additions software

Once the system has booted, log in as administrator:

From the VM's console Devices menu, select Insert Guest Additions CD image.... This will attach the the Guest Additions disk image, which ships with VirtualBox, to the virtual machine. The disk icon below the console should now be illuminated.

$ sudo su
# mount /dev/cdrom /media/cdrom
# pushd /media/cdrom
# sh ./VBoxLinuxAdditions.run
# popd

Click on the disk icon below the console and Remove disk from virtual drive. You may forcibly unmount the disk image if prompted to do so.

Now that the Guest Additions are installed, you need never use the console again.

Power down the virtual machine:

# poweroff

Starting the Virtual Machine in Headless Mode

The VM's console isn't always useful to have hanging around, so it is possible to start your virtual machine without a console, also known as Headless Mode.

In the VirtualBox Manager:

  • Right-click on your VM's name, select Start > Headless Start

The virtual machine will now start without a console.

Enabling Public Key Authentication

We are going to configure our host and remote guest accounts so that a password is not necessary when loggin into our remote guest account from our host account. We are going to being using the host account's private key as our login credentials. As well as being more convenient, this type of authentication help to eliminate man-in-the-middle-attacks as a vector for password theft.

Start you VM and open a terminal session on your host machine.

Create an identity key-pair

You need to create a pair of keys (one private, one public) which together constitute an identity that can be used by the host account to log into the remote account:

$ mkdir -p ~/.ssh
$ ssh-keygen -b 2048 -t rsa -f ~/.ssh/ubuntu01

Just press Enter (twice) to skip past the passphrase prompts. You should see something similar to this:

Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ubuntu01.
Your public key has been saved in ubuntu01.pub.
The key fingerprint is:
SHA256:m7wx+aPU/rm37ORTftxyRebMNaxUfyG3mWm0qZxbo2k nukopia@Bear.local
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|             . = |
|              * X|
|             . @*|
|        S   o =*+|
|       . -   - o*|
|        O .   @++|
|       . *.  E+ *|
|        o.oo=+==.|
+----[SHA256]-----+

Install the public key to your remote account:

The public key has an filename suffix of .pub and may be shared with the other party. The private key, which has no suffix, must never be shared.

  • Copy the public key file to the remote account:

    $ scp ~/.ssh/ubuntu01.pub administrator@192.168.1.112:

  • You should see something like this:

    administrator@192.168.1.112's password:
ubuntu01.pub                                                                          100%  400     0.4KB/s   00:00

  • Log into your remote account

    $ ssh administrator@192.168.1.112

  • Set up the remote account's own ~/.ssh directory by generating the account's identity files:

    $ [[ -d ~/.ssh ]] || ssh-keygen -b 2048 -t rsa

  • If the ~/.ssh is missing then it and the remote account's own keys will be generated — just press Enter at every prompt, going with the defaults and no passphrase. You should see something like this:

    Generating public/private rsa key pair.
Enter file in which to save the key (/home/administrator/.ssh/id_rsa):
Created directory '/home/administrator/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/administrator/.ssh/id_rsa.
Your public key has been saved in /home/administrator/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:9qBjPtRH1QOIYl9e/BJ9+qMoXWq+PSfd/45RjHpmmYc administrator@ubuntu01
The key's randomart image is:
+---[RSA 2048]----+
|         . o.+   |
|      o . o = + .|
|     . o o o o + |
|        . o . oo |
|       .S.   ...o|
|      .o.o.  o *.|
|     .+  .o = E +|
|     o.. . =.B *.|
|      ..  +o..=.*|
+----[SHA256]-----+

  • The public key you copied to the account earlier can now be appended to the authorized_keys file then deleted:

    $ cat ~/ubuntu01.pub >> ~/.ssh/authorized_keys
$ chmod 0600 ~/.ssh/authorized_keys
$ rm ~/ubuntu01.pub
$ exit

You should now be logged-out of the remote account and sitting at your host account's shell prompt.

Having generated a public/private key-pair on your host machine's account, and installed the public key on your virtual machine's administrator account, you can now log into the administrator account using the private key on your host machine host. When you authenticate using this method, you will not be asked for a password.

Try loggin in using the private key generated on your host system:

$ ssh -i ~/.ssh/ubuntu01 administrator@192.168.1.112

If you did everything right, you should be logged into your remote account without being asked for a password.

Log out, returning to your host account's shell prompt.

Simplifying the log in process

We do not want to be using the -i ~/.ssh/ubuntu01 option every time we login, so let's simplify the process by creating a SSH host config entry for the remote machine.

  • Open the ~/.ssh/config file using your favourite editor

  • Add a host entry:

    Host ubuntu01.local ubuntu01
  Hostname 192.168.1.115
  IdentityFile ~/.ssh/ubuntu01
  User administrator
  ForwardAgent yes
  Port 22

  • Save and close the file

With a host entry in our host account's ~/.ssh/config file, logging is a snap:

$ ssh ubuntu01

Related

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment