mcint/unix-decal-lab1

## unix-decal-lab1
# Unix SysAdmin Decal
## Lab 1: Unix, the Shell, OSS {#lab1}
[Slides](https://ocf.io/decal/slides/1) and [lab](https://ocf.io/decal/labs/1) links for Tuesday 9-12-2017.
### Table of Contents {#toc}
1. [Create ssh key](#ssh-create)
2. [VPS hosting provider](#vps-hosting)
	- We'll be providing the machines, one of
		- Amazon Web Services
		- Google Cloud Platform - account provided by us
		- Digital Ocean
3. [Set up ssh key & login](#ssh-setup)
	- Set up ssh key / password
		- All command line
		- With web interface
		- `ssh-copy-id`
4. [Send feedback email](#feedback)
	- trouble encountered
	- favorite things learned from reading `man` pages

---
### 1. Create ssh key {#ssh-create}
Run the following command, and accept prompts in order to create an ssh keypair:

	ssh-keygen -t rsa -b 4096
Note: it's good practice to protect your ssh-keys with strong passwords, to protect against attackers who might briefly use...or completely steal...your computer.

`ssh-keygen` will create files `id_rsa`  and `id_rsa.pub` inside the `.ssh` directory.  View the file with `cat` or `less` later when viewing them to copy into a browser.
```
~ $ ls .ssh/
id_rsa id_rsa.pub
```
You can rename these files, but keep the public-private distinction, and make sure the base name matches (some tools expect this). Running `ssh-keygen -t rsa -b 2048` instead is OK too.

**Note**: 1024-bit RSA keys are considered too short nowadays. They are not *yet* broken, but have no margin for safety. DSA and it's cousin ECDSA are considered secure, but have some secondary security risks. I make it a policy not to use them, though I'll likely never be bitten by corner cases. New implementations of ssh include new algorithms. These are


----------


[top](#toc)
### 2. VPS hosting provider {#vps-hosting}
**Enrolled students** will have a Virtual Private Server (VPS) hosted on Amazon Web Services (AWS) provided for them.

---
**Auditing users** may wish to acquire a VPS from Amazon, Google, or Digital Ocean. Free service credits for AWS and DigitalOcean may be claimed at [education.github.com/pack](https://education.github.com/pack) after creating/logging in to a GitHub account and associating it with a '.edu' email address.

However, a VPS may not be required for the first few weeks of class, as many of the labs can be completed on our login server, tsunami, reachable at `tsunami.ocf.berkeley.edu` with the `ssh` command-line utility, or in a browser via the web-shell interface we provide at [ssh.ocf.berkeley.edu](https://ssh.ocf.berkeley.edu).

**Fun facts**:  We configure DNS so that `tsunami` and `ssh` are both valid names for our public login server, by resolving to the same IP address. `dig [host]` to see more.

[top](#toc)
### 3. Set up ssh key & login {#ssh-setup}
- Set up ssh key / password
	- **All command-line** (e.g. from the OCF to VPS or your computer's shell to OCF or VPS, hereafter `[target]`).
		1. Copy your public key, `id_rsa.pub` from where you created it to the server you want to have accept the key for authentication.
			- `scp .ssh/id_rsa.pub [target]:`
				- read `man scp`, the command uses `[host]:[path]`format, e.g. `ssh.ocf.io:~/.ssh/mbp_id.pub`
		2. Login to the target machine
			- `ssh infamous@ssh.ocf.io`
		3. Add your public key to the authorized keys file
 			- `cat id_rsa.pub >> .ssh/authorized_keys`
 		4. **Test it**
	 		- `ssh infamous@ssh.ocf.io` should not ask for a password.
	 		- *Extra: try `ssh -v` to see debug information*
	- **With web interface**
		1. `cat > public_key`
		2. Copy/Paste key from local to remote terminal
		3. `^D` - Control - D - EOF/End-of-File character.
		4. Proceed from step 2 of **All command line**.
	- The `ssh-copy-id` utility performs the same setup.
		- Linux, Windows with Ubuntu users: it's available from your package manager. `apt install ssh-copy-id`
		- macOS users: [homebrew](https://brew.sh) will also allow you to install it with 1 command, `brew install ssh-copy-id`

[top](#toc)
### 4. Send feedback email {#feedback}
  - [Email feedback and cool findings](mailto:lab1@decal.ocf.berkeley.edu)
	  - lab1@decal.ocf.berkeley.edu⧸⧸
	  - trouble encountered
	  - favorite things learned from reading `man` pages

[top](#toc)

> Written with [StackEdit](https://stackedit.io/).
	# Unix SysAdmin Decal
	## Lab 1: Unix, the Shell, OSS {#lab1}
	[Slides](https://ocf.io/decal/slides/1) and [lab](https://ocf.io/decal/labs/1) links for Tuesday 9-12-2017.
	### Table of Contents {#toc}
	1. [Create ssh key](#ssh-create)
	2. [VPS hosting provider](#vps-hosting)
	- We'll be providing the machines, one of
	- Amazon Web Services
	- Google Cloud Platform - account provided by us
	- Digital Ocean
	3. [Set up ssh key & login](#ssh-setup)
	- Set up ssh key / password
	- All command line
	- With web interface
	- `ssh-copy-id`
	4. [Send feedback email](#feedback)
	- trouble encountered
	- favorite things learned from reading `man` pages

	---
	### 1. Create ssh key {#ssh-create}
	Run the following command, and accept prompts in order to create an ssh keypair:

	ssh-keygen -t rsa -b 4096
	Note: it's good practice to protect your ssh-keys with strong passwords, to protect against attackers who might briefly use...or completely steal...your computer.

	`ssh-keygen` will create files `id_rsa` and `id_rsa.pub` inside the `.ssh` directory. View the file with `cat` or `less` later when viewing them to copy into a browser.
	```
	~ $ ls .ssh/
	id_rsa id_rsa.pub
	```
	You can rename these files, but keep the public-private distinction, and make sure the base name matches (some tools expect this). Running `ssh-keygen -t rsa -b 2048` instead is OK too.

	Note: 1024-bit RSA keys are considered too short nowadays. They are not yet broken, but have no margin for safety. DSA and it's cousin ECDSA are considered secure, but have some secondary security risks. I make it a policy not to use them, though I'll likely never be bitten by corner cases. New implementations of ssh include new algorithms. These are


	----------


	[top](#toc)
	### 2. VPS hosting provider {#vps-hosting}
	Enrolled students will have a Virtual Private Server (VPS) hosted on Amazon Web Services (AWS) provided for them.

	---
	Auditing users may wish to acquire a VPS from Amazon, Google, or Digital Ocean. Free service credits for AWS and DigitalOcean may be claimed at [education.github.com/pack](https://education.github.com/pack) after creating/logging in to a GitHub account and associating it with a '.edu' email address.

	However, a VPS may not be required for the first few weeks of class, as many of the labs can be completed on our login server, tsunami, reachable at `tsunami.ocf.berkeley.edu` with the `ssh` command-line utility, or in a browser via the web-shell interface we provide at [ssh.ocf.berkeley.edu](https://ssh.ocf.berkeley.edu).

	Fun facts: We configure DNS so that `tsunami` and `ssh` are both valid names for our public login server, by resolving to the same IP address. `dig [host]` to see more.

	[top](#toc)
	### 3. Set up ssh key & login {#ssh-setup}
	- Set up ssh key / password
	- All command-line (e.g. from the OCF to VPS or your computer's shell to OCF or VPS, hereafter `[target]`).
	1. Copy your public key, `id_rsa.pub` from where you created it to the server you want to have accept the key for authentication.
	- `scp .ssh/id_rsa.pub [target]:`
	- read `man scp`, the command uses `[host]:[path]`format, e.g. `ssh.ocf.io:~/.ssh/mbp_id.pub`
	2. Login to the target machine
	- `ssh infamous@ssh.ocf.io`
	3. Add your public key to the authorized keys file
	- `cat id_rsa.pub >> .ssh/authorized_keys`
	4. Test it
	- `ssh infamous@ssh.ocf.io` should not ask for a password.
	- Extra: try `ssh -v` to see debug information
	- With web interface
	1. `cat > public_key`
	2. Copy/Paste key from local to remote terminal
	3. `^D` - Control - D - EOF/End-of-File character.
	4. Proceed from step 2 of All command line.
	- The `ssh-copy-id` utility performs the same setup.
	- Linux, Windows with Ubuntu users: it's available from your package manager. `apt install ssh-copy-id`
	- macOS users: [homebrew](https://brew.sh) will also allow you to install it with 1 command, `brew install ssh-copy-id`

	[top](#toc)
	### 4. Send feedback email {#feedback}
	- [Email feedback and cool findings](mailto:lab1@decal.ocf.berkeley.edu)
	- lab1@decal.ocf.berkeley.edu⧸⧸
	- trouble encountered
	- favorite things learned from reading `man` pages

	[top](#toc)

	> Written with [StackEdit](https://stackedit.io/).