Created
September 19, 2017 12:44
-
-
Save mcint/6acac9c96f06dff850488107a97d4ad9 to your computer and use it in GitHub Desktop.
Lab 1 - VPS setup
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Unix SysAdmin Decal | |
## Lab 1: Unix, the Shell, OSS {#lab1} | |
[Slides](https://ocf.io/decal/slides/1) and [lab](https://ocf.io/decal/labs/1) links for Tuesday 9-12-2017. | |
### Table of Contents {#toc} | |
1. [Create ssh key](#ssh-create) | |
2. [VPS hosting provider](#vps-hosting) | |
- We'll be providing the machines, one of | |
- Amazon Web Services | |
- Google Cloud Platform - account provided by us | |
- Digital Ocean | |
3. [Set up ssh key & login](#ssh-setup) | |
- Set up ssh key / password | |
- All command line | |
- With web interface | |
- `ssh-copy-id` | |
4. [Send feedback email](#feedback) | |
- trouble encountered | |
- favorite things learned from reading `man` pages | |
--- | |
### 1. Create ssh key {#ssh-create} | |
Run the following command, and accept prompts in order to create an ssh keypair: | |
ssh-keygen -t rsa -b 4096 | |
Note: it's good practice to protect your ssh-keys with strong passwords, to protect against attackers who might briefly use...or completely steal...your computer. | |
`ssh-keygen` will create files `id_rsa` and `id_rsa.pub` inside the `.ssh` directory. View the file with `cat` or `less` later when viewing them to copy into a browser. | |
``` | |
~ $ ls .ssh/ | |
id_rsa id_rsa.pub | |
``` | |
You can rename these files, but keep the public-private distinction, and make sure the base name matches (some tools expect this). Running `ssh-keygen -t rsa -b 2048` instead is OK too. | |
**Note**: 1024-bit RSA keys are considered too short nowadays. They are not *yet* broken, but have no margin for safety. DSA and it's cousin ECDSA are considered secure, but have some secondary security risks. I make it a policy not to use them, though I'll likely never be bitten by corner cases. New implementations of ssh include new algorithms. These are | |
---------- | |
[top](#toc) | |
### 2. VPS hosting provider {#vps-hosting} | |
**Enrolled students** will have a Virtual Private Server (VPS) hosted on Amazon Web Services (AWS) provided for them. | |
--- | |
**Auditing users** may wish to acquire a VPS from Amazon, Google, or Digital Ocean. Free service credits for AWS and DigitalOcean may be claimed at [education.github.com/pack](https://education.github.com/pack) after creating/logging in to a GitHub account and associating it with a '.edu' email address. | |
However, a VPS may not be required for the first few weeks of class, as many of the labs can be completed on our login server, tsunami, reachable at `tsunami.ocf.berkeley.edu` with the `ssh` command-line utility, or in a browser via the web-shell interface we provide at [ssh.ocf.berkeley.edu](https://ssh.ocf.berkeley.edu). | |
**Fun facts**: We configure DNS so that `tsunami` and `ssh` are both valid names for our public login server, by resolving to the same IP address. `dig [host]` to see more. | |
[top](#toc) | |
### 3. Set up ssh key & login {#ssh-setup} | |
- Set up ssh key / password | |
- **All command-line** (e.g. from the OCF to VPS or your computer's shell to OCF or VPS, hereafter `[target]`). | |
1. Copy your public key, `id_rsa.pub` from where you created it to the server you want to have accept the key for authentication. | |
- `scp .ssh/id_rsa.pub [target]:` | |
- read `man scp`, the command uses `[host]:[path]`format, e.g. `ssh.ocf.io:~/.ssh/mbp_id.pub` | |
2. Login to the target machine | |
- `ssh infamous@ssh.ocf.io` | |
3. Add your public key to the authorized keys file | |
- `cat id_rsa.pub >> .ssh/authorized_keys` | |
4. **Test it** | |
- `ssh infamous@ssh.ocf.io` should not ask for a password. | |
- *Extra: try `ssh -v` to see debug information* | |
- **With web interface** | |
1. `cat > public_key` | |
2. Copy/Paste key from local to remote terminal | |
3. `^D` - Control - D - EOF/End-of-File character. | |
4. Proceed from step 2 of **All command line**. | |
- The `ssh-copy-id` utility performs the same setup. | |
- Linux, Windows with Ubuntu users: it's available from your package manager. `apt install ssh-copy-id` | |
- macOS users: [homebrew](https://brew.sh) will also allow you to install it with 1 command, `brew install ssh-copy-id` | |
[top](#toc) | |
### 4. Send feedback email {#feedback} | |
- [Email feedback and cool findings](mailto:lab1@decal.ocf.berkeley.edu) | |
- lab1@decal.ocf.berkeley.edu⧸⧸ | |
- trouble encountered | |
- favorite things learned from reading `man` pages | |
[top](#toc) | |
> Written with [StackEdit](https://stackedit.io/). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment