Erik's blog

Code, notes, recipes, general musings

getting started with Ubuntu server, continued

with one comment

I’ve been playing around with an Ubuntu 10.10 64-bit server vm for the past couple days. My previous post ended with me unable to ssh into the vm. Today, I read a post on serverfault that got me thinking about trying to ping the vm. For whatever reason, I might have more success with that than ssh.

The post also mentioned turning off the firewall, which seems like a logical step, though I’ve been paranoid for so long, I’m uncomfortable doing so, even on a vm. Nevertheless, I turned off the firewall: sudo ufw disable

Restarted the vm: sudo shutdown -r now

Ran ifconfig to confirm that the ip hadn’t changed: ifconfig

But it had. It was now something like 0.0.0.255, which looked off. It didn’t seem like something I could ssh into. When I was hacking around the other day, I had tried configuring the vm to use a bridged network. I now switched back to the default NAT setting: Virtual Machine > settings > Network > Share the Mac’s network connection

I restarted the machine, and ran ifconfig again. Now it was back to an ip that looked more familiar:
… inet addr:172.16.83.133 …

From my Mac, I tried pinging the vm: ping 172.16.83.133

To my surprise, it responded. Amazing. I tried ssh’ing in and was rejected with
ssh: connect to host 172.16.83.133 port 22: Connection refused.

Then I remembered I had set the ssh port to 2222, and tried again:
ssh erik@172.16.83.133 -p 2222

Success! Amazing again. Then I went overboard and turned the firewall back on, sudo ufw enable, and restarted, but it still worked(!). I checked the status of the firewall just to make sure I wasn’t delusional: sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
2222                       ALLOW       Anywhere
22                          ALLOW        Anywhere
80/tcp                     ALLOW       Anywhere

This is madness, but it’s working, so I’m not complaining.

To wrap up the ssh piece, I want to configure ssh to use a public key instead of a password. I’ll follow the SSH/OpenSSH keys tutorial on the Ubuntu wiki.

I created a new ssh key, ssh-keygen -t rsa, and save it in a file called ~/.ssh/erik_rsa.

Then I copied the key to the vm:
scp -P 2222 ~/.ssh/erik_rsa.pub erik@172.16.83.133:.ssh/authorized_keys

Ideally (for me), the vm would now just automagically prefer public key authentication. I gave it a shot and immediately tried ssh’ing into the vm, but it still prompted me for a password. Oh well.

I edited the sshd_config file to uncomment the line AuthorizedKeysFile %h/.ssh/authorized_keys and set PasswordAuthentication to “no”, and then restarted sshd: sudo /etc/init.d/ssh restart

I exited the vm, and tried ssh’ing in again, this time specifying the location of my shiny new ssh key: ssh erik@172.16.83.133 -p 2222 -i ~/.ssh/erik_rsa

Wow. It worked. I’m always astounded when things like this actually work. Mac prompted me to enter my passphrase, and then I was in.

Now that I can ssh and I have a firewall, it’s time to move on to the next step of the security wiki … hmm … well, before I dive into denyhosts and fail2ban, I think I’ll play around with the real reason I wanted to get an OS up and running, to install node.js.

Advertisements

Written by Erik

October 20, 2010 at 10:32 pm

Posted in notes

Tagged with , ,

One Response

Subscribe to comments with RSS.

  1. […] tried loading this, but no response. However, I grappled with my vm’s firewall recently enough to remember that I hadn’t opened port 8124, so I update the code to use port […]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: