Lab Hack: Ubuntu openssh-server and passwordless authentication
While setting up the lab for a docker swarm training module I decided to spin up a few vms in Virtual Box. Found a great automation guide on how to run unattended installation for Ubuntu 16.04 by Ernestas Narmontas, the downsize is the host which I am working on is a. a workstation b. nearly out of space to handle some of the tutorial steps and c. I just want to get the lab working quickly so that I can get to the fun docker swarm modules.
Here are some quick hack reminders for next installation. I went with the “minimal installation” and once it finished the installation ran a few manual things.
Install openssh-server
sudo apt install openssh-server
Start openssh server
sudo systemctl start ssh
Open up firewall port
sudo ufw allow ssh
Enable it to start after reboot
sudo systemctl enable ssh
Now with ssh working lets get the authorized keys created and pushed around. The virtual machines are ubuntu1 (192.168.0.6), ubuntu2 (192.168.0.5) & ubuntu3 (192.168.0.9) and the jump workstation is XVXWYZW
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/kewrunner/.ssh/id_rsa):
/home/kewrunner/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/kewrunner/.ssh/id_rsa
Your public key has been saved in /home/kewrunner/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:OQYBKCXBdt7LhOJ7NZkjsljksklljSDFSlHF5d2FKm6T3k3E kewrunner@XVXWYXZW
The key's randomart image is:
+---[RSA 3072]----+
|+o..... .. |
|.+.. . |
|..o o .. o o |
| . + o ...+ = . |
|. . =.+oSo * o E |
| . X+B..o o + |
| . oo+ * + |
| . .. + o . |
| . .. o ++ |
+----[SHA256]-----+
then make ssh directory, repeat the process to each of the vms
ssh kewrunner@192.168.0.5 mkdir -p .ssh
ssh kewrunner@192.168.0.6 mkdir -p .ssh
ssh kewrunner@192.168.0.9 mkdir -p .ssh
now exchange my authorized public keys
cat .ssh/id_rsa.pub | ssh kewrunner@192.168.0.5 'cat >> .ssh/authorized_keys'
cat .ssh/id_rsa.pub | ssh kewrunner@192.168.0.6 'cat >> .ssh/authorized_keys'
cat .ssh/id_rsa.pub | ssh kewrunner@192.168.0.9 'cat >> .ssh/authorized_keys'
last step, adjust the permissions to be more restrictive
ssh kewrunner@192.168.0.5 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
ssh kewrunner@192.168.0.6 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
ssh kewrunner@192.168.0.9 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
Thats it, now you can test it out and get started with the dockers modules.
kewrunner@XVXWYXZW:~$ ssh kewrunner@192.168.0.5
Welcome to Ubuntu 19.10 (GNU/Linux 5.3.0-64-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
255 updates can be installed immediately.
170 of these updates are security updates.
To see these additional updates run: apt list --upgradable
Your Ubuntu release is not supported anymore.
For upgrade information, please visit:
http://www.ubuntu.com/releaseendoflife
New release '20.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
kewrunner@ubuntu2:~$ exit
logout
Connection to 192.168.0.5 closed.
kewrunner@XVXWYXZW:~$ ssh kewrunner@192.168.0.9
Welcome to Ubuntu 19.10 (GNU/Linux 5.3.0-64-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
251 updates can be installed immediately.
170 of these updates are security updates.
To see these additional updates run: apt list --upgradable
Your Ubuntu release is not supported anymore.
For upgrade information, please visit:
http://www.ubuntu.com/releaseendoflife
New release '20.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
kewrunner@ubuntu3:~$ exit
Wait…theres a thing about the version I loaded…it didnt include dockers 🙂
Good thing we did this.