Lab Hack: Ubuntu openssh-server and passwordless authentication

While setting up the lab for a docker swarm training module I decided to spin up a few vms in Virtual Box. Found a great automation guide on how to run unattended installation for Ubuntu 16.04 by Ernestas Narmontas, the downsize is the host which I am working on is a. a workstation b. nearly out of space to handle some of the tutorial steps and c. I just want to get the lab working quickly so that I can get to the fun docker swarm modules.

Here are some quick hack reminders for next installation. I went with the “minimal installation” and once it finished the installation ran a few manual things.

Install openssh-server

sudo apt install openssh-server

Start openssh server

sudo systemctl start ssh

Open up firewall port

sudo ufw allow ssh

Enable it to start after reboot

sudo systemctl enable ssh 

Now with ssh working lets get the authorized keys created and pushed around. The virtual machines are ubuntu1 (192.168.0.6), ubuntu2 (192.168.0.5) & ubuntu3 (192.168.0.9) and the jump workstation is XVXWYZW

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/kewrunner/.ssh/id_rsa): 
/home/kewrunner/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/kewrunner/.ssh/id_rsa
Your public key has been saved in /home/kewrunner/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:OQYBKCXBdt7LhOJ7NZkjsljksklljSDFSlHF5d2FKm6T3k3E kewrunner@XVXWYXZW
The key's randomart image is:
+---[RSA 3072]----+
|+o.....  ..      |
|.+..   .         |
|..o o ..   o o   |
| . + o ...+ = .  |
|. . =.+oSo * o E |
| .   X+B..o o +  |
|  . oo+ *    +   |
| . ..  + o    .  |
|  .  .. o    ++  |
+----[SHA256]-----+

then make ssh directory, repeat the process to each of the vms

 ssh kewrunner@192.168.0.5 mkdir -p .ssh
 ssh kewrunner@192.168.0.6 mkdir -p .ssh
 ssh kewrunner@192.168.0.9 mkdir -p .ssh

now exchange my authorized public keys

cat .ssh/id_rsa.pub | ssh kewrunner@192.168.0.5 'cat >> .ssh/authorized_keys'
cat .ssh/id_rsa.pub | ssh kewrunner@192.168.0.6 'cat >> .ssh/authorized_keys'
cat .ssh/id_rsa.pub | ssh kewrunner@192.168.0.9 'cat >> .ssh/authorized_keys'

last step, adjust the permissions to be more restrictive

 ssh kewrunner@192.168.0.5 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
 ssh kewrunner@192.168.0.6 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
 ssh kewrunner@192.168.0.9 "chmod 700 .ssh; chmod 640 .ssh/authorized_keys"

Thats it, now you can test it out and get started with the dockers modules.

kewrunner@XVXWYXZW:~$ ssh kewrunner@192.168.0.5
Welcome to Ubuntu 19.10 (GNU/Linux 5.3.0-64-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage


255 updates can be installed immediately.
170 of these updates are security updates.
To see these additional updates run: apt list --upgradable

Your Ubuntu release is not supported anymore.
For upgrade information, please visit:
http://www.ubuntu.com/releaseendoflife

New release '20.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.

kewrunner@ubuntu2:~$ exit
logout
Connection to 192.168.0.5 closed.


kewrunner@XVXWYXZW:~$ ssh kewrunner@192.168.0.9
Welcome to Ubuntu 19.10 (GNU/Linux 5.3.0-64-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage


251 updates can be installed immediately.
170 of these updates are security updates.
To see these additional updates run: apt list --upgradable

Your Ubuntu release is not supported anymore.
For upgrade information, please visit:
http://www.ubuntu.com/releaseendoflife

New release '20.04.1 LTS' available.
Run 'do-release-upgrade' to upgrade to it.

kewrunner@ubuntu3:~$ exit

Wait…theres a thing about the version I loaded…it didnt include dockers 🙂

Good thing we did this.

RELATED POST

Veritas Volume Manager: Growing a disk group and expand the filesystem

Validated by Mr Man! Lets start off on node2 [root@node02 ~]# vxdisk list DEVICE TYPE DISK GROUP STATUS sda auto:none…

Virtual Machine Manager: Error starting domain

Starting up the KVM error occurred Error starting domain: Requested operation is not valid: network 'default' is not active Locate…

Lab Hack: Raspberry Pi running VMWare ESXi

As strange as the title sounds, yes I am running VMWare ESXi on a Raspberry Pi 4 Model B (4GB)…

docker: run ubuntu interactively

Lets get the output of top from ubuntu container $ sudo docker container run -it ubuntu top $ sudo docker…