CSCI345 - Linux System Administration


Link to resource on GitHub

Lab 2

Goals

  • Create your account
  • Create a separate grader account
  • Should not be done adding a new key to your GCP instance
  • Add SSH key to grader account
  • Install updates
  • Install packages
    • vim, curl, git, fortune, man, Nginx
  • Configure Nginx

Create your virtual machine/accounts

Create an instance on GCP with Ubuntu 24.04.1

SSH Keys

For GCP cloud SSH access not through the web interface you'll need to generate a public/private key pair.

Generate keys

So first you need to generate a public/private key pair on your system that you will want to SSH into your VM from. For macOS/Linux OS this is reasonably simple in the terminal:

bash $ ssh-keygen -t rsa -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/Users/bcdixon/.ssh/id_rsa): Created directory '/Users/bcdixon/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /Users/bcdixon/.ssh/id_rsa Your public key has been saved in /Users/bcdixon/.ssh/id_rsa.pub The key fingerprint is: SHA256:r9lNfugmvOpcQ0M5ZjiECk3eaXoehHJcvGJW+W93PWI bcdixon@S59671 The key's randomart image is: +---[RSA 4096]----+ | o...o. | | .o.+=o . . | | ..=o=oo * | | o=+. .= . | | o..o S.o . | | o . oo..E...| | . o+.oo. .| | . =o=o . | | .*.o=+. | +----[SHA256]-----+

Where we use the ssh-keygen utility to generate a RSA type public/private key pair, with 4096 bits. You could use more bits for higher security, I usually use 8192 bits, but conventional logic is 4096 is still extremely secure for now. I would recommend just going with the defaults (hit enter) for all the prompts. A passphrase may be problematic when we get to scripting/automating using this key potentially in the future.

If you are on Windows you can generate keys in Putty, use WSL2 to provide linux features, or other methods. Here's a guide from Oracle for doing it in Putty: https://docs.oracle.com/en/cloud/paas/event-hub-cloud/admin-guide/generate-ssh-key-pair-using-puttygen.html

Generate Additional Keys (optional)

You may want to consider other more secure keys to generate as well such as:

  • ed25519 - elliptic curve cryptography based public/private key pair
  • id_ecdsa_sk or ed25519-sk - elliptic curve based keys with FIDO enhancement
    • ECDSA type key is acceptable here since requires FIDO as well, but on its own isn't recommended since hinges on your machine's "randomness"
    • Requires a security key like a Yubikey as will require user interaction/presence to secondarily sign the key.

Not sure if any of these are feasible on Windows.

Create Grader Account

Create a grader account so I can login and test that everything is configured correctly. The account should have the following details:

  • username: grader
  • password: grader

Add Grading SSH key to Grader Account

You'll need to manually edit the grader authorized keyfile, so switch to the grader user and edit the following file:

bash $ vim ~/.ssh/authorized_keys

You won't be able to save unless the hidden .ssh folder exists.

Add the following public key:

bash ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCyy9AM+D+EjIaXoE3XTMyBgFjiwEZBkbRmwHf0oetUXyl6sbOY3qihiN6eQLQCN4/y/AB1cjs+rcIgbhsLsfBlJheqRuv6flaS24ycI9vNA72oKKIw2F/CPgIbr0FkfsjIziSix4e8bC6BAHQxo5PfCNLlGQHQumBFB749QByv25wLRqh7dyY4cuMwszmTzhEzWSSIdqOqDYwOVGuIWWd+f5crpem38fZnP3FR2GGMcnOwjlPnxHj/3JH3Gt9eEY6eLITrlGG6/jxEz3awjulZhJbIs6h9U++b4f772LPRG4hZz3ygBnMo0rqSYJB1hGiFqxLvI6HMrcg9eyOKa8yGxp+s2vToQHRLdN/ORV6lBM+L1C8NkyMsS2zd64kU93CAPV5up45j3S9o4IeHeck1SeU6htTEPzFxlSN1L/R89TivhvTIZRuNclBuJsk9r/FPClqOI7sxjMworXYtSv/UYkHqiGzt646evIBZHJZ4bXgkkO7bmg4kL/+TuKmRgdWfRkO/WsjY4YuHlfC8YMCqhEgb1q4ksv/+PDkiVm4kp6Zu96bB6ZENnMOTFuHx/TYLSXmedQF1Q54mFCX+7+zYiwQuJazdRly/yy5yf9lBS5C7AmRckqcM8zQ7xjWrG7UsU0Pgu2PyrV5T5XDlczjAZgqIrraWtqiSl+2t/8eqSPO395OMK0gakGYPFfvBd/8E+Jqwq/8glU8WHSzAmlpnAy41jHasYj/JjWVrfKaTB1s2TVnIbTHFC91xDHl5L3WNIHzgizVB5nbga8rjJAw+F804ZAIy8hOimYZjIHJcmdHjco+W/NGMHvvnKNdWvyOMCocq6sxW5Tbsje+BfPALDo58pUkyU26xEz9gm9imgTFEtviA2cbTtWSTeSFT6j5QSM3Z7AQvdruvExJusR+jLpwwVT3INxUOFEKhzYiRr1sVliKRB0vHWkksoX42DULYrndvUVDYKLD3FtzzF7K3V/rB2dWXyeTyKJY1OPgeqZXz2Kke9ILR0EOpoNXyXaTeW+U0k/ofjfcRQ8Oio9cREIt9+pmQARcI1uDuointhLDnCeBotSwIC3NifoHmVQWCXBZqhrsWa3V0z+TOgZr/eH6RimsILVVl4gkiaJ1+daw+gfPIlNO5IORsR3C8ECaLSEWuS+GeGYjDXNOK5Jcj5EQoADpWYaIUJcBmyreAajnlhbeImryLiMMd5DrlQxJPJWi02ZSbPYS/Z2k3gZLQndhDXtXX1qsWLPh1RdtvO4x5nveP3X9+gjnHt98aYHR98tFmXLUBPzGLX1MInUL2ARzCQTTS/PXKTeemjYe81rT3mrwVU4MM9o9GyGOe9IuRkL5hL0+kv9MT/MmWhN7D bcdixon@inginious

You can your key as well on a second line.

Packages/Updates

Updates

Make sure the first thing you do when you get on the machine is install any and all updates to make sure your computer is as current and up to date as possible at the start.

Packages

Once you've updated the machine, next install the following packages:

  • vim
  • nano
  • emacs
  • curl
  • wget
  • git
  • fortune
  • man
  • nginx

Configure NGINX

The final goal is to configure NGINX to do the following:

  • display CINS345 instead of the default NGINX is installed message

Submitting Assignment

Submit the IP of your VM instance to https://inginious.csuchico.edu for the Lab 2 submission.

Alternative Submission Method

If something goes wrong with the inginious submission method, can come see me during office hours or during a lab session to have your assignment graded.

Loading...