Wiki
Clone wikilinode_jumpbox_config / base_install
part of the linode_jumpbox_config project
Table of Contents
summary
Do a basic, somewhat-secured setup of a linode via any of 3 processes:
- manual: unautomated
- script: manually rebuild your linode, shell into it, then run a normal script
- StackScript: rebuild your linode using a StackScript
Note that all of the above processes (and basically everything on this page) assume that you have already successfully completed the pre-install process.
For definitions of terms special to these instructions, see the project glossary.
manual
Follow steps in linode.com docs=
with one exception: I do not currently disable the root login entirely, though I do disable root login via SSH. This is because I currently don't know how to run some parts of the OpenVPN install merely as sudo: i.e., that install seems (in parts) to require running from su -.
script
minimal_secure_debian-based_linode_config.sh runs on the linode "normally": i.e., not as a StackScript. Accordingly, to run it,
- On your client, complete the pre-script process (not the pre-StackScript process) below.
- From your linode, complete the script base install (not the StackScript base install) below.
pre-script process
From your Linode Dashboard:
Rebuild the linode: follow link= Rebuild. In the resulting page,
- Select OS=Debian (probably latest version available).
- Fill-in your desired root password.
- Take other defaults.
- Hit button= Rebuild (and OK to confirm).
Will take a bit of time (usually less than a minute), returning to status= Powered Off
Boot the linode: hit button= Boot (and OK to confirm). Will take a bit of time (usually less than a minute).
From your client:
Define MYNODE_IPV4 (your linode's IPv4 IP#), preferably by sourceing previously-written private.properties:
source ${PATH_TO_PROJECT}/scripts/private.properties
Reset the local SSH key for your user on the linode:
ssh-keygen -f ${HOME}/.ssh/known_hosts -R ${MYNODE_IPV4}
Copy scripts and dependencies to linode 'rootspace' (usually /root/). The easiest way to do this is scp ${PATH_TO_PROJECT}/scripts/* root@${MYNODE_IPV4}:, but you can also individually copy
your private.properties
dependency=StackScript Bash Library
- original here (but HTML with lots markup)
- local copy here
SSH into linode as root (since you have not yet created a user account):
ssh root@${MYNODE_IPV4}
script base install
From a root shell on your linode:
Run the install script (s/whatever/ your desired password /):
MYNODE_USER_PASSWORD='whatever' /root/minimal_secure_debian-based_linode_config.sh
After the script runs to completion (without error):
- logout (aka Ctrl-D) as root.
Copy scripts and dependencies to your new user's linode homespace, either individually/manually or with
scp ${PATH_TO_PROJECT}/scripts/* ${MYNODE_USER_NAME}@${MYNODE_IPV4}:This will also test that you created your user correctly.
StackScript
Not currently supported: I have a StackScript for this task, but it is currently broken. To fix it, I need to
- add logging-to-file to facilitate debug
- discover either
- how to make the StackScript get .properties from the client
- how to run the StackScript after [creating the base image, copying the properties]
testing
As directed by the script, from your client, verify that
you cannot now SSH in as user=root
you can now SSH in as the user you created, with key and without challenge, e.g.:
ssh ${MYNODE_USER_NAME}@${MYNODE_IPV4}
your sudo iptables -L output
- resembles this output of mine
- resembles the listing at this linode doc
- ... and your ability to sudo tests that you set your user password correctly.
your desired packages (esp for your editor) are installed
Updated