XPUB HUB Node: Sandbox: Difference between revisions
Andre Castro (talk | contribs) |
Andre Castro (talk | contribs) m (Andre Castro moved page XPUB Sandbox to XPUB HUB Node: Sandbox) |
(No difference)
|
Revision as of 12:30, 20 April 2020
The Sandbox is Raspberry Pi used as a UNIX playground/prototyping platform available to all students.
- location: Xpub Studio
- HUB IP: 10.0.0.11
- Public URL https://hub.xpub.nl/sandbox/
- users public_html https://hub.xpub.nl/sandbox/~username/
- Disk space: total: 59G Used: 4.5G Free: 52G (April 2020)
- Webserver: apache2
- Tinc service files:
- /etc/systemd/system/tinc@hub.service
- dependent on /etc/systemd/system/tinc.service
- it is part of the Tinc HUB network
New users
Account creation
When adding new user account it, they should:
- be added to the sudo group
- have a ~/public_html under the group publicweb
- ~/ under the group publicweb
- be given a default password which they are requested to change
The following script will take care of those steps:
#!/bin/sh
u=$1
# create user account
adduser $u
# add user to grops sudo publicweb
adduser $u sudo
adduser $u publicweb
# create ~/.ssh/authorized_keys
mkdir /home/$u/.ssh/
touch /home/$u/.ssh/authorized_keys
# create public_html dir
mkdir /home/$u/public_html
# make user and group of ~/
chown $u:$u /home/$u -R
# change group of user dir to publicweb
chown $u:publicweb /home/$u
# give permissions rwxr-x--x others need to be x for apache transversing
chmod 751 /home/$u
# just allow read permission and traversal for the group, no write to public_html dir
chmod 750 /home/$u/public_html
# make the files created under public_html belong to publicweb group
chmod g+s /home/$u/public_html
# change group of public_html to publicweb
chgrp publicweb /home/$u/public_html
ssh access
SSH from outside the HRO network is done via the Tinc Hub network
To allow ssh access:
New users will need to:
- generate a ssh key pair (if don't yet have one)
- ensure the key is generate with ed25519 algorithm, instead of the default rsa
ssh-keygen -t ed25519
- ensure the key is generate with ed25519 algorithm, instead of the default rsa
- add public key to user's ~/.ssh/authorized_keys
- create/add to their laptops ~/.ssh/config
Host hub.sandbox User USERNAME Hostname 10.0.0.11 ProxyJump USERNAME@xpub.nl:2501 Identityfile ~/.ssh/id_rsa Serveraliveinterval 30
Send gnd, for the user(s) (try doing send for all new users in 1 single email), asking him to allow access of user+key to Sandbox IP
- username on the Sandbox
- user's ssh public key
- Sandbox Pi IP within Hub: 10.0.0.11
After receiving OK from gnd
- ask users to try to login with:
ssh hub.sandbox
- if unsuccessful try to debug
ssh hub.sandbox -vv
- recheck if user public key in both laptop and sandbox ~/.ssh/authorized_keys matches
- that their USERNAME is the same on laptop's ~/.ssh/config and in the sandbox
- if still unsuccessful ask for help! (usually from gnd)
- if unsuccessful try to debug
current users
For sanitary reasons graduated students' and past guests' accounts should be deleted.
User list from April 2020
username | role | year |
---|---|---|
andre | tutor | |
anna | student | 2019-2021 |
avital | student | 2019-2021 |
anna | student | 2019-2021 |
claranoseda | student | 2019-2021 |
damlanur | student | 2019-2021 |
ezn (Mika) | student | 2019-2021 |
ioanatomici | student | 2019-2021 |
markvandenheuvel | student | 2019-2021 |
max | student | 2019-2021 |
sandra | student | 2019-2021 |
tisaneza | student | 2019-2021 |
biyiwen | student | 2018-2020 |
bootje | student | 2018-2020 |
estragon (Artemis) | student | 2018-2020 |
outis (Tancredi) | student | 2018-2020 |
palomagarcia | student | 2018-2020 |
psc (Pedro) | student | 2018-2020 |
ritagraca | student | 2018-2020 |
saibura (Simon) | student | 2018-2020 |
mmurtaugh | tutor | |
gnd | sysadmin | |
dickreckard (Martino) | guest(SI12) | |
implicant_04 (Femke) | tutor |