XPUB HUB Node: Sandbox: Difference between revisions
Andre Castro (talk | contribs) |
No edit summary |
||
| (8 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
The Sandbox is Raspberry Pi used as a UNIX playground/prototyping platform available to all students. | The Sandbox is Raspberry Pi used as a UNIX playground/prototyping platform available to all students. | ||
* location: | * location: XPUB Studio | ||
* HUB IP: 10.0.0.11 | * HUB IP: 10.0.0.11 | ||
* Public URL https://hub.xpub.nl/sandbox/ | |||
** users public_html https://hub.xpub.nl/sandbox/~username/ | |||
* Disk space: total: 59G Used: 4.5G Free: 52G (April 2020) | * Disk space: total: 59G Used: 4.5G Free: 52G (April 2020) | ||
* it is part of the [[HUB]] network | * Webserver: apache2 | ||
* Tinc service files: | |||
** /etc/systemd/system/tinc@hub.service | |||
** dependent on /etc/systemd/system/tinc.service | |||
* it is part of the Tinc [[HUB]] network | |||
=new users= | =New users= | ||
==Account creation== | |||
When adding new user account it, they should: | |||
* be added to the sudo group | |||
* have a <nowiki>~/public_html</nowiki> under the group publicweb | |||
* <nowiki>~/</nowiki> under the group publicweb | |||
* be given a default password which they are requested to change | |||
The following script will take care of those steps: | |||
<source lang="bash"> | |||
#!/bin/sh | |||
u=$1 | |||
# create user account | |||
adduser $u | |||
# add user to grops sudo publicweb | |||
adduser $u sudo | |||
adduser $u publicweb | |||
# create ~/.ssh/authorized_keys | |||
mkdir /home/$u/.ssh/ | |||
touch /home/$u/.ssh/authorized_keys | |||
# create public_html dir | |||
mkdir /home/$u/public_html | |||
# make user and group of ~/ | |||
chown $u:$u /home/$u -R | |||
# change group of user dir to publicweb | |||
chown $u:publicweb /home/$u | |||
# give permissions rwxr-x--x others need to be x for apache transversing | |||
chmod 751 /home/$u | |||
# just allow read permission and traversal for the group, no write to public_html dir | |||
chmod 750 /home/$u/public_html | |||
# make the files created under public_html belong to publicweb group | |||
chmod g+s /home/$u/public_html | |||
# change group of public_html to publicweb | |||
chgrp publicweb /home/$u/public_html | |||
</source> | |||
==ssh access== | |||
SSH from outside the HRO network is done via the Tinc [[Hub]] network | |||
To allow ssh access: | |||
'''New users will need to:''' | |||
* generate a ssh key pair (if don't yet have one) | |||
** <span style="background:yellow">'''ensure the key is generate with ''ed25519'' algorithm, instead of the default rsa'''</span> <code>ssh-keygen -t ed25519</code> | |||
* add public key to user's <nowiki>~/.ssh/authorized_keys</nowiki> | |||
* create/add to '''their laptops''' ~/.ssh/config | |||
<pre> | |||
Host hub.sandbox | |||
User USERNAME | |||
Hostname 10.0.0.11 | |||
ProxyJump USERNAME@xpub.nl:2501 | |||
Identityfile ~/.ssh/id_rsa | |||
Serveraliveinterval 30 | |||
</pre> | |||
===Adduser to HUB network via [[XPUB XVM Jumpuser]]=== | |||
{{:XPUB XVM Jumpuser}} | |||
You will need: | |||
* username on the Sandbox | |||
* user's ssh public key | |||
* Sandbox Pi IP within [[Hub]]: 10.0.0.11 | |||
'''After adding users''' | |||
* ask users to try to login with: <code>ssh hub.sandbox</code> | |||
** if unsuccessful try to debug <code>ssh hub.sandbox -vv</code> | |||
** recheck if user public key in both laptop and sandbox ~/.ssh/authorized_keys matches | |||
** that their USERNAME is the same on laptop's ~/.ssh/config and in the sandbox | |||
** if still unsuccessful ask for help! (usually from gnd) | |||
=current users= | =current users= | ||
Latest revision as of 16:01, 9 March 2021
The Sandbox is Raspberry Pi used as a UNIX playground/prototyping platform available to all students.
- location: XPUB Studio
- HUB IP: 10.0.0.11
- Public URL https://hub.xpub.nl/sandbox/
- users public_html https://hub.xpub.nl/sandbox/~username/
- Disk space: total: 59G Used: 4.5G Free: 52G (April 2020)
- Webserver: apache2
- Tinc service files:
- /etc/systemd/system/tinc@hub.service
- dependent on /etc/systemd/system/tinc.service
- it is part of the Tinc HUB network
New users
Account creation
When adding new user account it, they should:
- be added to the sudo group
- have a ~/public_html under the group publicweb
- ~/ under the group publicweb
- be given a default password which they are requested to change
The following script will take care of those steps:
#!/bin/sh
u=$1
# create user account
adduser $u
# add user to grops sudo publicweb
adduser $u sudo
adduser $u publicweb
# create ~/.ssh/authorized_keys
mkdir /home/$u/.ssh/
touch /home/$u/.ssh/authorized_keys
# create public_html dir
mkdir /home/$u/public_html
# make user and group of ~/
chown $u:$u /home/$u -R
# change group of user dir to publicweb
chown $u:publicweb /home/$u
# give permissions rwxr-x--x others need to be x for apache transversing
chmod 751 /home/$u
# just allow read permission and traversal for the group, no write to public_html dir
chmod 750 /home/$u/public_html
# make the files created under public_html belong to publicweb group
chmod g+s /home/$u/public_html
# change group of public_html to publicweb
chgrp publicweb /home/$u/public_html
ssh access
SSH from outside the HRO network is done via the Tinc Hub network
To allow ssh access:
New users will need to:
- generate a ssh key pair (if don't yet have one)
- ensure the key is generate with ed25519 algorithm, instead of the default rsa
ssh-keygen -t ed25519
- ensure the key is generate with ed25519 algorithm, instead of the default rsa
- add public key to user's ~/.ssh/authorized_keys
- create/add to their laptops ~/.ssh/config
Host hub.sandbox User USERNAME Hostname 10.0.0.11 ProxyJump USERNAME@xpub.nl:2501 Identityfile ~/.ssh/id_rsa Serveraliveinterval 30
Adduser to HUB network via XPUB XVM Jumpuser
IN XVM, as root:
XPUB staff can associate usernames + ssh keys to nodes of XPUB HUB tinc network
if you sudo to root, you will be presented with available commands for root, one of them is 'jumpuser'. you can use it to add new users and to add ips to existing users.
also - you dont need to provide a ssh key for the user once the users exists, unless the user has a new key..
you can also use the script like this:
sudo /root/scripts/jumpuser.sh
You will need:
- username on the Sandbox
- user's ssh public key
- Sandbox Pi IP within Hub: 10.0.0.11
After adding users
- ask users to try to login with:
ssh hub.sandbox- if unsuccessful try to debug
ssh hub.sandbox -vv - recheck if user public key in both laptop and sandbox ~/.ssh/authorized_keys matches
- that their USERNAME is the same on laptop's ~/.ssh/config and in the sandbox
- if still unsuccessful ask for help! (usually from gnd)
- if unsuccessful try to debug
current users
For sanitary reasons graduated students' and past guests' accounts should be deleted.
User list from April 2020
| username | role | year |
|---|---|---|
| andre | tutor | |
| anna | student | 2019-2021 |
| avital | student | 2019-2021 |
| anna | student | 2019-2021 |
| claranoseda | student | 2019-2021 |
| damlanur | student | 2019-2021 |
| ezn (Mika) | student | 2019-2021 |
| ioanatomici | student | 2019-2021 |
| markvandenheuvel | student | 2019-2021 |
| max | student | 2019-2021 |
| sandra | student | 2019-2021 |
| tisaneza | student | 2019-2021 |
| biyiwen | student | 2018-2020 |
| bootje | student | 2018-2020 |
| estragon (Artemis) | student | 2018-2020 |
| outis (Tancredi) | student | 2018-2020 |
| palomagarcia | student | 2018-2020 |
| psc (Pedro) | student | 2018-2020 |
| ritagraca | student | 2018-2020 |
| saibura (Simon) | student | 2018-2020 |
| mmurtaugh | tutor | |
| gnd | sysadmin | |
| dickreckard (Martino) | guest(SI12) | |
| implicant_04 (Femke) | tutor |