XPUB HUB Node: Sandbox: Difference between revisions
Andre Castro (talk | contribs) m (Andre Castro moved page XPUB Sandbox to XPUB HUB Node: Sandbox) |
No edit summary |
||
(4 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
The Sandbox is Raspberry Pi used as a UNIX playground/prototyping platform available to all students. | The Sandbox is Raspberry Pi used as a UNIX playground/prototyping platform available to all students. | ||
* location: | * location: XPUB Studio | ||
* HUB IP: 10.0.0.11 | * HUB IP: 10.0.0.11 | ||
* Public URL https://hub.xpub.nl/sandbox/ | * Public URL https://hub.xpub.nl/sandbox/ | ||
Line 70: | Line 70: | ||
</pre> | </pre> | ||
===Adduser to HUB network via [[XPUB XVM Jumpuser]]=== | |||
{{:XPUB XVM Jumpuser}} | |||
You will need: | |||
* username on the Sandbox | * username on the Sandbox | ||
* user's ssh public key | * user's ssh public key | ||
* Sandbox Pi IP within [[Hub]]: 10.0.0.11 | * Sandbox Pi IP within [[Hub]]: 10.0.0.11 | ||
'''After | '''After adding users''' | ||
* ask users to try to login with: <code>ssh hub.sandbox</code> | * ask users to try to login with: <code>ssh hub.sandbox</code> | ||
** if unsuccessful try to debug <code>ssh hub.sandbox -vv</code> | ** if unsuccessful try to debug <code>ssh hub.sandbox -vv</code> |
Latest revision as of 16:01, 9 March 2021
The Sandbox is Raspberry Pi used as a UNIX playground/prototyping platform available to all students.
- location: XPUB Studio
- HUB IP: 10.0.0.11
- Public URL https://hub.xpub.nl/sandbox/
- users public_html https://hub.xpub.nl/sandbox/~username/
- Disk space: total: 59G Used: 4.5G Free: 52G (April 2020)
- Webserver: apache2
- Tinc service files:
- /etc/systemd/system/tinc@hub.service
- dependent on /etc/systemd/system/tinc.service
- it is part of the Tinc HUB network
New users
Account creation
When adding new user account it, they should:
- be added to the sudo group
- have a ~/public_html under the group publicweb
- ~/ under the group publicweb
- be given a default password which they are requested to change
The following script will take care of those steps:
#!/bin/sh
u=$1
# create user account
adduser $u
# add user to grops sudo publicweb
adduser $u sudo
adduser $u publicweb
# create ~/.ssh/authorized_keys
mkdir /home/$u/.ssh/
touch /home/$u/.ssh/authorized_keys
# create public_html dir
mkdir /home/$u/public_html
# make user and group of ~/
chown $u:$u /home/$u -R
# change group of user dir to publicweb
chown $u:publicweb /home/$u
# give permissions rwxr-x--x others need to be x for apache transversing
chmod 751 /home/$u
# just allow read permission and traversal for the group, no write to public_html dir
chmod 750 /home/$u/public_html
# make the files created under public_html belong to publicweb group
chmod g+s /home/$u/public_html
# change group of public_html to publicweb
chgrp publicweb /home/$u/public_html
ssh access
SSH from outside the HRO network is done via the Tinc Hub network
To allow ssh access:
New users will need to:
- generate a ssh key pair (if don't yet have one)
- ensure the key is generate with ed25519 algorithm, instead of the default rsa
ssh-keygen -t ed25519
- ensure the key is generate with ed25519 algorithm, instead of the default rsa
- add public key to user's ~/.ssh/authorized_keys
- create/add to their laptops ~/.ssh/config
Host hub.sandbox User USERNAME Hostname 10.0.0.11 ProxyJump USERNAME@xpub.nl:2501 Identityfile ~/.ssh/id_rsa Serveraliveinterval 30
Adduser to HUB network via XPUB XVM Jumpuser
IN XVM, as root:
XPUB staff can associate usernames + ssh keys to nodes of XPUB HUB tinc network
if you sudo to root, you will be presented with available commands for root, one of them is 'jumpuser'. you can use it to add new users and to add ips to existing users.
also - you dont need to provide a ssh key for the user once the users exists, unless the user has a new key..
you can also use the script like this:
sudo /root/scripts/jumpuser.sh
You will need:
- username on the Sandbox
- user's ssh public key
- Sandbox Pi IP within Hub: 10.0.0.11
After adding users
- ask users to try to login with:
ssh hub.sandbox
- if unsuccessful try to debug
ssh hub.sandbox -vv
- recheck if user public key in both laptop and sandbox ~/.ssh/authorized_keys matches
- that their USERNAME is the same on laptop's ~/.ssh/config and in the sandbox
- if still unsuccessful ask for help! (usually from gnd)
- if unsuccessful try to debug
current users
For sanitary reasons graduated students' and past guests' accounts should be deleted.
User list from April 2020
username | role | year |
---|---|---|
andre | tutor | |
anna | student | 2019-2021 |
avital | student | 2019-2021 |
anna | student | 2019-2021 |
claranoseda | student | 2019-2021 |
damlanur | student | 2019-2021 |
ezn (Mika) | student | 2019-2021 |
ioanatomici | student | 2019-2021 |
markvandenheuvel | student | 2019-2021 |
max | student | 2019-2021 |
sandra | student | 2019-2021 |
tisaneza | student | 2019-2021 |
biyiwen | student | 2018-2020 |
bootje | student | 2018-2020 |
estragon (Artemis) | student | 2018-2020 |
outis (Tancredi) | student | 2018-2020 |
palomagarcia | student | 2018-2020 |
psc (Pedro) | student | 2018-2020 |
ritagraca | student | 2018-2020 |
saibura (Simon) | student | 2018-2020 |
mmurtaugh | tutor | |
gnd | sysadmin | |
dickreckard (Martino) | guest(SI12) | |
implicant_04 (Femke) | tutor |