XPUB HUB Node: Sandbox

From XPUB & Lens-Based wiki

The Sandbox is Raspberry Pi used as a UNIX playground/prototyping platform available to all students.

New users

Account creation

When adding new user account it, they should:

  • be added to the sudo group
  • have a ~/public_html under the group publicweb
  • ~/ under the group publicweb
  • be given a default password which they are requested to change


The following script will take care of those steps:

#!/bin/sh
u=$1
# create user account
adduser $u
# add user to grops sudo publicweb
adduser $u sudo
adduser $u publicweb

# create ~/.ssh/authorized_keys
mkdir /home/$u/.ssh/
touch /home/$u/.ssh/authorized_keys
# create public_html dir
mkdir /home/$u/public_html
# make user and group of ~/ 
chown $u:$u /home/$u -R
# change group of user dir to publicweb
chown $u:publicweb /home/$u
# give permissions rwxr-x--x  others need to be x for apache transversing
chmod 751 /home/$u
# just allow read permission and traversal for the group, no write to public_html dir
chmod 750 /home/$u/public_html
# make the files created under public_html belong to publicweb group         
chmod g+s /home/$u/public_html
# change group of public_html to publicweb
chgrp publicweb /home/$u/public_html

ssh access

SSH from outside the HRO network is done via the Tinc Hub network

To allow ssh access:

New users will need to:

  • generate a ssh key pair (if don't yet have one)
    • ensure the key is generate with ed25519 algorithm, instead of the default rsa ssh-keygen -t ed25519
  • add public key to user's ~/.ssh/authorized_keys
  • create/add to their laptops ~/.ssh/config
Host hub.sandbox
User USERNAME
Hostname 10.0.0.11
ProxyJump USERNAME@xpub.nl:2501
Identityfile ~/.ssh/id_rsa
Serveraliveinterval 30

Adduser to HUB network

IN XVM, as root:

XPUB staff can associate usernames + ssh keys to nodes of XPUB HUB tinc network

if you sudo to root, you will be presented with available commands for root, one of them is 'jumpuser'. you can use it to add new users and to add ips to existing users.

also - you dont need to provide a ssh key for the user once the users exists, unless the user has a new key..

you can also use the script like this:

sudo /root/scripts/jumpuser.sh

You will need:

  • username on the Sandbox
  • user's ssh public key
  • Sandbox Pi IP within Hub: 10.0.0.11

After adding users

  • ask users to try to login with: ssh hub.sandbox
    • if unsuccessful try to debug ssh hub.sandbox -vv
    • recheck if user public key in both laptop and sandbox ~/.ssh/authorized_keys matches
    • that their USERNAME is the same on laptop's ~/.ssh/config and in the sandbox
    • if still unsuccessful ask for help! (usually from gnd)

current users

For sanitary reasons graduated students' and past guests' accounts should be deleted.

User list from April 2020

username role year
andre tutor
anna student 2019-2021
avital student 2019-2021
anna student 2019-2021
claranoseda student 2019-2021
damlanur student 2019-2021
ezn (Mika) student 2019-2021
ioanatomici student 2019-2021
markvandenheuvel student 2019-2021
max student 2019-2021
sandra student 2019-2021
tisaneza student 2019-2021
biyiwen student 2018-2020
bootje student 2018-2020
estragon (Artemis) student 2018-2020
outis (Tancredi) student 2018-2020
palomagarcia student 2018-2020
psc (Pedro) student 2018-2020
ritagraca student 2018-2020
saibura (Simon) student 2018-2020
mmurtaugh tutor
gnd sysadmin
dickreckard (Martino) guest(SI12)
implicant_04 (Femke) tutor