Initial setup of a Debian AMI instance

From techdocs
Revision as of 10:40, 20 Haziran 2022 by Plinich (talk | contribs) (Created page with "== Initial connection must be as user "admin" == # <code># ssh -l admin -A <IP address></code>. This step will [usually] require the SSH user has access to the AWS-known SSH keys (<code>*.pem</code>) allocated to the VM when it was created. E.g., <code>Amazon-CSE-key.pem</code> (Sydney) or <code>Amazon-CSE-SNG-key.pem</code> (Singapore). These keys are instantiated in the VM's <code>authorized_keys</code> file when it is created but may be overwritten with CSE's own key...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Initial connection must be as user "admin"

  1. # ssh -l admin -A <IP address>. This step will [usually] require the SSH user has access to the AWS-known SSH keys (*.pem) allocated to the VM when it was created. E.g., Amazon-CSE-key.pem (Sydney) or Amazon-CSE-SNG-key.pem (Singapore). These keys are instantiated in the VM's authorized_keys file when it is created but may be overwritten with CSE's own keys during configuration (by cfengine).
  2. # sudo -s

Disable syntax highlighting in vi (personal preference)

# echo "syntax off" > /root/.vimrc

Enable direct root login

Standard is that administrators have to log in as “admin” via SSH first and then use sudo to get root privileges. However, when/if we configure the automounter for /home this breaks the “admin” account which has its home there.

Solution? Enable direct root login and remove the “admin” account:

  1. Edit /root/.ssh/authorized_keys and remove everything before “ssh-rsa” on the first/only line
  2. Logout and log back in as “root” to test
  3. Use userdel -r admin to get rid of the “admin” account

    (You can ignore the warning: userdel: admin mail spool (/var/mail/admin) not found)

Boot configuration

  1. As root:
  2. Append
    • “consoleblank=0 ipv6.disable=1 audit=0 selinux=0 net.ifnames=0 biosdevname=0” (Buster)
    • “ipv6.disable=1 audit=0 selinux=0 net.ifnames=0 biosdevname=0” (Bullseye)

      to GRUB_CMDLINE_LINUX in /etc/default/grub

  3. Run grub-mkconfig -o /boot/grub/grub.cfg

Timezone configuration (example)

As root:

  1. Run ln -sf /usr/share/zoneinfo/Australia/Sydney /etc/localtime
  2. Check time synchronisation and zone with: timedatectl

For hosts on a site host subnetwork (yours probably is!)

  1. Run touch /etc/cloud/cloud-init.disabled to prevent cloud initialisation running and, particularly, interfere with the start of sshd
  2. Add supersede routers +0.0.1.5; to /etc/dhcp/dhclient.conf after the main body (it will be 10.197.85.5 for Sydney and 10.197.89.5 for Singapore)
  3. Reboot

Install updates and maybe reboot

  1. apt-get update
  2. apt-get upgrade
  3. Reboot, depending on updated packages
Retrieved from ‘https://techdocs.cseunsw.tech/mediawiki/index.php?title=Initial_setup_of_a_Debian_AMI_instance&oldid=80