I’ve been playing around with an Ubuntu 10.10 64-bit server vm for the past couple days. My previous post ended with me unable to ssh into the vm. Today, I read a post on serverfault that got me thinking about trying to ping the vm. For whatever reason, I might have more success with that than ssh.
The post also mentioned turning off the firewall, which seems like a logical step, though I’ve been paranoid for so long, I’m uncomfortable doing so, even on a vm. Nevertheless, I turned off the firewall: sudo ufw disable
Restarted the vm: sudo shutdown -r now
Ran ifconfig to confirm that the ip hadn’t changed: ifconfig
But it had. It was now something like 0.0.0.255, which looked off. It didn’t seem like something I could ssh into. When I was hacking around the other day, I had tried configuring the vm to use a bridged network. I now switched back to the default NAT setting: Virtual Machine > settings > Network > Share the Mac’s network connection
I restarted the machine, and ran ifconfig again. Now it was back to an ip that looked more familiar:
… inet addr:172.16.83.133 …
From my Mac, I tried pinging the vm: ping 172.16.83.133
To my surprise, it responded. Amazing. I tried ssh’ing in and was rejected with
ssh: connect to host 172.16.83.133 port 22: Connection refused.
Then I remembered I had set the ssh port to 2222, and tried again:
ssh email@example.com -p 2222
Success! Amazing again. Then I went overboard and turned the firewall back on, sudo ufw enable, and restarted, but it still worked(!). I checked the status of the firewall just to make sure I wasn’t delusional: sudo ufw status
Status: active To Action From -- ------ ---- 2222 ALLOW Anywhere 22 ALLOW Anywhere 80/tcp ALLOW Anywhere
This is madness, but it’s working, so I’m not complaining.
To wrap up the ssh piece, I want to configure ssh to use a public key instead of a password. I’ll follow the SSH/OpenSSH keys tutorial on the Ubuntu wiki.
I created a new ssh key, ssh-keygen -t rsa, and save it in a file called ~/.ssh/erik_rsa.
Then I copied the key to the vm:
scp -P 2222 ~/.ssh/erik_rsa.pub firstname.lastname@example.org:.ssh/authorized_keys
Ideally (for me), the vm would now just automagically prefer public key authentication. I gave it a shot and immediately tried ssh’ing into the vm, but it still prompted me for a password. Oh well.
I edited the sshd_config file to uncomment the line AuthorizedKeysFile %h/.ssh/authorized_keys and set PasswordAuthentication to “no”, and then restarted sshd: sudo /etc/init.d/ssh restart
I exited the vm, and tried ssh’ing in again, this time specifying the location of my shiny new ssh key: ssh email@example.com -p 2222 -i ~/.ssh/erik_rsa
Wow. It worked. I’m always astounded when things like this actually work. Mac prompted me to enter my passphrase, and then I was in.
Now that I can ssh and I have a firewall, it’s time to move on to the next step of the security wiki … hmm … well, before I dive into denyhosts and fail2ban, I think I’ll play around with the real reason I wanted to get an OS up and running, to install node.js.