I’ve been playing around with an Ubuntu 10.10 64-bit server vm for the past couple days. My previous post ended with me unable to ssh into the vm. Today, I read a post on serverfault that got me thinking about trying to ping the vm. For whatever reason, I might have more success with that than ssh.

The post also mentioned turning off the firewall, which seems like a logical step, though I’ve been paranoid for so long, I’m uncomfortable doing so, even on a vm. Nevertheless, I turned off the firewall: sudo ufw disable

Restarted the vm: sudo shutdown -r now

Ran ifconfig to confirm that the ip hadn’t changed: ifconfig

But it had. It was now something like 0.0.0.255, which looked off. It didn’t seem like something I could ssh into. When I was hacking around the other day, I had tried configuring the vm to use a bridged network. I now switched back to the default NAT setting: Virtual Machine > settings > Network > Share the Mac’s network connection

I restarted the machine, and ran ifconfig again. Now it was back to an ip that looked more familiar:
… inet addr:172.16.83.133 …

From my Mac, I tried pinging the vm: ping 172.16.83.133

To my surprise, it responded. Amazing. I tried ssh’ing in and was rejected with
ssh: connect to host 172.16.83.133 port 22: Connection refused.

Then I remembered I had set the ssh port to 2222, and tried again:
ssh erik@172.16.83.133 -p 2222

Success! Amazing again. Then I went overboard and turned the firewall back on, sudo ufw enable, and restarted, but it still worked(!). I checked the status of the firewall just to make sure I wasn’t delusional: sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
2222                       ALLOW       Anywhere
22                          ALLOW        Anywhere
80/tcp                     ALLOW       Anywhere

This is madness, but it’s working, so I’m not complaining.

To wrap up the ssh piece, I want to configure ssh to use a public key instead of a password. I’ll follow the SSH/OpenSSH keys tutorial on the Ubuntu wiki.

I created a new ssh key, ssh-keygen -t rsa, and save it in a file called ~/.ssh/erik_rsa.

Then I copied the key to the vm:
scp -P 2222 ~/.ssh/erik_rsa.pub erik@172.16.83.133:.ssh/authorized_keys

Ideally (for me), the vm would now just automagically prefer public key authentication. I gave it a shot and immediately tried ssh’ing into the vm, but it still prompted me for a password. Oh well.

I edited the sshd_config file to uncomment the line AuthorizedKeysFile %h/.ssh/authorized_keys and set PasswordAuthentication to “no”, and then restarted sshd: sudo /etc/init.d/ssh restart

I exited the vm, and tried ssh’ing in again, this time specifying the location of my shiny new ssh key: ssh erik@172.16.83.133 -p 2222 -i ~/.ssh/erik_rsa

Wow. It worked. I’m always astounded when things like this actually work. Mac prompted me to enter my passphrase, and then I was in.

Now that I can ssh and I have a firewall, it’s time to move on to the next step of the security wiki … hmm … well, before I dive into denyhosts and fail2ban, I think I’ll play around with the real reason I wanted to get an OS up and running, to install node.js.