Lab 1 - Unix, the Shell, OSS

1. Create ssh key

Run the following command, and accept prompts in order to create an ssh keypair:

ssh-keygen -t rsa -b 4096 Note: it's good practice to protect your ssh-keys with strong passwords, to protect against attackers who might briefly use...or completely steal...your computer.

ssh-keygen will create files id_rsa and id_rsa.pub inside the .ssh directory. View the file with cat or less later when viewing them to copy into a browser.

~ $ ls .ssh/
id_rsa id_rsa.pub

You can rename these files, but keep the public-private distinction, and make sure the base name matches (some tools expect this). Running ssh-keygen -t rsa -b 2048 instead is OK too.

Note: 1024-bit RSA keys are considered too short nowadays. They are not yet broken, but have no margin for safety. DSA and its cousin ECDSA are considered secure, but have some secondary security risks. I make it a policy not to use them, though I’ll likely never be bitten by corner cases. New implementations of ssh include new algorithms.

2. VPS hosting provider

Enrolled students will have a Virtual Private Server (VPS) hosted on Amazon Web Services (AWS) provided for them.

Auditing users may wish to acquire a VPS from Amazon, Google, or Digital Ocean. Free service credits for AWS and DigitalOcean may be claimed at education.github.com/pack after creating/logging in to a GitHub account and associating it with a ‘.edu’ email address.

However, a VPS may not be required for the first few weeks of class, as many of the labs can be completed on our login server, tsunami, reachable at tsunami.ocf.berkeley.edu with the ssh command-line utility, or in a browser via the web-shell interface we provide at ssh.ocf.berkeley.edu.

Fun facts: We configure DNS so that tsunami and ssh are both valid names for our public login server, by resolving to the same IP address. dig [host] to see more.

3. Set up ssh key & login

• Set up ssh key / password
  • All command-line (e.g. from the OCF to VPS or your computer’s shell to OCF or VPS, hereafter [target]).
    1. Copy your public key, id_rsa.pub from where you created it to the server you want to have accept the key for authentication.
       • scp .ssh/id_rsa.pub [target]:
         • read man scp, the command uses [host]:[path]format, e.g. ssh.ocf.io:~/.ssh/mbp_id.pub
    2. Login to the target machine
       • ssh infamous@ssh.ocf.io
    3. Add your public key to the authorized keys file - cat id_rsa.pub >> .ssh/authorized_keys 4. Test it - ssh infamous@ssh.ocf.io should not ask for a password. - Extra: try ssh -v to see debug information
  • With web interface
    1. cat > public_key
    2. Copy/Paste key from local to remote terminal
    3. ^D - Control - D - EOF/End-of-File character.
    4. Proceed from step 2 of All command line.
  • The ssh-copy-id utility performs the same setup.
    • Linux, Windows with Ubuntu users: it’s available from your package manager. apt install ssh-copy-id
    • macOS users: homebrew will also allow you to install it with 1 command, brew install ssh-copy-id

4. Send feedback email

• Email feedback and cool findings
  • lab1@decal.ocf.berkeley.edu⧸⧸
  • trouble encountered
  • favorite things learned from reading man pages