Moving to new machine binti

From Anarchaserver
Revision as of 09:37, 23 February 2020 by Spideralex (talk | contribs)

February 2020: Documentation installation new machine in new server

Anoia > Anna (US) Moving to Binti > Ursula (SE)

Binti as the main character of a science fiction novella written by Nnedi Okorafor (2015). https://en.wikipedia.org/wiki/Binti_(novel)

We have setup a virtual server (KVM) on our host server for you:

 Host server:    ursula.tachanka.org
 Virtual server: binti.tachanka.org
 Storage:        120G
 Memory:         4096M
 CPU:            2

Network configuration for your virtual server: IP: 198.167.222.149/32 (we did not put 32 cause was not accepted, only 198.167.222.149) Gateway: 198.167.222.1 Host name: binti DNS Server: 9.9.9.10 Domain name: anarchaserver.org

 ssh binti@ursula.tachanka.org

The SSH host key fingerprints there are:

 SHA256:rSBy7PUW9liNDBl/zjx52DG3nq+a3i4TsiiE5gAnfuE (ECDSA)
 SHA256:9XglwKf0gPHffnhKlgDRLWTB6EuMBAaplBKxhK86JPE (ED25519)
 SHA256:w7P41LnClVfHf9Te2y3fDkc8YhDO5nSmfdYLtPrIfFs (RSA)
 

Steps to do:

Install Debian Stable

Set up full disk encryption in your virtual machine during the installation, and keep encrypted backups of the passphrase as well as backups of any important data, as we do not keep backups of your data by default.

Add ssh keys inside binti

Next steps:

Install and configure some security things : ssh server iptable + ufw fail2ban things like chkrootkit rkhunter etckeeper ? configure an everyday mail report sent to sysadmins ? Install and configure some softwares on the host : apache2 LXC

Reinstall AS by testing current back up system > shutting donw anoia and passing it over to tachanka

Documentation:

   Add new tech documentation
   Reframe current wiki page: https://alexandria.anarchaserver.org/index.php/Machine

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ b01 : yes, I could add the keys in/au /home/binti/.sshthorized_keys I can connect to the server with ssh binti@ursula.tachanka.org

Once connected with ssh binti@ursula.tachanka.org it is possible to reach the installation screen with :

   screen -x

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Installation of debian stable

Network configuration for your virtual server: IP: 198.167.222.149/32 (we did not put 32 cause was not accepted, only 198.167.222.149) Gateway: 198.167.222.1 Host name: binti DNS Server: 9.9.9.10 Domain name: anarchaserver.org

B01 creates a new password for root in binti > 40 characters and will share with sysadmin over GPG

A user Anarcha is created for non administrative tasks inside the server > b01 creates a new password > 40 characters and will share with sysadmin over GPG

Setting up full disk encryption in Binti during the installation - create a swap of 8 GB ? Pass phrase is created for encryption > b01 creates a new password > 40 characters and will share with sysadmin over GPG

We answer yes to be part of the debian package survey

Grub created and located in /dev/vda/

We could decrypt and log in binti with passwords created

basic sshd_config same as previous :

   PasswordAuthentication no
   X11Forwarding no
   # Subsystem     sftp    /usr/lib/openssh/sftp-server

NOT added to the new config, was in the previous : Match group sftponly

   PasswordAuthentication yes
   ChrootDirectory /var/www
   X11Forwarding no
   AllowTcpForwarding no
   ForceCommand internal-sftp

Match Group sysadminunite

   PasswordAuthentication no

Folder ssh keys of AS sysadmin added inside binti Process: Created users for all syadmin, add each at sudo group and added related SSH key (the one used for anoia) so you can access the server, from there you can decide to keep old key or to generate a new one for binti as described here https://alexandria.anarchaserver.org/index.php/Access_server

To do: Sysadmin test if can access ssh binti@ursula.tachanka.org (level 0) --> martu can access B01 creates users for all sysadmin of AS inside binti (level 1), and put their SSH key in /home/$user/.ssh/authorised_key B01 send each to each gaba, anamhoo, martu, mara, dulzet, maxigas, 0000 their credentials (change your password) Test if you can access binti B01 share new passwords for Binti admin/root accounts New meeting for working on next steps detailed above < Mid march? cause all stuff of next weeks going on, if other sysadmin of AS want to join before, just inform on the list