Hetzner cloud administration GUI -

Hetzner cloud administration GUI

Figure 971. Create and publish a Hetzner account

Sign up at https://accounts.hetzner.com/signUp optionally activating 2-factor authentication. ID card may be required, but no payment
Publish your Hetzner account's username (e.g. the registration e-mail ) to your SDI course's group at https://learn.mi.hdm-stuttgart.de.
Upon confirmation by your lecturer a Hetzner project space e.g. g01 corresponding to your group should be accessible after login.

exercise No. 3

Your first server

Access https://www.hetzner.com in your browser of choice.
Hit Login / Cloud button and log in.
Enter your dedicated cloud space resulting from Figure 971, “Create and publish a Hetzner account ”.
In the “Servers” tab hit “Add Server”.
Select:
- Location: Falkenstein.
- Image: Latest Debian.
- Type: Shared vCPU / CX22 / x86 / Intel/AMD (the cheapest 😁).
- SSH Keys
  - You may omit these for the time being just logging in by username and password. Or:
  - Selecting a public ssh key here requires prior GUI configuration in your project at the Security --> SSH Keys tab.
- Leave all but the last “Name” option and provide a suitable name of your choice.
- You should see a price tag of about ~4€/month (as of 2024). Hit “Create & Buy now”.
Select your generated server and hit “Rescue” and then “Reset Root Password”. Confirm and copy the generated password.

Note

You may have to repeat this step. Occasionally a password reset only works on second attempt.
Open a console window hitting the “>_” symbol at the upper right. Enter “root” for login, hit return, then paste the previously generated password. Hit return again. You should see a “#” prompt indicating successful login.
Warning
- Your keyboard may not yet being recognized accordingly. In particular the »z« and »y« and other keys may be swapped. If unsure either choose a pure ASCII password or test it by misusing the login name.
- Your distribution's login username may differ: On Debian systems it frequently is debian rather than root.

For overcoming keyboard issues enter:

dpkg-reconfigure keyboard-configuration
service keyboard-setup restart

Set the following options:

Keyboard model: Generic 105-key PC, hit “tab” to confirm.

Package configuration

┌──────────┤ Configuring keyboard-configuration ├───────────┐
│ Please select the model of the keyboard of this machine.  │
│                                                           │
│ Keyboard model:                                           │
│                                                           │
│     Cherry CyMotion Expert                             ↑  │
│     Cherry CyMotion Master Linux                       ▒  │
│     Cherry CyMotion Master XPress                      ▒  │
...             ...                                        ...
│     Generic 104-key PC with L-shaped Enter key         ▒  │
│     Generic 105-key PC                                 ▒  │
│     Generic 86-key PC                                  ↓  │
│                                                           │
│                                                           │
│              <Ok>                  <Cancel>               │
│                                                           │
└───────────────────────────────────────────────────────────┘

Keyboard layout: Scroll down to “Other”, confirm, then scroll to German. Confirm again.

┌─────────────────┤ Configuring keyboard-configuration ├──────────────────┐
│ Please select the layout matching the keyboard for this machine.        │
│                                                                         │
│ Keyboard layout:                                                        │
│                                                                         │
│     English (US)                                                        │
│     English (US) - Cherokee                                             │
...                                                                      ...
│     English (US) - Serbo-Croatian (US)                                  │
│     Other                                                               │
│                                                                         │
│                                                                         │
│                   <Ok>                       <Cancel>                   │
│                                                                         │
└─────────────────────────────────────────────────────────────────────────┘

Select “German” and confirm.

┌───────┤ Configuring keyboard-configuration ├─────┐
│ The layout of keyboards varies per country, with │
│ some countries having multiple common layouts.   │
│ Please select the country of origin for the      │
│ keyboard of this computer.                       │
│                                                  │
│                                                  │
│ Country of origin for the keyboard:              │
│                                                  │
│   French (Democratic Republic of the Congo)     ↑│
│   French (Togo)                                 ▒│
│   Georgian                                      ▒│
│   German                                        ▒│
│   German (Austria)                              ▒│
│   German (Switzerland)                          ▒│
...                                               ...
│                                                  │
│                                                  │
│   <Ok>                           <Cancel>        │
│                                                  │
└──────────────────────────────────────────────────┘

Select “German” on the very top again and confirm.

┌──────────────┤ Configuring keyboard-configuration ├───────────────┐
│ Please select the layout matching the keyboard for this machine.  │
│                                                                   │
│ Keyboard layout:                                                  │
│                                                                   │
│  German                                                           │
│  German - Turkish (Germany)                                       │
...                                                                ...
│  Other                                                            │
│                                                                   │
│                                                                   │
│    <Ok>                     <Cancel>                              │
│                                                                   │
└───────────────────────────────────────────────────────────────────┘

Key to function as AltGr: Confirm default.

┌──────────────────┤ Configuring keyboard-configuration ├─────────────────────────────┐
│ With some keyboard layouts, AltGr is a modifier key used to input some characters,  │
│ primarily ones that are unusual for the  language of the keyboard layout, such as   │
│ foreign currency symbols and accented letters. These are often printed as an        │
│ extrasymbol on keys.                                                                │
|                                                                                     |
│ Key to function as AltGr:                                                           │
│                                                                                     │
│   The default for the keyboard layout                                               │
│   No AltGr key                                                                      │
│   Right Alt (AltGr)                                                                 │
│   Right Control                                                                     │
│   Right Logo key                                                                    │
│   Menu key                                                                          │
│   Left Alt                                                                          │
│   Left Logo key                                                                     │
│   Keypad Enter key                                                                  │
│   Both Logo keys                                                                    │
│   Both Alt keys                                                                     │
│                                                                                     │
│                                                                                     │
│  <Ok>                         <Cancel>                                              │
│                                                                                     │
└─────────────────────────────────────────────────────────────────────────────────────┘

Compose key: Confirm default.

┌────────────────────────┤ Configuring keyboard-configuration ├────────────────────────┐
│ The Compose key (known also as Multi_key) causes the computer to interpret the next  │
│ few keystrokes as a combination in order to produce a character not found on the     |
| keyboard.                                                                            |
│                                                                                      |
│                                                                                      │
│ On the text console the Compose key does not work in Unicode mode. If not in Unicode │
│ mode, regardless of what you choose here, you can always also use the Control+period │
│ combination as a Compose key.                                                        │
|                                                                                      |
│ Compose key:                                                                         │
│                                                                                      │
│             No compose key                                                           │
│             Right Alt (AltGr)                                                        │
│             Right Logo key                                                           │
│             Menu key                                                                 │
│             Left Logo key                                                            │
│             Caps Lock                                                                │
│                                                                                      │
│                                                                                      │
│        <Ok>                              <Cancel>                                    │
│                                                                                      │
└──────────────────────────────────────────────────────────────────────────────────────┘

Restart keyboard service:
```
service keyboard-setup restart
```
Unfortunately your keyboard may still not work until a full reboot.

ping your server. You may have to adjust your project's default firewall rules allowing ICMP echo requests.

Access your server by ssh based either on your private ssh key or password login rather than just using the Hetzner GUI console e.g:
```
ssh debian@xxx.yyy.zzz.aaa
```
Becoming root then typically requires sudo su -.
Congrats: Your first server is up and running. Experiment whatever you feel so inclined.
Finally delete your server avoiding ~4€ / month being billed to our department!

(You may re-create it any time you like.)

Figure 972. Current server security flaws

No updates, just (likely) outdated installation image
Password based logins being notoriously prone to attacks.

Solution: Use public/private key based ssh login.
There is no firewall yet restricting network access. Insecurely configured supplementary software components e.g. database servers may lead to disaster.

Two choices:
- Cloud provider level centralized firewall.
- Host local firewall, e.g. Ufw.

Figure 973. Preliminary: Create an ssh key pair

sdiuser@martin-pc-dachboden:~$ ssh-keygen -t ed25519 ❶
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/sdiuser/.ssh/id_ed25519): 
Created directory '/home/sdiuser/.ssh'.
Enter passphrase (empty for no passphrase): ❷
Enter same passphrase again: 
Your identification has been saved in /home/sdiuser/.ssh/id_ed25519 ❸
Your public key has been saved in /home/sdiuser/.ssh/id_ed25519.pub ❹

❶	Create an elliptic rather than default RSA type key.
❷	Security aware folks will choose a decent passphrase protecting the private key being generated.
❸	The generated private key.
❹	The generated public key. Note Different implementations like e.g. putty may use different key storage formats being incompatible with Openssh implementations. You require a conversion step.

exercise No. 4

Improve your server's security!

Re-create your Your first server server solving (some of) its security flaws.

Create a firewall using the Hetzner GUI accepting just the two default ssh and ICMP inbound access rules.
Transfer your public ssh key to your Hetzner account marking it as “default”.
Select both your newly created firewall and your ssh key during server creation. The subsequent examples assumes a 167.235.54.109 server IP.

Try to ping your server:

$ ping 167.235.54.109
PING 167.235.54.109 (167.235.54.109) 56(84) bytes of data.
64 bytes from 167.235.54.109: icmp_seq=1 ttl=54 time=13.2 ms
64 bytes from 167.235.54.109: icmp_seq=2 ttl=54 time=12.3 ms
^C
--- 167.235.54.109 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 12.325/12.749/13.173/0.424 ms

ssh passwordless access should work:

$ ssh root@167.235.54.109
Linux gtest3 6.1.0-21-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Jun  4 08:15:42 2024 from 217.245.243.187

root@gtest3:~# hostname
gtest3

Update and reboot your server:

# apt update && apt upgrade
Get:1 http://mirror.hetzner.com/debian/packages bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm InRelease [151 kB]                                                        
Get:3 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB] 
...

Install the nginx webserver:

# apt install nginx
Reading package lists... Done
Building dependency tree... Done
...
Do you want to continue? [Y/n] y
Get:1 http://deb.debian.org/debian bookworm/main amd64 nginx-common all 1.22.1-9 [112 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 nginx amd64 1.22.1-9 [527 kB]
...
Processing triggers for man-db (2.11.2-2) ...

Check for the running process:

# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; preset: enabled)
     Active: active (running) since Tue 2024-06-04 08:24:57 UTC; 1min 31s ago
       Docs: man:nginx(8)
    Process: 1558 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 1559 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 1582 (nginx)
      Tasks: 2 (limit: 2251)
     Memory: 1.8M
        CPU: 22ms
     CGroup: /system.slice/nginx.service
             ├─1582 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
             └─1583 "nginx: worker process"

Use wget for locally accessing http://167.235.54.109 verifying HTTP (port 80) accessibility from your host machine:

# wget -O - http://167.235.54.109
--2024-06-04 09:02:41--  http://167.235.54.109/
Connecting to 167.235.54.109:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 615 [text/html]
Saving to: ‘STDOUT’

<html>
<head>
<title>Welcome to nginx!</title>
            ...
<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Try external access using http://167.235.54.109 again in your browser of choice.

Why does external access fail although local access works?
Modify your firewall adding an inbound HTTP traffic rule and try again accessing http://167.235.54.109 in your browser.

Figure 974. Cleaning up!

Caution

This is about $$$ MONEY $$$

Delete your server including the IPv4 address.
You may optionally delete your firewall.

Prev	Up	Next
Cloud provider	Home	SDI exercises related DNS server

Cloud provider