Hetzner cloud administration GUI -

Hetzner cloud administration GUI

Figure 970. Create and publish a Hetzner account

Sign up at https://accounts.hetzner.com/signUp using an account name of your choice.
Optionally: Activate 2-factor authentication.
You may validate your account by ID card or similar. No payment required!
Publish your Hetzner account's username (e.g. the registration e-mail ) to your SDI course's group at https://learn.mi.hdm-stuttgart.de.
Upon confirmation by your lecturer a personal Hetzner project space sdi_gxy (e.g. sdi_g01 corresponding to group 1) should be accessible after login.

exercise No. 3

Your first server

Access https://www.hetzner.com in your browser of choice.
Hit Login / Cloud button and log in.
Enter your dedicated cloud space resulting from Figure 970, “Create and publish a Hetzner account ”.
In the “Servers” tab hit “Add Server”.
Select:
- Location: Nuremberg.
- Image: Latest Debian.
- Type: Shared vCPU / CX22 / x86 / Intel/AMD (the cheapest 😁).
- SSH Keys: Omit for the time being.
- Leave all but the last “Name” option and provide a suitable name of your choice.
- You should see a price tag of about ~10€/month. Hit “Create & Buy now”.
Select your generated server and hit “Rescue” and then “Reset Root Password”. Confirm and copy the generated password.

Note

You may have to repeat this step. Occasionally a password reset only works on second attempt.
Open a console window hitting the “>_” symbol at the upper right. Enter “root”, hit return, then paste the previously generated password. Hit return again. You should see a “#” prompt indicating successful login.

You most likely suffer from a keyboard mismatch: Keys like /, * and others do not work as expected. First try finding the “-” symbol which might be tied to the “ß” on a German keyboard. Keep in mind “z” and “y” keys are probably swapped as well. For overcoming these obstacles enter:

dpkg-reconfigure keyboard-configuration
service keyboard-setup restart

Set the following options:

Keyboard model: Generic 105-key PC, hit “tab” to confirm.

Package configuration

┌──────────┤ Configuring keyboard-configuration ├───────────┐
│ Please select the model of the keyboard of this machine.  │
│                                                           │
│ Keyboard model:                                           │
│                                                           │
│     Cherry CyMotion Expert                             ↑  │
│     Cherry CyMotion Master Linux                       ▒  │
│     Cherry CyMotion Master XPress                      ▒  │
...             ...                                        ...
│     Generic 104-key PC with L-shaped Enter key         ▒  │
│     Generic 105-key PC                                 ▒  │
│     Generic 86-key PC                                  ↓  │
│                                                           │
│                                                           │
│              <Ok>                  <Cancel>               │
│                                                           │
└───────────────────────────────────────────────────────────┘

Keyboard layout: Scroll down to “Other”, confirm, then scroll to German. Confirm again.

┌─────────────────┤ Configuring keyboard-configuration ├──────────────────┐
│ Please select the layout matching the keyboard for this machine.        │
│                                                                         │
│ Keyboard layout:                                                        │
│                                                                         │
│     English (US)                                                        │
│     English (US) - Cherokee                                             │
...                                                                      ...
│     English (US) - Serbo-Croatian (US)                                  │
│     Other                                                               │
│                                                                         │
│                                                                         │
│                   <Ok>                       <Cancel>                   │
│                                                                         │
└─────────────────────────────────────────────────────────────────────────┘

Select “German” and confirm.

┌───────┤ Configuring keyboard-configuration ├─────┐
│ The layout of keyboards varies per country, with │
│ some countries having multiple common layouts.   │
│ Please select the country of origin for the      │
│ keyboard of this computer.                       │
│                                                  │
│                                                  │
│ Country of origin for the keyboard:              │
│                                                  │
│   French (Democratic Republic of the Congo)     ↑│
│   French (Togo)                                 ▒│
│   Georgian                                      ▒│
│   German                                        ▒│
│   German (Austria)                              ▒│
│   German (Switzerland)                          ▒│
...                                               ...
│                                                  │
│                                                  │
│   <Ok>                           <Cancel>        │
│                                                  │
└──────────────────────────────────────────────────┘

Select “German” on the very top again and confirm.

┌──────────────┤ Configuring keyboard-configuration ├───────────────┐
│ Please select the layout matching the keyboard for this machine.  │
│                                                                   │
│ Keyboard layout:                                                  │
│                                                                   │
│  German                                                           │
│  German - Turkish (Germany)                                       │
...                                                                ...
│  Other                                                            │
│                                                                   │
│                                                                   │
│    <Ok>                     <Cancel>                              │
│                                                                   │
└───────────────────────────────────────────────────────────────────┘

Key to function as AltGr: Confirm default.

┌──────────────────┤ Configuring keyboard-configuration ├─────────────────────────────┐
│ With some keyboard layouts, AltGr is a modifier key used to input some characters,  │
│ primarily ones that are unusual for the  language of the keyboard layout, such as   │
│ foreign currency symbols and accented letters. These are often printed as an        │
│ extrasymbol on keys.                                                                │
|                                                                                     |
│ Key to function as AltGr:                                                           │
│                                                                                     │
│   The default for the keyboard layout                                               │
│   No AltGr key                                                                      │
│   Right Alt (AltGr)                                                                 │
│   Right Control                                                                     │
│   Right Logo key                                                                    │
│   Menu key                                                                          │
│   Left Alt                                                                          │
│   Left Logo key                                                                     │
│   Keypad Enter key                                                                  │
│   Both Logo keys                                                                    │
│   Both Alt keys                                                                     │
│                                                                                     │
│                                                                                     │
│  <Ok>                         <Cancel>                                              │
│                                                                                     │
└─────────────────────────────────────────────────────────────────────────────────────┘

Compose key: Confirm default.

┌────────────────────────┤ Configuring keyboard-configuration ├────────────────────────┐
│ The Compose key (known also as Multi_key) causes the computer to interpret the next  │
│ few keystrokes as a combination in order to produce a character not found on the     |
| keyboard.                                                                            |
│                                                                                      |
│                                                                                      │
│ On the text console the Compose key does not work in Unicode mode. If not in Unicode │
│ mode, regardless of what you choose here, you can always also use the Control+period │
│ combination as a Compose key.                                                        │
|                                                                                      |
│ Compose key:                                                                         │
│                                                                                      │
│             No compose key                                                           │
│             Right Alt (AltGr)                                                        │
│             Right Logo key                                                           │
│             Menu key                                                                 │
│             Left Logo key                                                            │
│             Caps Lock                                                                │
│                                                                                      │
│                                                                                      │
│        <Ok>                              <Cancel>                                    │
│                                                                                      │
└──────────────────────────────────────────────────────────────────────────────────────┘

Restart keyboard service:
```
service keyboard-setup restart
```
Your keyboard should now work as expected.

ping your server and access it by ssh / password login rather than just using the Hetzner GUI console.
Congrats: Your first server is up and running. Do whatever else you feel so inclined.
Finally delete your server avoiding 10€ / month being billed to our department!

(You may re-create it any time you like.)

Figure 971. Current server security flaws

No updates, just (likely) outdated installation image
Password based logins being notoriously prone to attacks.

Solution: Use public/private key based ssh login.
There is no firewall yet restricting network access. Insecurely configured supplementary software components e.g. database servers may lead to disaster.

Two choices:
- Cloud provider level centralized firewall.
- Host local firewall, e.g. Ufw.

Figure 972. Preliminary: Create an ssh key pair

sdiuser@martin-pc-dachboden:~$ ssh-keygen -t ed25519 ❶
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/sdiuser/.ssh/id_ed25519): 
Created directory '/home/sdiuser/.ssh'.
Enter passphrase (empty for no passphrase): ❷
Enter same passphrase again: 
Your identification has been saved in /home/sdiuser/.ssh/id_ed25519 ❸
Your public key has been saved in /home/sdiuser/.ssh/id_ed25519.pub ❹

❶	Create an elliptic rather than default RSA type key.
❷	Security aware folks will choose a decent passphrase protecting the private key being generated.
❸	The generated private key.
❹	The generated public key. Note Different implementations like e.g. putty may use different key storage formats being incompatible with Openssh implementations. You require a conversion step.

exercise No. 4

Improve your server's security!

Re-create your Your first server server solving (some of) its security flaws.

Create a firewall using the Hetzner GUI accepting just the two default ssh and ICMP inbound access rules.
Transfer your public ssh key to your Hetzner account marking it as “default”.
Select both your newly created firewall and your ssh key during server creation. The subsequent examples assumes a 167.235.54.109 server IP.

Try to ping your server:

$ ping 167.235.54.109
PING 167.235.54.109 (167.235.54.109) 56(84) bytes of data.
64 bytes from 167.235.54.109: icmp_seq=1 ttl=54 time=13.2 ms
64 bytes from 167.235.54.109: icmp_seq=2 ttl=54 time=12.3 ms
^C
--- 167.235.54.109 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 12.325/12.749/13.173/0.424 ms

ssh passwordless access should work:

$ ssh root@167.235.54.109
Linux gtest3 6.1.0-21-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.90-1 (2024-05-03) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Jun  4 08:15:42 2024 from 217.245.243.187

root@gtest3:~# hostname
gtest3

Update and reboot your server:

# apt update && apt upgrade
Get:1 http://mirror.hetzner.com/debian/packages bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian bookworm InRelease [151 kB]                                                        
Get:3 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB] 
...

Install the nginx webserver:

# apt install nginx
Reading package lists... Done
Building dependency tree... Done
...
Do you want to continue? [Y/n] y
Get:1 http://deb.debian.org/debian bookworm/main amd64 nginx-common all 1.22.1-9 [112 kB]
Get:2 http://deb.debian.org/debian bookworm/main amd64 nginx amd64 1.22.1-9 [527 kB]
...
Processing triggers for man-db (2.11.2-2) ...

Check for the running process:

# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; preset: enabled)
     Active: active (running) since Tue 2024-06-04 08:24:57 UTC; 1min 31s ago
       Docs: man:nginx(8)
    Process: 1558 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 1559 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 1582 (nginx)
      Tasks: 2 (limit: 2251)
     Memory: 1.8M
        CPU: 22ms
     CGroup: /system.slice/nginx.service
             ├─1582 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
             └─1583 "nginx: worker process"

Use wget for locally accessing http://167.235.54.109 verifying HTTP (port 80) accessibility from your host machine:

# wget -O - http://167.235.54.109
--2024-06-04 09:02:41--  http://167.235.54.109/
Connecting to 167.235.54.109:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 615 [text/html]
Saving to: ‘STDOUT’

<html>
<head>
<title>Welcome to nginx!</title>
            ...
<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Try external access using http://167.235.54.109 again in your browser of choice.

Why does external access fail although local access works?
Modify your firewall adding an inbound HTTP traffic rule and repeat accessing http://167.235.54.109 in your browser.

Figure 973. Cleaning up!

Caution

This is about $$$ MONEY $$$

Delete your server including the IPv4 address.
You may optionally delete your firewall.

Prev	Up	Next
Cloud provider	Home	Working with Terraform

Cloud provider