- Manual server management
- ➟ Hetzner cloud administration GUI
-
Sign up at https://accounts.hetzner.com/signUp.
Note
ID card may be required, but no payment.
-
Activate 2-factor authentication!
-
Confirm your newly created account at your Moodle course.
-
Upon confirmation by your lecturer a Hetzner project space e.g. »g01« corresponding to your Moodle group number should be visible after login.
Creating a server requires a firewall.
|
|
|
|
Upon hitting »Create and buy« you'll receive an E-Mail containing
your server's IP and root password. You may reset root's password in
the GUI's rescue tab.
$ ssh root@95.216.187.60 The authenticity of host '95.216.187.60 (95.216.187.60)' can't be established. ED25519 key fingerprint is SHA256:vpV7B+l9RLQ+SwTMqtkk7YbICBhyhi2OP780+WVEFMY. This key is not known by any other names. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '95.216.187.60' (ED25519) to the list of known hosts. root@95.216.187.60's password: You are required to change your password immediately (administrator enforced). ... The list of available updates is more than a week old. To check for new updates run: sudo apt update Changing password for root. Current password: New password: Retype new password:
-
In your cloud project select your server
-
Hit the >_ symbol in the upper right left of the actions button.
-
Login using your emailed credentials.
Tip
You may copy text into the console by disabling GUI-mode and re-enabling it subsequently.
- Manual server management
- ➟ Using ssh
- ➟ Public / private key pair
- ➟ Using ssh
-
Password based logins being notoriously prone to attacks.
Solution: Use public/private key based ssh login.
-
No updates: Software state of a most likely outdated installation image.
id_ed25519 |
-----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW QyNTUxOQAAACDZrjJrxfC/gCHcAhu6CROIxAps/tP8hNsNgM1RgyTL0wAAAKiPQ5vcj0Ob 3AAAAAtzc2gtZWQyNTUxOQAAACDZrjJrxfC/gCHcAhu6CROIxAps/tP8hNsNgM1RgyTL0w AAAECjW290zPFjh2srRIloZdaO49cs7hgQ7A7lmG8Z+SVDjdmuMmvF8L+AIdwCG7oJE4jE Cmz+0/yE2w2AzVGDJMvTAAAAImdvaWtAbWFydGluLXBjLWRhY2hib2Rlbi5mcml0ei5ib3 gBAgM= -----END OPENSSH PRIVATE KEY----- |
| (private key) | |
id_ed25519.pub |
ssh-ed25519 AAAAC3NzaC1 ... Cmz+0/yE2w2AzVGDJMvT goik@hdm-stuttgart.de |
| (public key) |
|
A good passphrase should have at least 15, preferably 20 characters and be difficult to guess. It should contain upper case letters, lower case letters, digits, and preferably at least one punctuation character. No part of it should be derivable from personal information about the user or his/her family. |
$ ssh-keygen -a 256 -t ed25519 ❶ -C "$(hostname)-$(date +'%d-%m-%Y')" Generating public/private ed25519 key pair. Enter file in which to save the key (/home/foo/.ssh/id_ed25519): Created directory '/home/foo/.ssh'. Enter passphrase (empty for no passphrase): ❷ Enter same passphrase again: Your identification has been saved in /home/foo/.ssh/id_ed25519 ❸ Your public key has been saved in /home/foo/.ssh/id_ed25519.pub ❹ ...
~/.ssh$ cd ~/.ssh /home/foo/.ssh cat id_ed25519.pub >> authorized_keys ❶ mistudent@w10m:~/.ssh$ ls -al drwxr-xr-x 2 student mi 0 Okt 17 17:45 . drwxr-xr-x 32 student mi 0 Okt 17 17:44 .. -rw-r--r-- 1 student mi 396 Okt 17 17:45 authorized_keys ❷ -rw------- 1 student mi 1675 Okt 17 17:38 id_ed25519 ❸ -rw-r--r-- 1 student mi 396 Okt 17 17:38 id_ed25519.pub ❹
goik@martin-hdm-desktop:~$ scp .ssh/id_ed25519.pub root@37.27.32.138:/tmp ❶ root@37.27.32.138's password: id_ed25519.pub 100% 103 3.7KB/s 00:00 goik@martin-hdm-desktop:~$ ssh root@37.27.32.138 ❷ root@37.27.32.138's password: ... root@debian-4gb-hel1-2:~# cat /tmp/id_ed25519.pub >> ~/.ssh/authorized_keys ❸ root@debian-4gb-hel1-2:~# exit ❹ goik@martin-hdm-desktop:~$ ssh root@37.27.32.138 ❺ ... Last login: Tue Apr 8 13:38:42 2025 from 141.62.31.244
Caution
This is about $$$ MONEY $$$
-
Delete your server including the IPv4 address and its volume: All three are being billed on a per hour basis.
-
You may optionally delete your firewall.
>ssh root@learn.mi.hdm-stuttgart.de Enter passphrase for key '/home/goik/.ssh/id_ed25519': root@learn:~# exit logout Connection to learn.mi.hdm-stuttgart.de closed. >ssh root@klausur.mi.hdm-stuttgart.de Enter passphrase for key '/home/goik/.ssh/id_ed25519': root@klausur:~# exit logout Connection to klausur.mi.hdm-stuttgart.de closed.
-
Install ssh-agent or related on your system: Passphrase will be cached per session.
-
Optional: Connect your password manager to the agent.
Example: KeepassXC SSH Agent integration.
>printenv |grep SSH_AUTH_SOCK SSH_AUTH_SOCK=/run/user/21100/keyring/ssh >ps aux|grep ssh-agent goik 6671 ... /usr/bin/ssh-agent -D -a /run/user/21100/keyring/.ssh >ls -al /run/user/21100/keyring/ssh srwxr-xr-x. 1 goik goik 0 Apr 12 09:58 /run/user/21100/keyring/ssh
Note: The “s” in
srwxr-xr-x indicates a
domain socket.
- Manual server management
- ➟ Using ssh
- ➟ Agent forwarding
- ➟ Using ssh
goik@local> ssh root@learn.mi.hdm-stuttgart.de Linux learn 6.5.13-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.5.13-1 (2024-02-05T13:50Z) x86_64 ... root@learn:~# ssh klausur.mi.hdm-stuttgart.de root@klausur.mi.hdm-stuttgart.de: Permission denied (publickey).
-
Copy private key
~/.ssh/id_ed25519to intermediate host (and re-enter passphrase there). -
Enable agent forwarding.
Note
Agent authentication socket on originating client host required.
# File ~/.ssh/config goik@local ... Host learn.mi.hdm-stuttgart.de ForwardAgent yes # Forward ssh agent # to remote host. ... |
goik@local> ssh root@learn.mi.hdm-stuttgart.de Linux learn 6.5.13-1-pve #1 SMP ... ... root@learn:~# root@learn:~# ssh klausur.mi.hdm-stuttgart.de Linux klausur 6.8.8-4-pve #1 SMP ... ... root@klausur:~# |
- Manual server management
- ➟ Using ssh
- ➟ Port forwarding
- ➟ Using ssh
# Implicit for ssh-L localhost:2000:localhost:3306 ... # ssh -L 2000:localhost:3306 HostB # Mysql DB Server
# Originating host # $ telnet localhost:2000 Trying ::1... Connected to localhost. Escape character is '^]'. DHost '127.0.0.1' is not allowed to connect to this MariaDB server
- Manual server management
- ➟ Using ssh
- ➟ X11 forwarding
- ➟ Using ssh
- Manual server management
- ➟ Prerequisites
Bash Guide for Beginners
-
Vim Introduction and Tutorial
The definitive guide, also available at SafariOnline
-
Public/private keys, pass phrases
-
Trusted hosts
-
Port forwarding
-
X11 forwarding
-
ssh agent
- Manual server management
- ➟ Ubuntu /
Debian Package management
- ➟ Prerequisites
- ➟ Ubuntu /
Debian Package management
-
Debian package management introduction and reference.
-
15 Practical Examples of “dpkg commands” for Debian Based Distros
-
Sample:
firefox_75.0-2_amd64.deb -
Archive containing:
-
Files
-
Pre- and post installation scripts
-
trigger
-
-
Query installed, install / update from file system and purge packages, i.e.:
> dpkg -i skypeforlinux-64.deb
> dpkg -l apt* Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/... +++-======================-=====================... ii apt 2.0.2 amd64... ii apt-config-icons 0.12.10-2 all un apt-config-icons-hidpi <none> <none> un apt-doc <none> <none> un apt-listbugs <none> <none> ...
-
Low level package management
-
Dependency unaware
|
#> apt update ❶ Hit:1 http://security.debian.org buster/updates InRelease ... 4 packages can be upgraded #> apt upgrade ❷ ... The following packages will be upgraded: libldap-2.4-2 libldap-common libssl1.1 openssl ... Get:1 http://security.debian.org buster/updates/main ... Get:2 http://security.debian.org buster/updates/main ... |
Problems:
-
“Not available here”
-
Version outdated
-
Needing “bleeding edge” version