Get Started with Amazon Lightsail

What is Amazon Lightsail?

It’s true. Amazon services make a lot of things easier. One service they offer is called Lightsail and it allows you to create a Virtual Private Server (VPS). For those of you hosting your WordPress site on a typical hosting server that know their way around a Debian server and want more control over the OS, this could be the right solution for you! That’s not all it does, you can build one-click servers such as LAMP, NGINX, Node.js, Plesk, even a Windows SQL server! Let’s get started with Amazon Lightsail!

What Do I Need?

First, you need an Amazon Web Services account. Simply go to Amazon Web Services, click “Create an AWS Account” then follow the prompts. Once you have the AWS account set up you can sign into the console and start to setup your Amazon Lightsail.

Creating an Amazon Lightsail Instance

Once you are Signed in to the Console, use the Search bar at the top to search for “Lightsail” then click on Lightsail. On the Lightsail page, click Create Instance. There are lots of apps you can configure with a single-click install. These will be an OS with the app pre-installed and ready for you to customize and configure. You can also choose to just install on OS if you want.

Access My Instance

You’ll want to configure SSH Keys to access your instance. If you don’t already have a set or if you just want to use specific keys for this instance, just click the Change SSH Keypair button to change and/or create a new set. You can also choose to run a script at install time or enable automatic snapshots on this screen. Although, it should be said that snapshots will cost extra money, that brings us to…

How Much Does This All Cost, Anyways?

The answer to this is, as always… it depends. The size of the instance as well as what kind of instance will change the price. Windows is more expensive than Linux (duh), and the horsepower behind it all drives the cost as well. The least expensive is a Linux based OS that runs a free App, such as the Linux install of WordPress. Choose the smallest instance size (which surprisingly works pretty well) and you get the first month (750 hours) free and it’s $3.50/month after that. Think about what you will be doing and what your goals are before you make the instance.

Additional Information

As you can see, it’s pretty easy to get started with Lightsail, but there is so much more to it that I am not really even scratching the surface here, especially considering that you can tie in other Amazon services when needed or even use the API to manage it. Go check out the official Amazon documentation for lots of great information: Lightsail docs

How To Setup SSH Login Keys

Configuring SSH login keys can make logging into remote servers running easier and more secure. No more entering username and password every time you want to open a new SSH session! We’re going to review how to setup SSH login keys to allow an encrypted keypair to authenticate a user on a laptop or desktop to connect to (or any computer running linux) using SSH. Let’s dive in!

The first task is to create users on both devices, let’s imagine in this scenario someone wants to login to a server from their laptop. The user on the laptop will be laptop_user and the user on the server will be server_user. Imaginative, right?

To prepare the server environment, login to the server and issue the commands:

$ sudo useradd --home /home/laptop_user laptop_user
$ sudo passwd laptop_user 
[Enter the Password]
$ sudo mkdir /home/laptop_user/.ssh
$ touch /home/laptop_user/.ssh/authorized_keys
$ chmod -R 600 /home/laptop_user/.ssh
$ sudo chown -R laptop_user:laptop_user /home/laptop_user/.ssh

This will have made sure the username you want to use is created, the user has a home directory, we know the user’s password, the correct directory structure is created and that directory structure has the correct ownership and permissions set.

Now the big question is: Are you using a Windows laptop or a Linux laptop? The process is, of course, different on each system. I’ll cover Linux systems first, so if you want to skip right down to the Windows laptop instructions that’s fine.

SSH Login Keys using a Linux laptop

Quick Tip: These instructions also work on a linux server, which is nice if you login to them often — or if you are thinking of doing automation and aren’t exactly excited about the idea of leaving credentials in a plaintext script.

Now we have to prepare the laptop:

 

$ sudo useradd --home /home/laptop_user laptop_user
$ sudo passwd laptop_user 
$ sudo mkdir /home/laptop_user/.ssh
$ chmod -R 600 /home/laptop_user/.ssh
$ sudo chown laptop_user:laptop_user /home/laptop_user/.ssh

 

Just like on the server, this will have made sure the user exists, the password is good, and the directory structure and permissions are good.

Now, for this next part on the laptop you can either login as laptop_user or perform the steps as root. I’ll show them performed as laptop_user because that is probably the most common scenario, but if you’re doing them as root the only difference is that at the end you would need to use chown to change the file ownership over to laptop_user just like the last command above did for the ‘.ssh’ directory. The following command will generate a public/private RSA keypair to use for the SSH authentication process.

$ ssh-keygen -t rsa -b 2048 -f /home/laptop_user/.ssh/server_auth_rsa

The ssh-keygen program will prompt for a password, this will password-protect your private key file. Choose a strong password.

Now that we have our RSA keypair, we need to copy the public key to the server. We can accomplish this using Secure Copy (SCP), which copies files using SSH:

 

$ scp /home/laptop_user/.ssh/server_auth_rsa.pub laptop_user@:/home/laptop_user/.ssh/

 

On the server, you copy the contents of the public key into the authorized_keys file:

$ cat /home/laptop_user/.ssh/server_th_rsa.pub >> /home/laptop_user/.ssh/authorized_keys 

 

Now that the public key is on the server and the public/private key pair is on the laptop, all that is left is to launch an ssh connection using the private key for authentication:

$ ssh -i /home/laptop_user/.ssh/server_auth_rsa laptop_user@ 

That’s it! The connection should open without prompting for any username or password!

SSH Login Keys using a Windows laptop

The first thing on the Windows laptop agenda is to download PuTTY and PuTTYgen. PuTTY is our SSH terminal shell program and PuTTYgen is our program to generate the encryption keys necessary to make this work. Go ahead and install PuTTY and it should install PuTTYgen along with it.

Start PuTTYgen, it should come up to a screen that has a button in the middle that says Generate and some options at the bottom. Make sure RSA is selected at the bottom and the text box says 2048, then click the Generate button. Move the mouse around a bunch until the progress bar finishes. There should be a chunk of text that is highlighted in blue inside the text box labeled “Public key for pasting into OpenSSH authorized_keys file”. Copy it. Click the “Save public key” button and select a location on your hard drive. Enter a passphrase in both the Key passphrase and Confirm Key passphrase text boxes and click “Save private key”, choose a location on your hard drive. Leave the PuTTYgen window open.

Start PuTTY. Enter the hostname or IP of the server and press Enter, then login with your username and password. Append the public key to the authorized_keys file using the following command:

$ vi ~/.ssh/authorized_keys

After the vi text editor starts, go to the last line, press o and right-click the mouse to paste in the text from the PuTTYgen window you copied earlier. to save and quit type: :wq

Confirm the file contains the entry using: $ cat ~/.ssh/authorized_keys

Open a new PuTTY Window and enter the hostname or IP of the server, then expand SSH on the left and click Auth. Click Browse and select the private key file.

Now PuTTY will launch without asking for a password!

Top 5 Linux Tools

Having a reliable toolkit can be very useful in making any job easier. Linux is no different, you need a decent toolkit of commands to rely on in order to get the job done. I find myself using these commands often and they are must-haves for any sysadmin’s toolkit!

First and foremost, this one almost goes without saying but you need to be able to get some tools to add to your repertoire. Package management to the rescue! Depending on which distribution you are working on, there are two main package management frameworks. Debian/Ubuntu land uses apt-get and Red Hat and its derivatives such as Oracle Linux and the soon-to-come Rocky Linux (I am omitting CentOS because they are traitors…more on that here ) use yum. Both apt-get and yum are easy to use and look like this: apt-get install [package] and yum install [package].

People say that linux doesn’t have to reboot as much as Windows. Is that true? See for yourself! Uptime lets you see how long your system has been running since the last reboot or shutdown. This one is super easy to use, just open a Terminal and type uptime . This will not only give you the time your system has been up, but as a bonus it gives you the average cpu load!

You will probably need to edit a configuration file at some point to make some changes. Vim is a great text editor that is easy to use(ish) and very powerful. It is terminal based and supports regex for search and replace! The controls can be daunting at first, but getting to know it is well worth it! The biggest hurdle is that it ahs two modes, edit and command. When you first get into vim you are in command mode and you access commands using the colon (:) character. To enter edit mode, you can most commonly use the letter I (insert). To get a feel for the power of the commands, you could use :set number to enable line numbers, then if you wanted to delete a block of lines (say the next 4), you could just move the cursor to the first one and press 4dd (just type them sequentially) this would tell the editor to operate on the current line plus the next 3 and delete the text.

You should probably be starting some service eventually. Or restarting one. This is where systemctl comes in. This one is pretty straight forward. It’s just systemctl restart|start|stop [service] . It’s worth mentioning that is something goes wrong you should check on it using journalctl -xe.

Finally, I will introduce sed. Stream Editor is a powerful tool for manipulating files in bulk using regex. It can be build into a bash script to find/replace/remove/add text to a stream of text such as the contents of a file or any text that is fed to it through Standard Input. There is a lot to go into with this one, so I will not cover it here, but I strongly recommend you look into it and learn to use it if you find yourself configuring text files, it will save you lots of time via scripting automation if you are not already using something like Puppet or Ansible.

What are your Top 5 Linux Tools?

The End of Open Source RHEL?

CentOS has long been the staple of enterprises who want the functionality of Red Hat enterprise Linux (RHEL) without the overhead costs of support. The CentOS operating system allows businesses to have what is essentially a fully compatible, fully stable and up to date version of the RHEL operating system for free. Not anymore!

Here’s what happened: Red Hat, acquired by IBM in October of 2018, had controlled much of the CentOS decisions starting back in 2014. On December 8, 2020, an employee from Red Hat on the CentOS governing board announced that CentOS would be “shifting directions” and will no longer be releasing incremental “point releases” as everyone has been used to and is instead going to be using a rolling release model.

This CentOS Stream rolling release model is not suitable for a stable environment like the old release model was. System Administrators were able to rely on release schedules and know how long each release would be supported and know which versions of which packages would be included in each release. Now, everything is…fluid.

Everyone needing a stable release is running for the exits and looking for a life boat. Luckily, there are a few to choose from. The founder of CentOS, Gregory Kurtzer has started a new project called “Rocky Linux”, but there is no product as of yet. Oracle Linux (OL) has been around since 2006 and is a stable, free of charge release. This would be a very straight-forward move for anyone that wishes to pretend nothing has changed, because the migration method is very easy and it is extremely similar to CentOS.

Of course, some businesses might just bite the bullet and pay for support through Red Hat, but some are taking this as an opportunity to re-think using the RHEL-like systems entirely and are jumping ship to use other operating systems like Debian or its derivative system Ubuntu, or SUSE Linux Enterprise System (SLES). This would be a good opportunity to consider the use cases of all the physical servers to see if the business can realize and savings through cloud services instead of maintaining the servers at all.

What is your response to this announcement by The CentOS Foundation?