3. Change the root password, and the ubuntu password:
root@deploymentmachine:~# passwd root
New password: <new root password>
Retype new password: <new root password>
passwd: password updated successfully
root@deploymentmachine:~#
root@deploymentmachine:~# passwd ubuntu
New password: <new ubuntu password>
Retype new password: <new ubuntu password>
passwd: password updated successfully
Once again, SSH keys...
Now that we have updated our system, it is time to generate a pair of ssh keys on this particular machine. This time, we will be doing the whole process, step by step, since it will be pretty useful in the future:
1. Generate the SSH keys by running "ssh-keygen":
root@deploymentmachine:~# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:asdasdasdascasc
The key's randomart image is:
+---[RSA 3072]----+
|=o.=E. |
|+ =+=. |
|.B.O. |
|o X.* . o |
| o X..o S . |
|..o.=. . |
|o .+.. |
|+oooo |
|=+oo.o. |
+----[SHA256]-----+
root@deploymentmachine:~#
root@deploymentmachine:~# ls -ltr /root/.ssh/
total 12
-rw------- 1 root root 738 Jan 24 13:51 authorized_keys
-rw-r--r-- 1 root root 576 Jan 24 14:01 id_rsa.pub
-rw------- 1 root root 2610 Jan 24 14:01 id_rsa
root@deploymentmachine:~#
2. Modify /etc/ssh/sshd_config, and change the following:
#PermitRootLogin prohibit-password
PermitRootLogin yes
#PasswordAuthentication no
PasswordAuthentication yes
3. Restart ssh service
root@deploymentmachine:~# service ssh restart
root@deploymentmachine:~#
4. Test if you can ssh into localhost
From now on, when connecting locally or from a remote instance via ssh, you will provide the password you have setup earlier.
root@deploymentmachine:~/.oci# ssh root@localhost
root@localhost's password: <insert here root password>
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-1029-oracle x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Sun Jan 24 18:41:14 UTC 2021
System load: 0.0 Processes: 139
Usage of /: 4.4% of 44.97GB Users logged in: 2
Memory usage: 37% IPv4 address for ens3: 10.0.0.5
Swap usage: 0%
45 updates can be installed immediately.
15 of these updates are security updates.
To see these additional updates run: apt list --upgradable
Last login: Sun Jan 24 18:39:47 2021 from 127.0.0.1
root@deploymentmachine:~#
Congrats! Your ssh service and keys are working properly!
1. Installing and configuring OCI CLI
Download and run install.sh script:
root@deploymentmachine:~# bash -c "$(curl -L https://raw.githubusercontent.com/oracle/oci-cli/master/scripts/install/install.sh)"
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 16053 100 16053 0 0 84047 0 --:--:-- --:--:-- --:--:-- 84489
******************************************************************************
You have started the OCI CLI Installer in interactive mode. If you do not wish
to run this in interactive mode, please include the --accept-all-defaults option.
If you have the script locally and would like to know more about
input options for this script, then you can run:
./install.sh -h
If you would like to know more about input options for this script, refer to:
https://github.com/oracle/oci-cli/blob/master/scripts/install/README.rst
******************************************************************************
Downloading Oracle Cloud Infrastructure CLI install script from https://raw.githubusercontent.com/oracle/oci-cli/v2.14.4/scripts/install/install.py to /tmp/oci_cli_install_tmp_zyA7.
############################################################################################################################################################################################################ 100.0%
Python not found on system PATH
Running install script.
python3 /tmp/oci_cli_install_tmp_zyA7
-- Verifying Python version.
-- Python version 3.8.5 okay.
===> In what directory would you like to place the install? (leave blank to use '/root/lib/oracle-cli'):
-- Creating directory '/root/lib/oracle-cli'.
-- We will install at '/root/lib/oracle-cli'.
===> In what directory would you like to place the 'oci' executable? (leave blank to use '/root/bin'):
-- Creating directory '/root/bin'.
-- The executable will be in '/root/bin'.
===> In what directory would you like to place the OCI scripts? (leave blank to use '/root/bin/oci-cli-scripts'):
-- Creating directory '/root/bin/oci-cli-scripts'.
-- The scripts will be in '/root/bin/oci-cli-scripts'.
===> Currently supported optional packages are: ['db (will install cx_Oracle)']
What optional CLI packages would you like to be installed (comma separated names; press enter if you don't need any optional packages)?:
-- The optional packages installed will be ''.
-- Executing: ['sudo', 'apt-get', 'update']
Hit:1 https://apt.releases.hashicorp.com focal InRelease
Hit:2 http://security.ubuntu.com/ubuntu focal-security InRelease
[...]
==
Keep pressing enter or provide required details, and choose Y or N when asked to...
2. Configure OCI CLI
[ 2.1 ] Collect the OCID of your Tenancy, Compartment and User.
I suggest you save the following details in a file located on the "deploymentmachine"instance .
[ 2.1.1 ] Tenancy OCID
Go to Oracle Cloud Menu, and from Administration choose Tenancy Details:
.. and copy the Tenancy OCID (as marked with green):
[ 2. 1. 2 ] Compartment OCID (in our case, the root compartment)
Go to Oracle Cloud Menu, and from Identity, choose Compartments
Select the root compartment (as marked with green):
... and copy the OCID
[ 2. 1. 3 ] User OCID
Go to Oracle Cloud Menu, and from Identity, and choose Users:
... and copy the OCID of user with Administrator rights (usually, the one you used to create the account)
In my case, I have saved all these details under a file (ready to be exported as environment variables):
root@deploymentmachine:~# more /home/ubuntu/details.txt
export TENANCY="ocid1.tenancy.oc1..aaaaaasomefaketenancyidinhereaaaaa323423421"
export COMPARTMENT="ocid1.tenancy.oc1..aaaaaasomefakecompartmentidinhereaaaaa323423422"
export USER="ocid1.user.oc1..aaaaaasomefakeuseridinhereaaaaa323423423"
[ 2.2 ] Generate RSA API Keys
[ 2.2.1 ] Create /root/.oci folder Create folder /root/.oci and file oci_api_private_key.pem under /root/.oci/ folder
root@deploymentmachine:~# mkdir -p /root/.oci
root@deploymentmachine:~# cd /root/.oci/
root@deploymentmachine:~/.oci# touch oci_api_private_key.pem
[2.2.2] Generate API RSA private key Generate private RSA key and save it into oci_api_private_key.pem
root@deploymentmachine:~/.oci# openssl genrsa -out ~/.oci/oci_api_private_key.pem 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
...+++++
.................................................+++++
e is 65537 (0x010001)
root@deploymentmachine:~/.oci# ls -ltr
total 8
-rw-r--r-- 1 root root 1679 Jan 24 14:49 oci_api_private_key.pem
root@deploymentmachine:~/.oci#
So far, we have the following files under /root/.oci
root@deploymentmachine:~/.oci# ls -ltr
total 16
-rw-r--r-- 1 root root 1679 Jan 24 14:49 oci_api_private_key.pem
-rw-r--r-- 1 root root 48 Jan 24 14:51 oci_api_key_fingerprint
-rw-r--r-- 1 root root 451 Jan 24 15:10 oci_api_key_public.pem
[2.2.5] Add API RSA public key to OCI User
a) Copy the content of your public key (oci_api_key_public.pem)
b) Under User you have been used for the getting the OCID (Oracle Cloud Menu > Identity > Users), scroll down to "Resources" section and click on "API Keys":
c) Paste the content of oci_api_key_public.pem when choosing "Paste Public Key", and click "Add":
[ 2.3 ] Generate OCI configuration file
Now we are /almost/ ready to run OCI CLI commands... first of all:
[2.3.1]Check version of oci cli tool (notice how oci tool has entire path)
Remember that I have advised you to save the OCID of tenancy, user and compartment. You will need those details for this step
Run command "/root/bin/oci setup config" and provide the required details:
root@deploymentmachine:~/.oci# /root/bin/oci setup config
This command provides a walkthrough of creating a valid CLI config file.
The following links explain where to find the information required by this
script:
User API Signing Key, OCID and Tenancy OCID:
https://docs.cloud.oracle.com/Content/API/Concepts/apisigningkey.htm#Other
Region:
https://docs.cloud.oracle.com/Content/General/Concepts/regions.htm
General config documentation:
https://docs.cloud.oracle.com/Content/API/Concepts/sdkconfig.htm
Enter a location for your config [/root/.oci/config]:
Enter a user OCID: ocid1.user.oc1..aaaaaasomefakeuseridinhereaaaaa323423423
Enter a tenancy OCID: ocid1.tenancy.oc1..aaaaaasomefaketenancyidinhereaaaaa323423421
Enter a region by index or name(e.g.
1: ap-chiyoda-1, 2: ap-chuncheon-1, 3: ap-hyderabad-1, 4: ap-melbourne-1, 5: ap-mumbai-1,
6: ap-osaka-1, 7: ap-seoul-1, 8: ap-sydney-1, 9: ap-tokyo-1, 10: ca-montreal-1,
11: ca-toronto-1, 12: eu-amsterdam-1, 13: eu-frankfurt-1, 14: eu-zurich-1, 15: me-dubai-1,
16: me-jeddah-1, 17: sa-santiago-1, 18: sa-saopaulo-1, 19: uk-cardiff-1, 20: uk-gov-cardiff-1,
21: uk-gov-london-1, 22: uk-london-1, 23: us-ashburn-1, 24: us-gov-ashburn-1, 25: us-gov-chicago-1,
26: us-gov-phoenix-1, 27: us-langley-1, 28: us-luke-1, 29: us-phoenix-1, 30: us-sanjose-1): eu-frankfurt-1
Do you want to generate a new API Signing RSA key pair? (If you decline you will be asked to supply the path to an existing key.) [Y/n]: n
Enter the location of your API Signing private key file: /root/.oci/
Error: No file found at: /root/.oci/
Enter the location of your API Signing private key file: /root/.oci/oci_api_private_key.pem
Fingerprint: x5:x2:xx:xx:xx:31:xx:af:xx:xx:xx:xx:xx:xx:xx:xx
Config written to /root/.oci/config
If you haven't already uploaded your API Signing public key through the
console, follow the instructions on the page linked below in the section
'How to upload the public key':
https://docs.cloud.oracle.com/Content/API/Concepts/apisigningkey.htm#How2
root@deploymentmachine:~/.oci#
[2.3.3] Check if file properly configured:
root@deploymentmachine:~/.oci# ls -ltr /root/.oci/config
-rw------- 1 root root 298 Jan 24 15:16 /root/.oci/config
root@deploymentmachine:~/.oci# cat /root/.oci/config
[...]
