idiot’s guide to linux on amazon ec2 – part 1

Recently I’ve had the opportunity of setting up a Linux instance on Amazon EC2 for use with Ruby on Rails, MySQL, Nginx and Rabbit MQ. I suspect much of what I will document is obvious to many but hopefully some of you may find it useful, especially, if like me, you are totally inexperienced with setting up a Linux server.

As it turns out I’ll probably document this over a couple of posts as it took up a bit more time and space than I first anticipated. In this first part I will cover, logging in as the root user, adding a new user, generating their ssh key, adding the user to the list of sudoers, and finally disabling root login via ssh. I’ll update this article with links to the other parts as I create them (Part 2).

Right, first things first, some background info. Rightly or wrongly we required the server to do more than one thing, hence the list of items to install. So to reduce this number I picked an image with RabbitMQ pre-installed – as setup of this was uncharted territory for me. A consequence of this choice was that it pushed us down the path of Ubuntu and the latest version which is currently 9.10. So let’s get to it.

The goal here is to disable remote root login, and in doing so we need to create a new user, and give him the ability to sudo commands. To do that we first need to login to our new EC2 image – which took me a little time to figure out! This can be done from Windows using putty. However, we must first use puttygen to generate a putty ssh auth key (putty doesn’t understand the key generated by Amazon) from your Amazon keypair which can be found in the AWS Management Console under Key Pairs. Check out this link for further information.

Now on to the real work.

Adding a user and generating their ssh key
Follow the process below to add a new user and generate an ssh key for this user.

  1. Login as root using method described above
  2. Run adduser webuser – where webuser is the name of the user we are adding. Fill in the details including the password of this user.
  3. Type su webuser – to run a shell as this user without logging out
  4. Execute ssh-keygen -t dsa from this users home directory
  5. Rename the file ~/.ssh/id_dsa.pub to ~/.ssh/authorized_keys
  6. Take a copy of the generated private key (should be in ~/.ssh/id_dsa) and copy it to your local machine
  7. Now use puttygen to generate the ssh key from id_dsa
  8. Finally login using putty and the new key – you should only have to specify your username when logging in.

Adding your new user to the list of sudoers
This is a very basic sudoers setup as we are only adding a single sudo user to the /etc/sudoers file. I know you can do way more complicated things with this but what is documented here was sufficient for our needs. So let’s get on with it.

  1. Login as root
  2. Run visudo – this is an editor for the sudoers file to stop multiple people editing the file at the same time
  3. Locate the lines below in the editor

    # User privilege specification
    root ALL=(ALL) ALL

    and change this to

    # User privilege specification
    root ALL=(ALL) ALL
    webuser ALL=(ALL) ALL

  4. If you would like to allow the user to sudo without having to supply a password then you need to add the following line as well:

    webuser ALL=NOPASSWD: ALL

  5. Now save the file and exit – ensure that the changes are saved to /etc/sudoers

Disabling root login

  1. Login as webuser
  2. Run sudo vi /etc/ssh/sshd_config – you can replace vi with another editor if you please, I’ve heard nano might be a little more friendly to windows users!
  3. Find the line PermitRootLogin and change it to:

    PermitRootLogin no

    If I remember correctly in the instance I was using there was more than one line with PermitRootLogin so it may be worth check for this yourself.

  4. As a side note, should you wish to allow login using passwords rather than using a ssh key (this maybe what users familiar with shared hosting are used to) you can enable this by changing the relevant line in sshd_config to:

    PasswordAuthentication yes

  5. Finally, restart sshd by running sudo /etc/init.d/ssh restart

You should now be able to login in using webuser, and sudo commands as webuser that require to be run as root. Additionally, root login from a remote server has also been disabled.

There may be better ways to do the above, but what I’ve documented works. I may also be missing stuff, if so, let me know and I will update this. Well, that’s it for now. Check back soon for Part 2 which will be on it’s way shortly.

Update: idiot’s guide to linux on amazon ec2 – part 2

academics don’t care and industry doesn’t have the time

I’ve been reading some interviews recently (Coders at Work) and one interviewee (I can’t remember who, but I think it was Fran Allen) suggested that in the last 20 years programming languages have not progressed leaps and bounds as they appeared to in the early days. Are they right?

Personally, I think this might be a good call. How different are the currently programming languages from C? OK, today’s popular duo, Java and C#, have garbage collection and thus we don’t have to deal with those troublesome pointers. Then again, both LISP and Smalltalk have had garbage collection for a long long time. C# has lambda expressions, and other higher-level functions, but then again this stuff was around in LISP since day dot. It’s almost as if the “C-style” languages are battling to catch up with things like LISP – which is a language I’ve never used other than for some emacs hacking. However, LISP has been around since 1959, so why has it taken so long for people to realise that many of its features are incredibly useful? Have we been held back by the fact that most academics don’t really care too much about this kind of stuff, and so don’t push it, and industry is too busy telling us something needs to be done last week?

First, I know that there are academics who do care about this stuff but I don’t think there are enough. And by virtue of being an academic, they are not exposed to many of the problems that are faced by your every-day software developer, and as such, maybe they don’t see the future so well. Thus is it up to industry to innovate at this level? If it is, I don’t see us moving too far forward from our current situation in the next few years. Why?

Well, most small to medium sized software houses are not exactly making money in significantly large quantities to warrant throwing it away on research that some other company making similar software will use to create a similar/better product. So instead of spending money pushing forward the state of the art, you would be insane not to spend that money on making a better product. This combined with crazy schedules, does not leave much in the way of time for forward thinking.

So it appears that we need to rest our hopes on the large enterprises like Microsoft, Google, et al. It’s fair to say that these companies invest a significant amount on money in research, some of which goes toward trying to make programming languages better (F# and Go for example). However taking these two languages as examples we see that F# doesn’t appear to push that many boundaries, and I can’t comment too much on Go, as I’ve not looked at it closely, but it also doesn’t seem to include too many radical switches. Maybe radical does not sit well with shareholders, I dunno.

The thing is, I’m not professing to contain much insight on this either, and I’m not even sure I know what I mean by a radical switch. I just know it doesn’t appear that academia or industry are moving this forward quick enough – if the last 20 years is anything to go by. The only remaining vehicle for change is the programming “community” as a whole, but how much traction we can have is debatable. That said, we do need to move in a different direction, I’m sure of that, and maybe things like multi-core processors may force us kicking and screaming in that new direction. However maybe the problem is even deeper than this, and a switch away from the whole Von Neumann architecture is required. Who knows? Well, I hope someone does!