From stuart.james.burns at gmail.com Wed Jul 1 18:34:57 2015 From: stuart.james.burns at gmail.com (Stuart Burns) Date: Wed, 01 Jul 2015 18:34:57 -0000 Subject: [Chester LUG] Some plane nerdyness Message-ID: Hi Everyone, Not to use the mailing list for non nerdy purposes, but I thought an article I co-authored today about theone of the last flights of the UK's nuclear bomber force before it retires.. It is quite nerdy. http://www.theregister.co.uk/2015/07/01/vulcans_last_flight/ Catch you later Stuart -- Stuart Burns E: stuart.james.burns at gmail.com M: [redacted] -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart.james.burns at gmail.com Wed Jul 22 09:06:46 2015 From: stuart.james.burns at gmail.com (Stuart Burns) Date: Wed, 22 Jul 2015 09:06:46 -0000 Subject: [Chester LUG] Calling Mr Crilley :) Message-ID: Hi Mike, I had to do this as you seem to change your email address more often than Microsoft releases patches! Can you drop me a mail please! Cheers Stuart -- Stuart Burns E: stuart.james.burns at gmail.com M: [redacted] -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at mcrilly.me Wed Jul 22 09:12:42 2015 From: michael at mcrilly.me (Michael Crilly) Date: Wed, 22 Jul 2015 09:12:42 -0000 Subject: [Chester LUG] Calling Mr Crilley :) In-Reply-To: References: Message-ID: Hey! Done :-) - M On 22 Jul 2015 7:06 pm, "Stuart Burns" wrote: > Hi Mike, > > I had to do this as you seem to change your email address more often than > Microsoft releases patches! > > Can you drop me a mail please! > > Cheers > > Stuart > > > -- > Stuart Burns > E: stuart.james.burns at gmail.com > M: [redacted] > > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart.james.burns at gmail.com Thu Jul 23 12:03:43 2015 From: stuart.james.burns at gmail.com (Stuart Burns) Date: Thu, 23 Jul 2015 12:03:43 -0000 Subject: [Chester LUG] Crikey, the BBC just got nerdy.. How to create a VPN! Message-ID: I was shocked. Shocked I tell you. How to create a VPN using a RPi. It is more like the content I would expect to see in Linux Format (In a good way!) http://www.bbc.com/news/technology-33548728 -- Stuart Burns E: stuart.james.burns at gmail.com M: [redacted] -------------- next part -------------- An HTML attachment was scrubbed... URL: From les.pritchard at gmail.com Mon Jul 27 16:20:52 2015 From: les.pritchard at gmail.com (Les Pritchard) Date: Mon, 27 Jul 2015 16:20:52 -0000 Subject: [Chester LUG] Meet this Thursday Message-ID: Hi all, The next LUG meet is this Thursday at the Funky Aardvark from 7.30. If anyone has any topics they'd like to discus or demo, please let us know. See you on Thursday. Les -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at mcrilly.me Mon Jul 27 21:51:24 2015 From: michael at mcrilly.me (Michael Crilly) Date: Mon, 27 Jul 2015 21:51:24 -0000 Subject: [Chester LUG] Meet this Thursday In-Reply-To: References: Message-ID: Shall we try for a Goolge Hangout? On 28 Jul 2015 2:20 am, "Les Pritchard" wrote: > Hi all, > > The next LUG meet is this Thursday at the Funky Aardvark from 7.30. If > anyone has any topics they'd like to discus or demo, please let us know. > > See you on Thursday. > > Les > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at mcrilly.me Mon Jul 27 21:52:57 2015 From: michael at mcrilly.me (Michael Crilly) Date: Mon, 27 Jul 2015 21:52:57 -0000 Subject: [Chester LUG] Meet this Thursday In-Reply-To: References: Message-ID: Ah actually the time zone difference means that won't work. Bummer! On 28 Jul 2015 2:20 am, "Les Pritchard" wrote: > Hi all, > > The next LUG meet is this Thursday at the Funky Aardvark from 7.30. If > anyone has any topics they'd like to discus or demo, please let us know. > > See you on Thursday. > > Les > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dh at iucr.org Tue Jul 28 10:04:57 2015 From: dh at iucr.org (David Holden) Date: Tue, 28 Jul 2015 10:04:57 -0000 Subject: [Chester LUG] Meet this Thursday In-Reply-To: References: Message-ID: <55B753A8.9020601@iucr.org> Sorry guys off on hols to sunny Cyprus tomorrow - I'll see you at the next one. Cheers, Dave. On 27/07/15 17:20, Les Pritchard wrote: > Hi all, > > The next LUG meet is this Thursday at the Funky Aardvark from 7.30. If > anyone has any topics they'd like to discus or demo, please let us know. > > See you on Thursday. > > Les > > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > -- Dr David Holden. (dh at iucr.org) From les.pritchard at gmail.com Tue Jul 28 11:14:49 2015 From: les.pritchard at gmail.com (Les Pritchard) Date: Tue, 28 Jul 2015 11:14:49 -0000 Subject: [Chester LUG] Meet this Thursday In-Reply-To: <55B753A8.9020601@iucr.org> References: <55B753A8.9020601@iucr.org> Message-ID: Shame, there was an opportunity for a real multi-national meet up there! On 28 July 2015 at 11:04, David Holden wrote: > Sorry guys off on hols to sunny Cyprus tomorrow - I'll see you at the > next one. > > Cheers, > > Dave. > > > On 27/07/15 17:20, Les Pritchard wrote: > > Hi all, > > > > The next LUG meet is this Thursday at the Funky Aardvark from 7.30. If > > anyone has any topics they'd like to discus or demo, please let us know. > > > > See you on Thursday. > > > > Les > > > > > > _______________________________________________ > > Chester mailing list > > Chester at mailman.lug.org.uk > > https://mailman.lug.org.uk/mailman/listinfo/chester > > > > -- > Dr David Holden. (dh at iucr.org) > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > -------------- next part -------------- An HTML attachment was scrubbed... URL: From dh at iucr.org Tue Jul 28 12:05:37 2015 From: dh at iucr.org (David Holden) Date: Tue, 28 Jul 2015 12:05:37 -0000 Subject: [Chester LUG] Meet this Thursday In-Reply-To: References: <55B753A8.9020601@iucr.org> Message-ID: <55B76FF7.5020209@iucr.org> Lol. BTW Les, we've rented a couple of dedicated server now from OVH, two locations with load balancing - really impressed by how easy things have been - so far. Dave. On 28/07/15 12:14, Les Pritchard wrote: > Shame, there was an opportunity for a real multi-national meet up there! > > On 28 July 2015 at 11:04, David Holden > wrote: > > Sorry guys off on hols to sunny Cyprus tomorrow - I'll see you at the > next one. > > Cheers, > > Dave. > > > On 27/07/15 17:20, Les Pritchard wrote: > > Hi all, > > > > The next LUG meet is this Thursday at the Funky Aardvark from 7.30. If > > anyone has any topics they'd like to discus or demo, please let us > know. > > > > See you on Thursday. > > > > Les > > > > > > _______________________________________________ > > Chester mailing list > > Chester at mailman.lug.org.uk > > https://mailman.lug.org.uk/mailman/listinfo/chester > > > > -- > Dr David Holden. (dh at iucr.org ) > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > > > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > -- Dr David Holden. (dh at iucr.org) From michael at mcrilly.me Tue Jul 28 12:11:13 2015 From: michael at mcrilly.me (Michael Crilly) Date: Tue, 28 Jul 2015 12:11:13 -0000 Subject: [Chester LUG] Meet this Thursday In-Reply-To: References: <55B753A8.9020601@iucr.org> Message-ID: It would have been like the UN. On 28 Jul 2015 9:14 pm, "Les Pritchard" wrote: > Shame, there was an opportunity for a real multi-national meet up there! > > On 28 July 2015 at 11:04, David Holden wrote: > >> Sorry guys off on hols to sunny Cyprus tomorrow - I'll see you at the >> next one. >> >> Cheers, >> >> Dave. >> >> >> On 27/07/15 17:20, Les Pritchard wrote: >> > Hi all, >> > >> > The next LUG meet is this Thursday at the Funky Aardvark from 7.30. If >> > anyone has any topics they'd like to discus or demo, please let us know. >> > >> > See you on Thursday. >> > >> > Les >> > >> > >> > _______________________________________________ >> > Chester mailing list >> > Chester at mailman.lug.org.uk >> > https://mailman.lug.org.uk/mailman/listinfo/chester >> > >> >> -- >> Dr David Holden. (dh at iucr.org) >> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> > > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From les.pritchard at gmail.com Tue Jul 28 14:18:40 2015 From: les.pritchard at gmail.com (Les Pritchard) Date: Tue, 28 Jul 2015 14:18:40 -0000 Subject: [Chester LUG] Meet this Thursday In-Reply-To: <55B76FF7.5020209@iucr.org> References: <55B753A8.9020601@iucr.org> <55B76FF7.5020209@iucr.org> Message-ID: Great, I'm pleased to hear you've had a good experience with them. On 28 July 2015 at 13:05, David Holden wrote: > Lol. > > BTW Les, we've rented a couple of dedicated server now from OVH, two > locations with load balancing - really impressed by how easy things have > been - so far. > > Dave. > > > On 28/07/15 12:14, Les Pritchard wrote: > > Shame, there was an opportunity for a real multi-national meet up there! > > > > On 28 July 2015 at 11:04, David Holden > > wrote: > > > > Sorry guys off on hols to sunny Cyprus tomorrow - I'll see you at the > > next one. > > > > Cheers, > > > > Dave. > > > > > > On 27/07/15 17:20, Les Pritchard wrote: > > > Hi all, > > > > > > The next LUG meet is this Thursday at the Funky Aardvark from > 7.30. If > > > anyone has any topics they'd like to discus or demo, please let us > > know. > > > > > > See you on Thursday. > > > > > > Les > > > > > > > > > _______________________________________________ > > > Chester mailing list > > > Chester at mailman.lug.org.uk > > > https://mailman.lug.org.uk/mailman/listinfo/chester > > > > > > > -- > > Dr David Holden. (dh at iucr.org ) > > > > _______________________________________________ > > Chester mailing list > > Chester at mailman.lug.org.uk > > https://mailman.lug.org.uk/mailman/listinfo/chester > > > > > > > > > > _______________________________________________ > > Chester mailing list > > Chester at mailman.lug.org.uk > > https://mailman.lug.org.uk/mailman/listinfo/chester > > > > -- > Dr David Holden. (dh at iucr.org) > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > -------------- next part -------------- An HTML attachment was scrubbed... URL: From les.pritchard at gmail.com Tue Jul 28 14:22:13 2015 From: les.pritchard at gmail.com (Les Pritchard) Date: Tue, 28 Jul 2015 14:22:13 -0000 Subject: [Chester LUG] Meet this Thursday In-Reply-To: References: <55B753A8.9020601@iucr.org> Message-ID: Yeah - we could have asked Stuart to link in from home, stroking his cat and demanding "One biiiiiiiiiiiiiiiiiiiiiilion gigs of bandwidth" (Sorry Stuart, it's just such a strong image :-p) On 28 July 2015 at 13:10, Michael Crilly wrote: > It would have been like the UN. > On 28 Jul 2015 9:14 pm, "Les Pritchard" wrote: > >> Shame, there was an opportunity for a real multi-national meet up there! >> >> On 28 July 2015 at 11:04, David Holden wrote: >> >>> Sorry guys off on hols to sunny Cyprus tomorrow - I'll see you at the >>> next one. >>> >>> Cheers, >>> >>> Dave. >>> >>> >>> On 27/07/15 17:20, Les Pritchard wrote: >>> > Hi all, >>> > >>> > The next LUG meet is this Thursday at the Funky Aardvark from 7.30. If >>> > anyone has any topics they'd like to discus or demo, please let us >>> know. >>> > >>> > See you on Thursday. >>> > >>> > Les >>> > >>> > >>> > _______________________________________________ >>> > Chester mailing list >>> > Chester at mailman.lug.org.uk >>> > https://mailman.lug.org.uk/mailman/listinfo/chester >>> > >>> >>> -- >>> Dr David Holden. (dh at iucr.org) >>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >> >> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart.james.burns at gmail.com Thu Jul 30 11:50:21 2015 From: stuart.james.burns at gmail.com (Stuart Burns) Date: Thu, 30 Jul 2015 11:50:21 -0000 Subject: [Chester LUG] Digitalocean users.. a question Message-ID: Hi Everyone, I am just in the process of moving over some sites to DO and I thought I would start using the stored SSH key system you can use when deploying your droplets. It works fine, no issues. Just I dont really feel comfortable logging in as root directly. Years of non root logins make me feel itchy about this. What does everyone else think? (I know you can alter and someone trying to crack a proper PKI implementation may have a long wait!) I was more concerned with it being out the box functionality. Regards Stuart -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at mcrilly.me Thu Jul 30 12:18:16 2015 From: michael at mcrilly.me (Michael Crilly) Date: Thu, 30 Jul 2015 12:18:16 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: The initial root login is designed to give you an easy way in so you can configure the system, locking down root login and removing that key from the system (after adding additional users and allowing them to sudo to root.) Think of that initial SSH key as a deployment key - login once with it, then use Ansible to setup your system with new users and various other state. Cheers, Mike. On 30 Jul 2015 9:50 pm, "Stuart Burns" wrote: > Hi Everyone, > > I am just in the process of moving over some sites to DO and I thought I > would start using the stored SSH key system you can use when deploying your > droplets. It works fine, no issues. Just I dont really feel comfortable > logging in as root directly. Years of non root logins make me feel itchy > about this. > > What does everyone else think? (I know you can alter and someone trying to > crack a proper PKI implementation may have a long wait!) I was more > concerned with it being out the box functionality. > > Regards > > Stuart > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From les.pritchard at gmail.com Thu Jul 30 12:23:54 2015 From: les.pritchard at gmail.com (Les Pritchard) Date: Thu, 30 Jul 2015 12:23:54 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: Yes, I'd agree with Mike on that. If you're creating the VPS manually you could use a temporary password for root, then create a standard user and disable the root. If you can, I'd also recommend locking down SSH to specific IPs or at least ranges. On 30 July 2015 at 13:17, Michael Crilly wrote: > The initial root login is designed to give you an easy way in so you can > configure the system, locking down root login and removing that key from > the system (after adding additional users and allowing them to sudo to > root.) > > Think of that initial SSH key as a deployment key - login once with it, > then use Ansible to setup your system with new users and various other > state. > > Cheers, > > Mike. > On 30 Jul 2015 9:50 pm, "Stuart Burns" > wrote: > >> Hi Everyone, >> >> I am just in the process of moving over some sites to DO and I thought I >> would start using the stored SSH key system you can use when deploying your >> droplets. It works fine, no issues. Just I dont really feel comfortable >> logging in as root directly. Years of non root logins make me feel itchy >> about this. >> >> What does everyone else think? (I know you can alter and someone trying >> to crack a proper PKI implementation may have a long wait!) I was more >> concerned with it being out the box functionality. >> >> Regards >> >> Stuart >> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart.james.burns at gmail.com Thu Jul 30 12:34:48 2015 From: stuart.james.burns at gmail.com (Stuart Burns) Date: Thu, 30 Jul 2015 12:34:48 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: Topic for tonight sorted then ;) On 30 July 2015 at 13:23, Les Pritchard wrote: > Yes, I'd agree with Mike on that. If you're creating the VPS manually you > could use a temporary password for root, then create a standard user and > disable the root. > > If you can, I'd also recommend locking down SSH to specific IPs or at > least ranges. > > On 30 July 2015 at 13:17, Michael Crilly wrote: > >> The initial root login is designed to give you an easy way in so you can >> configure the system, locking down root login and removing that key from >> the system (after adding additional users and allowing them to sudo to >> root.) >> >> Think of that initial SSH key as a deployment key - login once with it, >> then use Ansible to setup your system with new users and various other >> state. >> >> Cheers, >> >> Mike. >> On 30 Jul 2015 9:50 pm, "Stuart Burns" >> wrote: >> >>> Hi Everyone, >>> >>> I am just in the process of moving over some sites to DO and I thought I >>> would start using the stored SSH key system you can use when deploying your >>> droplets. It works fine, no issues. Just I dont really feel comfortable >>> logging in as root directly. Years of non root logins make me feel itchy >>> about this. >>> >>> What does everyone else think? (I know you can alter and someone trying >>> to crack a proper PKI implementation may have a long wait!) I was more >>> concerned with it being out the box functionality. >>> >>> Regards >>> >>> Stuart >>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >>> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -- Stuart Burns E: stuart.james.burns at gmail.com M: [redacted] -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at mcrilly.me Thu Jul 30 12:36:51 2015 From: michael at mcrilly.me (Michael Crilly) Date: Thu, 30 Jul 2015 12:36:51 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: On top of Les' suggestions, I'd recommend you also disable weak ciphers and use ECDH. Also, install fail2ban to automatically block automated brute forcing attacks against SSH - they can fill up your disk space with syslog entries, thus DOSing your server. On 30 Jul 2015 10:23 pm, "Les Pritchard" wrote: > Yes, I'd agree with Mike on that. If you're creating the VPS manually you > could use a temporary password for root, then create a standard user and > disable the root. > > If you can, I'd also recommend locking down SSH to specific IPs or at > least ranges. > > On 30 July 2015 at 13:17, Michael Crilly wrote: > >> The initial root login is designed to give you an easy way in so you can >> configure the system, locking down root login and removing that key from >> the system (after adding additional users and allowing them to sudo to >> root.) >> >> Think of that initial SSH key as a deployment key - login once with it, >> then use Ansible to setup your system with new users and various other >> state. >> >> Cheers, >> >> Mike. >> On 30 Jul 2015 9:50 pm, "Stuart Burns" >> wrote: >> >>> Hi Everyone, >>> >>> I am just in the process of moving over some sites to DO and I thought I >>> would start using the stored SSH key system you can use when deploying your >>> droplets. It works fine, no issues. Just I dont really feel comfortable >>> logging in as root directly. Years of non root logins make me feel itchy >>> about this. >>> >>> What does everyone else think? (I know you can alter and someone trying >>> to crack a proper PKI implementation may have a long wait!) I was more >>> concerned with it being out the box functionality. >>> >>> Regards >>> >>> Stuart >>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >>> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart.james.burns at gmail.com Thu Jul 30 12:38:10 2015 From: stuart.james.burns at gmail.com (Stuart Burns) Date: Thu, 30 Jul 2015 12:38:10 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: I was going to ask do you guys have a set of scripts you'd be willing to share? Also purely just interest, how many VPS machines has everyone got. On 30 July 2015 at 13:36, Michael Crilly wrote: > On top of Les' suggestions, I'd recommend you also disable weak ciphers > and use ECDH. Also, install fail2ban to automatically block automated brute > forcing attacks against SSH - they can fill up your disk space with syslog > entries, thus DOSing your server. > On 30 Jul 2015 10:23 pm, "Les Pritchard" wrote: > >> Yes, I'd agree with Mike on that. If you're creating the VPS manually you >> could use a temporary password for root, then create a standard user and >> disable the root. >> >> If you can, I'd also recommend locking down SSH to specific IPs or at >> least ranges. >> >> On 30 July 2015 at 13:17, Michael Crilly wrote: >> >>> The initial root login is designed to give you an easy way in so you can >>> configure the system, locking down root login and removing that key from >>> the system (after adding additional users and allowing them to sudo to >>> root.) >>> >>> Think of that initial SSH key as a deployment key - login once with it, >>> then use Ansible to setup your system with new users and various other >>> state. >>> >>> Cheers, >>> >>> Mike. >>> On 30 Jul 2015 9:50 pm, "Stuart Burns" >>> wrote: >>> >>>> Hi Everyone, >>>> >>>> I am just in the process of moving over some sites to DO and I thought >>>> I would start using the stored SSH key system you can use when deploying >>>> your droplets. It works fine, no issues. Just I dont really feel >>>> comfortable logging in as root directly. Years of non root logins make me >>>> feel itchy about this. >>>> >>>> What does everyone else think? (I know you can alter and someone trying >>>> to crack a proper PKI implementation may have a long wait!) I was more >>>> concerned with it being out the box functionality. >>>> >>>> Regards >>>> >>>> Stuart >>>> >>>> _______________________________________________ >>>> Chester mailing list >>>> Chester at mailman.lug.org.uk >>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>> >>>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >>> >> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -- Stuart Burns E: stuart.james.burns at gmail.com M: [redacted] -------------- next part -------------- An HTML attachment was scrubbed... URL: From steve.lilley at beebl.co.uk Thu Jul 30 12:41:31 2015 From: steve.lilley at beebl.co.uk (Steve Lilley) Date: Thu, 30 Jul 2015 12:41:31 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: I personally feel as safe logging in as root with a key (and 2 factor on DO) then I do logging on with a password as a normal user If that user is setup to sudo anyway. Then again I only use it for test and dev. Steve From: Chester [mailto:chester-bounces at mailman.lug.org.uk] On Behalf Of Les Pritchard Sent: 30 July 2015 13:24 To: chester Subject: Re: [Chester LUG] Digitalocean users.. a question Yes, I'd agree with Mike on that. If you're creating the VPS manually you could use a temporary password for root, then create a standard user and disable the root. If you can, I'd also recommend locking down SSH to specific IPs or at least ranges. On 30 July 2015 at 13:17, Michael Crilly > wrote: The initial root login is designed to give you an easy way in so you can configure the system, locking down root login and removing that key from the system (after adding additional users and allowing them to sudo to root.) Think of that initial SSH key as a deployment key - login once with it, then use Ansible to setup your system with new users and various other state. Cheers, Mike. On 30 Jul 2015 9:50 pm, "Stuart Burns" > wrote: Hi Everyone, I am just in the process of moving over some sites to DO and I thought I would start using the stored SSH key system you can use when deploying your droplets. It works fine, no issues. Just I dont really feel comfortable logging in as root directly. Years of non root logins make me feel itchy about this. What does everyone else think? (I know you can alter and someone trying to crack a proper PKI implementation may have a long wait!) I was more concerned with it being out the box functionality. Regards Stuart _______________________________________________ Chester mailing list Chester at mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/chester _______________________________________________ Chester mailing list Chester at mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/chester -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at mcrilly.me Thu Jul 30 12:42:21 2015 From: michael at mcrilly.me (Michael Crilly) Date: Thu, 30 Jul 2015 12:42:21 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: Learn to use Ansible to configure your systems. No one uses shell scripts anymore unless they're stuck in 2009 :P On 30 Jul 2015 10:38 pm, "Stuart Burns" wrote: > I was going to ask do you guys have a set of scripts you'd be willing to > share? Also purely just interest, how many VPS machines has everyone got. > > On 30 July 2015 at 13:36, Michael Crilly wrote: > >> On top of Les' suggestions, I'd recommend you also disable weak ciphers >> and use ECDH. Also, install fail2ban to automatically block automated brute >> forcing attacks against SSH - they can fill up your disk space with syslog >> entries, thus DOSing your server. >> On 30 Jul 2015 10:23 pm, "Les Pritchard" wrote: >> >>> Yes, I'd agree with Mike on that. If you're creating the VPS manually >>> you could use a temporary password for root, then create a standard user >>> and disable the root. >>> >>> If you can, I'd also recommend locking down SSH to specific IPs or at >>> least ranges. >>> >>> On 30 July 2015 at 13:17, Michael Crilly wrote: >>> >>>> The initial root login is designed to give you an easy way in so you >>>> can configure the system, locking down root login and removing that key >>>> from the system (after adding additional users and allowing them to sudo to >>>> root.) >>>> >>>> Think of that initial SSH key as a deployment key - login once with it, >>>> then use Ansible to setup your system with new users and various other >>>> state. >>>> >>>> Cheers, >>>> >>>> Mike. >>>> On 30 Jul 2015 9:50 pm, "Stuart Burns" >>>> wrote: >>>> >>>>> Hi Everyone, >>>>> >>>>> I am just in the process of moving over some sites to DO and I thought >>>>> I would start using the stored SSH key system you can use when deploying >>>>> your droplets. It works fine, no issues. Just I dont really feel >>>>> comfortable logging in as root directly. Years of non root logins make me >>>>> feel itchy about this. >>>>> >>>>> What does everyone else think? (I know you can alter and someone >>>>> trying to crack a proper PKI implementation may have a long wait!) I was >>>>> more concerned with it being out the box functionality. >>>>> >>>>> Regards >>>>> >>>>> Stuart >>>>> >>>>> _______________________________________________ >>>>> Chester mailing list >>>>> Chester at mailman.lug.org.uk >>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>> >>>>> >>>> _______________________________________________ >>>> Chester mailing list >>>> Chester at mailman.lug.org.uk >>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>> >>>> >>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >>> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > > > -- > Stuart Burns > E: stuart.james.burns at gmail.com > M: [redacted] > > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at mcrilly.me Thu Jul 30 12:42:58 2015 From: michael at mcrilly.me (Michael Crilly) Date: Thu, 30 Jul 2015 12:42:58 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: Steve, Consider uses Vagrant for testing and development. It'll run the VM locally and cost you nothing. On 30 Jul 2015 10:41 pm, "Steve Lilley" wrote: > I personally feel as safe logging in as root with a key (and 2 factor on > DO) then I do logging on with a password as a normal user If that user is > setup to sudo anyway. Then again I only use it for test and dev. > > > > Steve > > > > > > *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On Behalf Of > *Les Pritchard > *Sent:* 30 July 2015 13:24 > *To:* chester > *Subject:* Re: [Chester LUG] Digitalocean users.. a question > > > > Yes, I'd agree with Mike on that. If you're creating the VPS manually you > could use a temporary password for root, then create a standard user and > disable the root. > > > > If you can, I'd also recommend locking down SSH to specific IPs or at > least ranges. > > > > On 30 July 2015 at 13:17, Michael Crilly wrote: > > The initial root login is designed to give you an easy way in so you can > configure the system, locking down root login and removing that key from > the system (after adding additional users and allowing them to sudo to > root.) > > Think of that initial SSH key as a deployment key - login once with it, > then use Ansible to setup your system with new users and various other > state. > > Cheers, > > Mike. > > On 30 Jul 2015 9:50 pm, "Stuart Burns" > wrote: > > Hi Everyone, > > > > I am just in the process of moving over some sites to DO and I thought I > would start using the stored SSH key system you can use when deploying your > droplets. It works fine, no issues. Just I dont really feel comfortable > logging in as root directly. Years of non root logins make me feel itchy > about this. > > > > What does everyone else think? (I know you can alter and someone trying to > crack a proper PKI implementation may have a long wait!) I was more > concerned with it being out the box functionality. > > Regards > > > > Stuart > > > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart.james.burns at gmail.com Thu Jul 30 12:44:58 2015 From: stuart.james.burns at gmail.com (Stuart Burns) Date: Thu, 30 Jul 2015 12:44:58 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: We woud Mike if it wasn't so friggin' niche and unworkable for the most part ;) On 30 July 2015 at 13:42, Michael Crilly wrote: > Steve, > > Consider uses Vagrant for testing and development. It'll run the VM > locally and cost you nothing. > On 30 Jul 2015 10:41 pm, "Steve Lilley" wrote: > >> I personally feel as safe logging in as root with a key (and 2 factor >> on DO) then I do logging on with a password as a normal user If that user >> is setup to sudo anyway. Then again I only use it for test and dev. >> >> >> >> Steve >> >> >> >> >> >> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On Behalf >> Of *Les Pritchard >> *Sent:* 30 July 2015 13:24 >> *To:* chester >> *Subject:* Re: [Chester LUG] Digitalocean users.. a question >> >> >> >> Yes, I'd agree with Mike on that. If you're creating the VPS manually you >> could use a temporary password for root, then create a standard user and >> disable the root. >> >> >> >> If you can, I'd also recommend locking down SSH to specific IPs or at >> least ranges. >> >> >> >> On 30 July 2015 at 13:17, Michael Crilly wrote: >> >> The initial root login is designed to give you an easy way in so you can >> configure the system, locking down root login and removing that key from >> the system (after adding additional users and allowing them to sudo to >> root.) >> >> Think of that initial SSH key as a deployment key - login once with it, >> then use Ansible to setup your system with new users and various other >> state. >> >> Cheers, >> >> Mike. >> >> On 30 Jul 2015 9:50 pm, "Stuart Burns" >> wrote: >> >> Hi Everyone, >> >> >> >> I am just in the process of moving over some sites to DO and I thought I >> would start using the stored SSH key system you can use when deploying your >> droplets. It works fine, no issues. Just I dont really feel comfortable >> logging in as root directly. Years of non root logins make me feel itchy >> about this. >> >> >> >> What does everyone else think? (I know you can alter and someone trying >> to crack a proper PKI implementation may have a long wait!) I was more >> concerned with it being out the box functionality. >> >> Regards >> >> >> >> Stuart >> >> >> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> >> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -- Stuart Burns E: stuart.james.burns at gmail.com M: [redacted] -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at mcrilly.me Thu Jul 30 12:47:46 2015 From: michael at mcrilly.me (Michael Crilly) Date: Thu, 30 Jul 2015 12:47:46 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: Niche? Virtually industry standard alongside Puppet. Unworkable? I've got it automatically provisioning entire environments with HAProxy, NodeJS apps, MongoDB, Java apps, MySQL, the lot. Whatever happened to a tradesmen never blaming his tools? Also, OSS generally accepts pull requests for bugs and improvements - hop to it ;-) On 30 Jul 2015 10:45 pm, "Stuart Burns" wrote: > We woud Mike if it wasn't so friggin' niche and unworkable for the most > part ;) > > > On 30 July 2015 at 13:42, Michael Crilly wrote: > >> Steve, >> >> Consider uses Vagrant for testing and development. It'll run the VM >> locally and cost you nothing. >> On 30 Jul 2015 10:41 pm, "Steve Lilley" wrote: >> >>> I personally feel as safe logging in as root with a key (and 2 factor on >>> DO) then I do logging on with a password as a normal user If that user is >>> setup to sudo anyway. Then again I only use it for test and dev. >>> >>> >>> >>> Steve >>> >>> >>> >>> >>> >>> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On Behalf >>> Of *Les Pritchard >>> *Sent:* 30 July 2015 13:24 >>> *To:* chester >>> *Subject:* Re: [Chester LUG] Digitalocean users.. a question >>> >>> >>> >>> Yes, I'd agree with Mike on that. If you're creating the VPS manually >>> you could use a temporary password for root, then create a standard user >>> and disable the root. >>> >>> >>> >>> If you can, I'd also recommend locking down SSH to specific IPs or at >>> least ranges. >>> >>> >>> >>> On 30 July 2015 at 13:17, Michael Crilly wrote: >>> >>> The initial root login is designed to give you an easy way in so you can >>> configure the system, locking down root login and removing that key from >>> the system (after adding additional users and allowing them to sudo to >>> root.) >>> >>> Think of that initial SSH key as a deployment key - login once with it, >>> then use Ansible to setup your system with new users and various other >>> state. >>> >>> Cheers, >>> >>> Mike. >>> >>> On 30 Jul 2015 9:50 pm, "Stuart Burns" >>> wrote: >>> >>> Hi Everyone, >>> >>> >>> >>> I am just in the process of moving over some sites to DO and I thought I >>> would start using the stored SSH key system you can use when deploying your >>> droplets. It works fine, no issues. Just I dont really feel comfortable >>> logging in as root directly. Years of non root logins make me feel itchy >>> about this. >>> >>> >>> >>> What does everyone else think? (I know you can alter and someone trying >>> to crack a proper PKI implementation may have a long wait!) I was more >>> concerned with it being out the box functionality. >>> >>> Regards >>> >>> >>> >>> Stuart >>> >>> >>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >>> >>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >>> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > > > -- > Stuart Burns > E: stuart.james.burns at gmail.com > M: [redacted] > > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart.james.burns at gmail.com Thu Jul 30 12:54:45 2015 From: stuart.james.burns at gmail.com (Stuart Burns) Date: Thu, 30 Jul 2015 12:54:45 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: Ok so I want to do two things (and this is the challenge) I want to automate virtualhost configs. They are trivial and repetative but easy to fat finger. Script to create a db user followed by a virtual host file creation and a2ensite, reload and it should be good. How could ansible/whatever be more efficient. Secondly how do I integrate it from my desktops so I can just pop out a master server with tuned/pre set configs ? Oh and I want versioning too ;) If you can tell me how to do that lot simply and easily I will retract my thus truthful statement re: Ansible et all. On 30 July 2015 at 13:47, Michael Crilly wrote: > Niche? Virtually industry standard alongside Puppet. > > Unworkable? I've got it automatically provisioning entire environments > with HAProxy, NodeJS apps, MongoDB, Java apps, MySQL, the lot. > > Whatever happened to a tradesmen never blaming his tools? > > Also, OSS generally accepts pull requests for bugs and improvements - hop > to it ;-) > On 30 Jul 2015 10:45 pm, "Stuart Burns" > wrote: > >> We woud Mike if it wasn't so friggin' niche and unworkable for the most >> part ;) >> >> >> On 30 July 2015 at 13:42, Michael Crilly wrote: >> >>> Steve, >>> >>> Consider uses Vagrant for testing and development. It'll run the VM >>> locally and cost you nothing. >>> On 30 Jul 2015 10:41 pm, "Steve Lilley" >>> wrote: >>> >>>> I personally feel as safe logging in as root with a key (and 2 factor >>>> on DO) then I do logging on with a password as a normal user If that user >>>> is setup to sudo anyway. Then again I only use it for test and dev. >>>> >>>> >>>> >>>> Steve >>>> >>>> >>>> >>>> >>>> >>>> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On Behalf >>>> Of *Les Pritchard >>>> *Sent:* 30 July 2015 13:24 >>>> *To:* chester >>>> *Subject:* Re: [Chester LUG] Digitalocean users.. a question >>>> >>>> >>>> >>>> Yes, I'd agree with Mike on that. If you're creating the VPS manually >>>> you could use a temporary password for root, then create a standard user >>>> and disable the root. >>>> >>>> >>>> >>>> If you can, I'd also recommend locking down SSH to specific IPs or at >>>> least ranges. >>>> >>>> >>>> >>>> On 30 July 2015 at 13:17, Michael Crilly wrote: >>>> >>>> The initial root login is designed to give you an easy way in so you >>>> can configure the system, locking down root login and removing that key >>>> from the system (after adding additional users and allowing them to sudo to >>>> root.) >>>> >>>> Think of that initial SSH key as a deployment key - login once with it, >>>> then use Ansible to setup your system with new users and various other >>>> state. >>>> >>>> Cheers, >>>> >>>> Mike. >>>> >>>> On 30 Jul 2015 9:50 pm, "Stuart Burns" >>>> wrote: >>>> >>>> Hi Everyone, >>>> >>>> >>>> >>>> I am just in the process of moving over some sites to DO and I thought >>>> I would start using the stored SSH key system you can use when deploying >>>> your droplets. It works fine, no issues. Just I dont really feel >>>> comfortable logging in as root directly. Years of non root logins make me >>>> feel itchy about this. >>>> >>>> >>>> >>>> What does everyone else think? (I know you can alter and someone trying >>>> to crack a proper PKI implementation may have a long wait!) I was more >>>> concerned with it being out the box functionality. >>>> >>>> Regards >>>> >>>> >>>> >>>> Stuart >>>> >>>> >>>> >>>> _______________________________________________ >>>> Chester mailing list >>>> Chester at mailman.lug.org.uk >>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>> >>>> >>>> _______________________________________________ >>>> Chester mailing list >>>> Chester at mailman.lug.org.uk >>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>> >>>> >>>> >>>> _______________________________________________ >>>> Chester mailing list >>>> Chester at mailman.lug.org.uk >>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>> >>>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >>> >> >> >> -- >> Stuart Burns >> E: stuart.james.burns at gmail.com >> M: [redacted] >> >> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -- Stuart Burns E: stuart.james.burns at gmail.com M: [redacted] -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart.james.burns at gmail.com Thu Jul 30 12:55:13 2015 From: stuart.james.burns at gmail.com (Stuart Burns) Date: Thu, 30 Jul 2015 12:55:13 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: btw meant to suffix with ;) On 30 July 2015 at 13:54, Stuart Burns wrote: > Ok so I want to do two things (and this is the challenge) > > I want to automate virtualhost configs. They are trivial and repetative > but easy to fat finger. Script to create a db user followed by a virtual > host file creation and a2ensite, reload and it should be good. How could > ansible/whatever be more efficient. > > Secondly how do I integrate it from my desktops so I can just pop out a > master server with tuned/pre set configs ? Oh and I want versioning too ;) > > If you can tell me how to do that lot simply and easily I will retract my > thus truthful statement re: Ansible et all. > > > > On 30 July 2015 at 13:47, Michael Crilly wrote: > >> Niche? Virtually industry standard alongside Puppet. >> >> Unworkable? I've got it automatically provisioning entire environments >> with HAProxy, NodeJS apps, MongoDB, Java apps, MySQL, the lot. >> >> Whatever happened to a tradesmen never blaming his tools? >> >> Also, OSS generally accepts pull requests for bugs and improvements - hop >> to it ;-) >> On 30 Jul 2015 10:45 pm, "Stuart Burns" >> wrote: >> >>> We woud Mike if it wasn't so friggin' niche and unworkable for the most >>> part ;) >>> >>> >>> On 30 July 2015 at 13:42, Michael Crilly wrote: >>> >>>> Steve, >>>> >>>> Consider uses Vagrant for testing and development. It'll run the VM >>>> locally and cost you nothing. >>>> On 30 Jul 2015 10:41 pm, "Steve Lilley" >>>> wrote: >>>> >>>>> I personally feel as safe logging in as root with a key (and 2 >>>>> factor on DO) then I do logging on with a password as a normal user If that >>>>> user is setup to sudo anyway. Then again I only use it for test and dev. >>>>> >>>>> >>>>> >>>>> Steve >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On >>>>> Behalf Of *Les Pritchard >>>>> *Sent:* 30 July 2015 13:24 >>>>> *To:* chester >>>>> *Subject:* Re: [Chester LUG] Digitalocean users.. a question >>>>> >>>>> >>>>> >>>>> Yes, I'd agree with Mike on that. If you're creating the VPS manually >>>>> you could use a temporary password for root, then create a standard user >>>>> and disable the root. >>>>> >>>>> >>>>> >>>>> If you can, I'd also recommend locking down SSH to specific IPs or at >>>>> least ranges. >>>>> >>>>> >>>>> >>>>> On 30 July 2015 at 13:17, Michael Crilly wrote: >>>>> >>>>> The initial root login is designed to give you an easy way in so you >>>>> can configure the system, locking down root login and removing that key >>>>> from the system (after adding additional users and allowing them to sudo to >>>>> root.) >>>>> >>>>> Think of that initial SSH key as a deployment key - login once with >>>>> it, then use Ansible to setup your system with new users and various other >>>>> state. >>>>> >>>>> Cheers, >>>>> >>>>> Mike. >>>>> >>>>> On 30 Jul 2015 9:50 pm, "Stuart Burns" >>>>> wrote: >>>>> >>>>> Hi Everyone, >>>>> >>>>> >>>>> >>>>> I am just in the process of moving over some sites to DO and I thought >>>>> I would start using the stored SSH key system you can use when deploying >>>>> your droplets. It works fine, no issues. Just I dont really feel >>>>> comfortable logging in as root directly. Years of non root logins make me >>>>> feel itchy about this. >>>>> >>>>> >>>>> >>>>> What does everyone else think? (I know you can alter and someone >>>>> trying to crack a proper PKI implementation may have a long wait!) I was >>>>> more concerned with it being out the box functionality. >>>>> >>>>> Regards >>>>> >>>>> >>>>> >>>>> Stuart >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Chester mailing list >>>>> Chester at mailman.lug.org.uk >>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>> >>>>> >>>>> _______________________________________________ >>>>> Chester mailing list >>>>> Chester at mailman.lug.org.uk >>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Chester mailing list >>>>> Chester at mailman.lug.org.uk >>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>> >>>>> >>>> _______________________________________________ >>>> Chester mailing list >>>> Chester at mailman.lug.org.uk >>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>> >>>> >>> >>> >>> -- >>> Stuart Burns >>> E: stuart.james.burns at gmail.com >>> M: [redacted] >>> >>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >>> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > > > -- > Stuart Burns > E: stuart.james.burns at gmail.com > M: [redacted] > > -- Stuart Burns E: stuart.james.burns at gmail.com M: [redacted] -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at mcrilly.me Thu Jul 30 12:59:58 2015 From: michael at mcrilly.me (Michael Crilly) Date: Thu, 30 Jul 2015 12:59:58 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: There are modules at docs.ansible.com for all those things. It'll be more efficient because it will be OS agnostic if you develop the Playbook correctly. It will also be sharable and easier to read than a shell script. You can version Ansible "code" using git like the rest of the industry. Use git tags to version your specific commits. You can use Vagrant to deploy a DO Droplet and apply Ansible to it automatically - one command once you've written the Vagrantfile. On 30 Jul 2015 10:54 pm, "Stuart Burns" wrote: > Ok so I want to do two things (and this is the challenge) > > I want to automate virtualhost configs. They are trivial and repetative > but easy to fat finger. Script to create a db user followed by a virtual > host file creation and a2ensite, reload and it should be good. How could > ansible/whatever be more efficient. > > Secondly how do I integrate it from my desktops so I can just pop out a > master server with tuned/pre set configs ? Oh and I want versioning too ;) > > If you can tell me how to do that lot simply and easily I will retract my > thus truthful statement re: Ansible et all. > > > > On 30 July 2015 at 13:47, Michael Crilly wrote: > >> Niche? Virtually industry standard alongside Puppet. >> >> Unworkable? I've got it automatically provisioning entire environments >> with HAProxy, NodeJS apps, MongoDB, Java apps, MySQL, the lot. >> >> Whatever happened to a tradesmen never blaming his tools? >> >> Also, OSS generally accepts pull requests for bugs and improvements - hop >> to it ;-) >> On 30 Jul 2015 10:45 pm, "Stuart Burns" >> wrote: >> >>> We woud Mike if it wasn't so friggin' niche and unworkable for the most >>> part ;) >>> >>> >>> On 30 July 2015 at 13:42, Michael Crilly wrote: >>> >>>> Steve, >>>> >>>> Consider uses Vagrant for testing and development. It'll run the VM >>>> locally and cost you nothing. >>>> On 30 Jul 2015 10:41 pm, "Steve Lilley" >>>> wrote: >>>> >>>>> I personally feel as safe logging in as root with a key (and 2 factor >>>>> on DO) then I do logging on with a password as a normal user If that user >>>>> is setup to sudo anyway. Then again I only use it for test and dev. >>>>> >>>>> >>>>> >>>>> Steve >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On >>>>> Behalf Of *Les Pritchard >>>>> *Sent:* 30 July 2015 13:24 >>>>> *To:* chester >>>>> *Subject:* Re: [Chester LUG] Digitalocean users.. a question >>>>> >>>>> >>>>> >>>>> Yes, I'd agree with Mike on that. If you're creating the VPS manually >>>>> you could use a temporary password for root, then create a standard user >>>>> and disable the root. >>>>> >>>>> >>>>> >>>>> If you can, I'd also recommend locking down SSH to specific IPs or at >>>>> least ranges. >>>>> >>>>> >>>>> >>>>> On 30 July 2015 at 13:17, Michael Crilly wrote: >>>>> >>>>> The initial root login is designed to give you an easy way in so you >>>>> can configure the system, locking down root login and removing that key >>>>> from the system (after adding additional users and allowing them to sudo to >>>>> root.) >>>>> >>>>> Think of that initial SSH key as a deployment key - login once with >>>>> it, then use Ansible to setup your system with new users and various other >>>>> state. >>>>> >>>>> Cheers, >>>>> >>>>> Mike. >>>>> >>>>> On 30 Jul 2015 9:50 pm, "Stuart Burns" >>>>> wrote: >>>>> >>>>> Hi Everyone, >>>>> >>>>> >>>>> >>>>> I am just in the process of moving over some sites to DO and I thought >>>>> I would start using the stored SSH key system you can use when deploying >>>>> your droplets. It works fine, no issues. Just I dont really feel >>>>> comfortable logging in as root directly. Years of non root logins make me >>>>> feel itchy about this. >>>>> >>>>> >>>>> >>>>> What does everyone else think? (I know you can alter and someone >>>>> trying to crack a proper PKI implementation may have a long wait!) I was >>>>> more concerned with it being out the box functionality. >>>>> >>>>> Regards >>>>> >>>>> >>>>> >>>>> Stuart >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Chester mailing list >>>>> Chester at mailman.lug.org.uk >>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>> >>>>> >>>>> _______________________________________________ >>>>> Chester mailing list >>>>> Chester at mailman.lug.org.uk >>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Chester mailing list >>>>> Chester at mailman.lug.org.uk >>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>> >>>>> >>>> _______________________________________________ >>>> Chester mailing list >>>> Chester at mailman.lug.org.uk >>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>> >>>> >>> >>> >>> -- >>> Stuart Burns >>> E: stuart.james.burns at gmail.com >>> M: [redacted] >>> >>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >>> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > > > -- > Stuart Burns > E: stuart.james.burns at gmail.com > M: [redacted] > > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart.james.burns at gmail.com Thu Jul 30 13:03:10 2015 From: stuart.james.burns at gmail.com (Stuart Burns) Date: Thu, 30 Jul 2015 13:03:10 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: I did take a look at Vagrant but I dont get it. All the docs seem to be missing something. I get what it is, its a containerized pre configed machine but something is lost in "doing it" On 30 July 2015 at 13:59, Michael Crilly wrote: > There are modules at docs.ansible.com for all those things. > > It'll be more efficient because it will be OS agnostic if you develop the > Playbook correctly. It will also be sharable and easier to read than a > shell script. > > You can version Ansible "code" using git like the rest of the industry. > Use git tags to version your specific commits. > > You can use Vagrant to deploy a DO Droplet and apply Ansible to it > automatically - one command once you've written the Vagrantfile. > On 30 Jul 2015 10:54 pm, "Stuart Burns" > wrote: > >> Ok so I want to do two things (and this is the challenge) >> >> I want to automate virtualhost configs. They are trivial and repetative >> but easy to fat finger. Script to create a db user followed by a virtual >> host file creation and a2ensite, reload and it should be good. How could >> ansible/whatever be more efficient. >> >> Secondly how do I integrate it from my desktops so I can just pop out a >> master server with tuned/pre set configs ? Oh and I want versioning too ;) >> >> If you can tell me how to do that lot simply and easily I will retract my >> thus truthful statement re: Ansible et all. >> >> >> >> On 30 July 2015 at 13:47, Michael Crilly wrote: >> >>> Niche? Virtually industry standard alongside Puppet. >>> >>> Unworkable? I've got it automatically provisioning entire environments >>> with HAProxy, NodeJS apps, MongoDB, Java apps, MySQL, the lot. >>> >>> Whatever happened to a tradesmen never blaming his tools? >>> >>> Also, OSS generally accepts pull requests for bugs and improvements - >>> hop to it ;-) >>> On 30 Jul 2015 10:45 pm, "Stuart Burns" >>> wrote: >>> >>>> We woud Mike if it wasn't so friggin' niche and unworkable for the most >>>> part ;) >>>> >>>> >>>> On 30 July 2015 at 13:42, Michael Crilly wrote: >>>> >>>>> Steve, >>>>> >>>>> Consider uses Vagrant for testing and development. It'll run the VM >>>>> locally and cost you nothing. >>>>> On 30 Jul 2015 10:41 pm, "Steve Lilley" >>>>> wrote: >>>>> >>>>>> I personally feel as safe logging in as root with a key (and 2 >>>>>> factor on DO) then I do logging on with a password as a normal user If that >>>>>> user is setup to sudo anyway. Then again I only use it for test and dev. >>>>>> >>>>>> >>>>>> >>>>>> Steve >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On >>>>>> Behalf Of *Les Pritchard >>>>>> *Sent:* 30 July 2015 13:24 >>>>>> *To:* chester >>>>>> *Subject:* Re: [Chester LUG] Digitalocean users.. a question >>>>>> >>>>>> >>>>>> >>>>>> Yes, I'd agree with Mike on that. If you're creating the VPS manually >>>>>> you could use a temporary password for root, then create a standard user >>>>>> and disable the root. >>>>>> >>>>>> >>>>>> >>>>>> If you can, I'd also recommend locking down SSH to specific IPs or at >>>>>> least ranges. >>>>>> >>>>>> >>>>>> >>>>>> On 30 July 2015 at 13:17, Michael Crilly wrote: >>>>>> >>>>>> The initial root login is designed to give you an easy way in so you >>>>>> can configure the system, locking down root login and removing that key >>>>>> from the system (after adding additional users and allowing them to sudo to >>>>>> root.) >>>>>> >>>>>> Think of that initial SSH key as a deployment key - login once with >>>>>> it, then use Ansible to setup your system with new users and various other >>>>>> state. >>>>>> >>>>>> Cheers, >>>>>> >>>>>> Mike. >>>>>> >>>>>> On 30 Jul 2015 9:50 pm, "Stuart Burns" >>>>>> wrote: >>>>>> >>>>>> Hi Everyone, >>>>>> >>>>>> >>>>>> >>>>>> I am just in the process of moving over some sites to DO and I >>>>>> thought I would start using the stored SSH key system you can use when >>>>>> deploying your droplets. It works fine, no issues. Just I dont really feel >>>>>> comfortable logging in as root directly. Years of non root logins make me >>>>>> feel itchy about this. >>>>>> >>>>>> >>>>>> >>>>>> What does everyone else think? (I know you can alter and someone >>>>>> trying to crack a proper PKI implementation may have a long wait!) I was >>>>>> more concerned with it being out the box functionality. >>>>>> >>>>>> Regards >>>>>> >>>>>> >>>>>> >>>>>> Stuart >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Chester mailing list >>>>>> Chester at mailman.lug.org.uk >>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Chester mailing list >>>>>> Chester at mailman.lug.org.uk >>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Chester mailing list >>>>>> Chester at mailman.lug.org.uk >>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Chester mailing list >>>>> Chester at mailman.lug.org.uk >>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>> >>>>> >>>> >>>> >>>> -- >>>> Stuart Burns >>>> E: stuart.james.burns at gmail.com >>>> M: [redacted] >>>> >>>> >>>> _______________________________________________ >>>> Chester mailing list >>>> Chester at mailman.lug.org.uk >>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>> >>>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >>> >> >> >> -- >> Stuart Burns >> E: stuart.james.burns at gmail.com >> M: [redacted] >> >> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -- Stuart Burns E: stuart.james.burns at gmail.com M: [redacted] -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael at mcrilly.me Thu Jul 30 13:04:19 2015 From: michael at mcrilly.me (Michael Crilly) Date: Thu, 30 Jul 2015 13:04:19 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: Then also look at Packer, which can create Vagrant boxes for you from VirtualBox VMs :-) On 30 Jul 2015 11:03 pm, "Stuart Burns" wrote: > I did take a look at Vagrant but I dont get it. All the docs seem to be > missing something. I get what it is, its a containerized pre configed > machine but something is lost in "doing it" > > > On 30 July 2015 at 13:59, Michael Crilly wrote: > >> There are modules at docs.ansible.com for all those things. >> >> It'll be more efficient because it will be OS agnostic if you develop the >> Playbook correctly. It will also be sharable and easier to read than a >> shell script. >> >> You can version Ansible "code" using git like the rest of the industry. >> Use git tags to version your specific commits. >> >> You can use Vagrant to deploy a DO Droplet and apply Ansible to it >> automatically - one command once you've written the Vagrantfile. >> On 30 Jul 2015 10:54 pm, "Stuart Burns" >> wrote: >> >>> Ok so I want to do two things (and this is the challenge) >>> >>> I want to automate virtualhost configs. They are trivial and repetative >>> but easy to fat finger. Script to create a db user followed by a virtual >>> host file creation and a2ensite, reload and it should be good. How could >>> ansible/whatever be more efficient. >>> >>> Secondly how do I integrate it from my desktops so I can just pop out a >>> master server with tuned/pre set configs ? Oh and I want versioning too ;) >>> >>> If you can tell me how to do that lot simply and easily I will retract >>> my thus truthful statement re: Ansible et all. >>> >>> >>> >>> On 30 July 2015 at 13:47, Michael Crilly wrote: >>> >>>> Niche? Virtually industry standard alongside Puppet. >>>> >>>> Unworkable? I've got it automatically provisioning entire environments >>>> with HAProxy, NodeJS apps, MongoDB, Java apps, MySQL, the lot. >>>> >>>> Whatever happened to a tradesmen never blaming his tools? >>>> >>>> Also, OSS generally accepts pull requests for bugs and improvements - >>>> hop to it ;-) >>>> On 30 Jul 2015 10:45 pm, "Stuart Burns" >>>> wrote: >>>> >>>>> We woud Mike if it wasn't so friggin' niche and unworkable for the >>>>> most part ;) >>>>> >>>>> >>>>> On 30 July 2015 at 13:42, Michael Crilly wrote: >>>>> >>>>>> Steve, >>>>>> >>>>>> Consider uses Vagrant for testing and development. It'll run the VM >>>>>> locally and cost you nothing. >>>>>> On 30 Jul 2015 10:41 pm, "Steve Lilley" >>>>>> wrote: >>>>>> >>>>>>> I personally feel as safe logging in as root with a key (and 2 >>>>>>> factor on DO) then I do logging on with a password as a normal user If that >>>>>>> user is setup to sudo anyway. Then again I only use it for test and dev. >>>>>>> >>>>>>> >>>>>>> >>>>>>> Steve >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On >>>>>>> Behalf Of *Les Pritchard >>>>>>> *Sent:* 30 July 2015 13:24 >>>>>>> *To:* chester >>>>>>> *Subject:* Re: [Chester LUG] Digitalocean users.. a question >>>>>>> >>>>>>> >>>>>>> >>>>>>> Yes, I'd agree with Mike on that. If you're creating the VPS >>>>>>> manually you could use a temporary password for root, then create a >>>>>>> standard user and disable the root. >>>>>>> >>>>>>> >>>>>>> >>>>>>> If you can, I'd also recommend locking down SSH to specific IPs or >>>>>>> at least ranges. >>>>>>> >>>>>>> >>>>>>> >>>>>>> On 30 July 2015 at 13:17, Michael Crilly wrote: >>>>>>> >>>>>>> The initial root login is designed to give you an easy way in so you >>>>>>> can configure the system, locking down root login and removing that key >>>>>>> from the system (after adding additional users and allowing them to sudo to >>>>>>> root.) >>>>>>> >>>>>>> Think of that initial SSH key as a deployment key - login once with >>>>>>> it, then use Ansible to setup your system with new users and various other >>>>>>> state. >>>>>>> >>>>>>> Cheers, >>>>>>> >>>>>>> Mike. >>>>>>> >>>>>>> On 30 Jul 2015 9:50 pm, "Stuart Burns" >>>>>>> wrote: >>>>>>> >>>>>>> Hi Everyone, >>>>>>> >>>>>>> >>>>>>> >>>>>>> I am just in the process of moving over some sites to DO and I >>>>>>> thought I would start using the stored SSH key system you can use when >>>>>>> deploying your droplets. It works fine, no issues. Just I dont really feel >>>>>>> comfortable logging in as root directly. Years of non root logins make me >>>>>>> feel itchy about this. >>>>>>> >>>>>>> >>>>>>> >>>>>>> What does everyone else think? (I know you can alter and someone >>>>>>> trying to crack a proper PKI implementation may have a long wait!) I was >>>>>>> more concerned with it being out the box functionality. >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> >>>>>>> >>>>>>> Stuart >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Chester mailing list >>>>>>> Chester at mailman.lug.org.uk >>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Chester mailing list >>>>>>> Chester at mailman.lug.org.uk >>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Chester mailing list >>>>>>> Chester at mailman.lug.org.uk >>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> Chester mailing list >>>>>> Chester at mailman.lug.org.uk >>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Stuart Burns >>>>> E: stuart.james.burns at gmail.com >>>>> M: [redacted] >>>>> >>>>> >>>>> _______________________________________________ >>>>> Chester mailing list >>>>> Chester at mailman.lug.org.uk >>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>> >>>>> >>>> _______________________________________________ >>>> Chester mailing list >>>> Chester at mailman.lug.org.uk >>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>> >>>> >>> >>> >>> -- >>> Stuart Burns >>> E: stuart.james.burns at gmail.com >>> M: [redacted] >>> >>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >>> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > > > -- > Stuart Burns > E: stuart.james.burns at gmail.com > M: [redacted] > > > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stuart.james.burns at gmail.com Thu Jul 30 13:26:41 2015 From: stuart.james.burns at gmail.com (Stuart Burns) Date: Thu, 30 Jul 2015 13:26:41 -0000 Subject: [Chester LUG] Digitalocean users.. a question In-Reply-To: References: Message-ID: Dare I good On 30 July 2015 at 14:04, Michael Crilly wrote: > Then also look at Packer, which can create Vagrant boxes for you from > VirtualBox VMs :-) > On 30 Jul 2015 11:03 pm, "Stuart Burns" > wrote: > >> I did take a look at Vagrant but I dont get it. All the docs seem to be >> missing something. I get what it is, its a containerized pre configed >> machine but something is lost in "doing it" >> >> >> On 30 July 2015 at 13:59, Michael Crilly wrote: >> >>> There are modules at docs.ansible.com for all those things. >>> >>> It'll be more efficient because it will be OS agnostic if you develop >>> the Playbook correctly. It will also be sharable and easier to read than a >>> shell script. >>> >>> You can version Ansible "code" using git like the rest of the industry. >>> Use git tags to version your specific commits. >>> >>> You can use Vagrant to deploy a DO Droplet and apply Ansible to it >>> automatically - one command once you've written the Vagrantfile. >>> On 30 Jul 2015 10:54 pm, "Stuart Burns" >>> wrote: >>> >>>> Ok so I want to do two things (and this is the challenge) >>>> >>>> I want to automate virtualhost configs. They are trivial and repetative >>>> but easy to fat finger. Script to create a db user followed by a virtual >>>> host file creation and a2ensite, reload and it should be good. How could >>>> ansible/whatever be more efficient. >>>> >>>> Secondly how do I integrate it from my desktops so I can just pop out a >>>> master server with tuned/pre set configs ? Oh and I want versioning too ;) >>>> >>>> If you can tell me how to do that lot simply and easily I will retract >>>> my thus truthful statement re: Ansible et all. >>>> >>>> >>>> >>>> On 30 July 2015 at 13:47, Michael Crilly wrote: >>>> >>>>> Niche? Virtually industry standard alongside Puppet. >>>>> >>>>> Unworkable? I've got it automatically provisioning entire environments >>>>> with HAProxy, NodeJS apps, MongoDB, Java apps, MySQL, the lot. >>>>> >>>>> Whatever happened to a tradesmen never blaming his tools? >>>>> >>>>> Also, OSS generally accepts pull requests for bugs and improvements - >>>>> hop to it ;-) >>>>> On 30 Jul 2015 10:45 pm, "Stuart Burns" >>>>> wrote: >>>>> >>>>>> We woud Mike if it wasn't so friggin' niche and unworkable for the >>>>>> most part ;) >>>>>> >>>>>> >>>>>> On 30 July 2015 at 13:42, Michael Crilly wrote: >>>>>> >>>>>>> Steve, >>>>>>> >>>>>>> Consider uses Vagrant for testing and development. It'll run the VM >>>>>>> locally and cost you nothing. >>>>>>> On 30 Jul 2015 10:41 pm, "Steve Lilley" >>>>>>> wrote: >>>>>>> >>>>>>>> I personally feel as safe logging in as root with a key (and 2 >>>>>>>> factor on DO) then I do logging on with a password as a normal user If that >>>>>>>> user is setup to sudo anyway. Then again I only use it for test and dev. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Steve >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *From:* Chester [mailto:chester-bounces at mailman.lug.org.uk] *On >>>>>>>> Behalf Of *Les Pritchard >>>>>>>> *Sent:* 30 July 2015 13:24 >>>>>>>> *To:* chester >>>>>>>> *Subject:* Re: [Chester LUG] Digitalocean users.. a question >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Yes, I'd agree with Mike on that. If you're creating the VPS >>>>>>>> manually you could use a temporary password for root, then create a >>>>>>>> standard user and disable the root. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> If you can, I'd also recommend locking down SSH to specific IPs or >>>>>>>> at least ranges. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On 30 July 2015 at 13:17, Michael Crilly >>>>>>>> wrote: >>>>>>>> >>>>>>>> The initial root login is designed to give you an easy way in so >>>>>>>> you can configure the system, locking down root login and removing that key >>>>>>>> from the system (after adding additional users and allowing them to sudo to >>>>>>>> root.) >>>>>>>> >>>>>>>> Think of that initial SSH key as a deployment key - login once with >>>>>>>> it, then use Ansible to setup your system with new users and various other >>>>>>>> state. >>>>>>>> >>>>>>>> Cheers, >>>>>>>> >>>>>>>> Mike. >>>>>>>> >>>>>>>> On 30 Jul 2015 9:50 pm, "Stuart Burns" < >>>>>>>> stuart.james.burns at gmail.com> wrote: >>>>>>>> >>>>>>>> Hi Everyone, >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> I am just in the process of moving over some sites to DO and I >>>>>>>> thought I would start using the stored SSH key system you can use when >>>>>>>> deploying your droplets. It works fine, no issues. Just I dont really feel >>>>>>>> comfortable logging in as root directly. Years of non root logins make me >>>>>>>> feel itchy about this. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> What does everyone else think? (I know you can alter and someone >>>>>>>> trying to crack a proper PKI implementation may have a long wait!) I was >>>>>>>> more concerned with it being out the box functionality. >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Stuart >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Chester mailing list >>>>>>>> Chester at mailman.lug.org.uk >>>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Chester mailing list >>>>>>>> Chester at mailman.lug.org.uk >>>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Chester mailing list >>>>>>>> Chester at mailman.lug.org.uk >>>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Chester mailing list >>>>>>> Chester at mailman.lug.org.uk >>>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Stuart Burns >>>>>> E: stuart.james.burns at gmail.com >>>>>> M: [redacted] >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Chester mailing list >>>>>> Chester at mailman.lug.org.uk >>>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Chester mailing list >>>>> Chester at mailman.lug.org.uk >>>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>>> >>>>> >>>> >>>> >>>> -- >>>> Stuart Burns >>>> E: stuart.james.burns at gmail.com >>>> M: [redacted] >>>> >>>> >>>> _______________________________________________ >>>> Chester mailing list >>>> Chester at mailman.lug.org.uk >>>> https://mailman.lug.org.uk/mailman/listinfo/chester >>>> >>>> >>> _______________________________________________ >>> Chester mailing list >>> Chester at mailman.lug.org.uk >>> https://mailman.lug.org.uk/mailman/listinfo/chester >>> >>> >> >> >> -- >> Stuart Burns >> E: stuart.james.burns at gmail.com >> M: [redacted] >> >> >> _______________________________________________ >> Chester mailing list >> Chester at mailman.lug.org.uk >> https://mailman.lug.org.uk/mailman/listinfo/chester >> >> > _______________________________________________ > Chester mailing list > Chester at mailman.lug.org.uk > https://mailman.lug.org.uk/mailman/listinfo/chester > > -- Stuart Burns E: stuart.james.burns at gmail.com M: [redacted] Well if no one obhects I dont mind trying some of this stuff out tonight to see if we can build a "repeatable" host and easy virtualhost setup. -------------- next part -------------- An HTML attachment was scrubbed... URL: From les.pritchard at gmail.com Thu Jul 30 14:40:45 2015 From: les.pritchard at gmail.com (Les Pritchard) Date: Thu, 30 Jul 2015 14:40:45 -0000 Subject: [Chester LUG] Fwd: Meet this Thursday In-Reply-To: References: Message-ID: Reminder - tonight from 7.30. I'll be there from 8, so see you later. Les ---------- Forwarded message ---------- From: Les Pritchard Date: 27 July 2015 at 17:20 Subject: Meet this Thursday To: chester Hi all, The next LUG meet is this Thursday at the Funky Aardvark from 7.30. If anyone has any topics they'd like to discus or demo, please let us know. See you on Thursday. Les -------------- next part -------------- An HTML attachment was scrubbed... URL: