[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
howtos:cloud:aws_ec2 [2020/07/07 00:48 (UTC)] – [Security] bifferoshowtos:cloud:aws_ec2 [2020/07/07 00:56 (UTC)] – [Security] bifferos
Line 5: Line 5:
  
   * You should have already prepared a DomU compatible Slackware install, see the [[howtos:misc:xen_domu_guest|separate guide]] on how to do that.   * You should have already prepared a DomU compatible Slackware install, see the [[howtos:misc:xen_domu_guest|separate guide]] on how to do that.
-  * You should have an AWS account with the necessary vmimport policy/role+  * You should have an AWS account with the necessary [[https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html#vmimport-role|vmimport role]]
   * You should have awscli configured with credentials such that commands like 'aws s3 ls' work   * You should have awscli configured with credentials such that commands like 'aws s3 ls' work
  
Line 12: Line 12:
 ===== Security ===== ===== Security =====
  
-A quick word about security.  We will not be making use of the service provided by AWS which furnishes your instance with key pairs, because we won't be installing the agent process that does that.  This saves a bit of time for unsupported operating systems like Slackware, but it means you need to sort out how to get access to your instance after it starts.  I strongly suggest you +A quick word about security.  We will not be making use of the service provided by AWS which furnishes your instance with key pairs, because we won't be installing the [[https://github.com/aws/amazon-ssm-agent|agent process]] that does that.  This saves a bit of time for unsupported operating systems like Slackware, but it means you need to sort out how to get access to your instance after it starts.  I strongly suggest you 
  
-  - Upload a public key to the account you'll use to access your instance, e.g. with ssh-copy-id. +  - Upload a public key to the account you'll use to access your instance, e.g. with [[https://www.ssh.com/ssh/copy-id|ssh-copy-id]]
-  - Ensure that ssh is configured to only use key access (PermitRootLogin=prohibit-password), which I believe is the default.+  - Ensure that ssh is configured to only use key access ([[https://man.openbsd.org/sshd_config#PermitRootLogin|PermitRootLogin=prohibit-password]]), which I believe is the default.
   - Reboot and ensure you still have access using your private key.   - Reboot and ensure you still have access using your private key.
   - Double-check that you cannot login using the password that would normally work on the VM console for your user.   - Double-check that you cannot login using the password that would normally work on the VM console for your user.
 +<note important>Within an hour of your instance becoming live it will be logging access attempts by Russian hackers. AWS address ranges are scanned regularly for vulnerabilities precisely because so many users screw up their security.  Don't be caught out.</note>
  
-Within an hour of your instance becoming live it will be logging access attempts by Russian hackers. AWS address ranges are scanned regularly for vulnerabilities precisely because so many users screw up their security.  Don't be caught out. 
 ===== Disk Formats ===== ===== Disk Formats =====
  

Trace:

howtos:cloud:aws_ec2 ()