Installing Ubuntu Server

Alex's Guardian > Grafana – Start from scratch > Installing Ubuntu Server

<< Creating the Virtual Machine

Now that we have our VM setup and booted to the Ubuntu installer we can go ahead and install Ubuntu Server. Follow the steps below to install Ubuntu Server. You can use Space to select things, Tab and Arrow keys to navigate the installer UI.

  1. Select your Language
  2. Done
  3. Set your preferred keyboard layout
  4. Done
  5. Verify network connection info
  6. Done
  7. Done
  8. Done
  9. Use An Entire Disk
  10. Done
  11. Select your Disk.
    • It may say “local disk”, “MSFT Disk”, etc. etc.
  12. Enter
  13. Done
  14. Continue
  15. Fill out the following fields:
    • Your Name
    • Your Server’s Name: <must be all lowercase>
    • Pick a username: <must be all lowercase>
    • Choose your password
    • Confirm your password
  16. Done
  17. Install OpenSSH Server: <checked>
    • Don’t worry about the ssh key stuff as we will do this later.
  18. Done
  19. Deselect anything that is enabled in Server Snaps.
  20. Done
  21. Wait for Installation to complete and select reboot.

Since this is a VM you can just press enter to continue when asked to remove the installation media as Hyper-V will auto boot to the VHD. After the reboot process has completed, you will be greeted by a login screen:

If you happen to get a readout for ssh key gen and cant see the login, click into the VM an hit the Enter key once. This will clear the screen and show the login view.

You can now login to your VM using the username/password you specified during installation.

After you are logged in, run sudo apt-get update to update package repositories.

Now run sudo apt-get upgrade -y to update packages.

This next section uses the OpenSSH Client feature in Windows 10 1809+. Prior versions of Windows do not have the ability to add the OpenSSH client feature. You will need to install PuTTy to do SSH connections on prior editions of Windows.

You should update to Windows 10 as Windows 7 is now EOL (End Of Life) as of 14 January, 2020!

Securing Ubuntu SSH access via key file

To install this service run the following two PowerShell commands:

# PowerShell [Hyper-V Host]
Get-WindowsCapability -Online | ? Name -like 'OpenSSH*'

Name  : OpenSSH.Client~~~~
State : Installed
Name  : OpenSSH.Server~~~~
State : NotPresent

Add-WindowsCapability -Online -Name OpenSSH.Client~~~~
# Change OpenSSH.Client~~~~ to match the version listed from first command!

By default, SSH is done through user/password authentication. To setup key file authentication (which is more secure) we need to first generate a public/private key pair. First SSH to your VM via PowerShell.

# PowerShell [Hyper-V Host]
ssh [email protected]

Then run the following to generate your new SSH key. We will be using ecdsa for our key. However you can use rsa if needed.

# BASH [Linux VM]
ssh-keygen -t ecdsa -b 521 -C "CHANGE ME TO THE NAME OF YOUR LINUX HOST"

C indicates a comment in the key file. This can be whatever you want but usually its just the hostname of the machine. You can run hostname in the cli to get your VM’s hostname if you forgot it after setup.

Naming the SSH key file during creation will stick it in whatever directory you specify. You will need to copy the .pub key into the ~/.ssh/authorized_keys file, otherwise your key file auth will not work. See here (step 4).

Fill out the rest of the information it asks for. You can hit Enter to leave things blank or default. Run ls ~/.ssh/ to verify if your key pair was successfully created.

Now we need to copy the private key file to your Windows machine. For this we can use an FTP client. Such as FileZilla. Connect to your VM via FTP and navigate to /home/YOUR USERNAME/.ssh.

1.Host: sftp://IP.Of.VM
Username: VM UserName
Password: VM User Password
2.Port = 22
3.Navigate to /home/YOUR USER NAME/.ssh
4.Click quickconnect.
5.Double click your private key to download it.

Your key will end up in your default downloads directory. Copy the key to a folder called .ssh in your C:\Users\YOUR USERNAME\ directory.

You can use any FTP client you wish. You can also use the POSH-SSH PowerShell module to transfer the private key as well as WSL.

# PowerShell [Hyper-V Host]
Install-Module -Name Posh-SSH
$credential = Get-Credential
mkdir $ENV:UserProfile\.ssh
Get-SCPFile -ComputerName 'Linux Hostname/ip' -Credential $credential -RemoteFile '~/.ssh/id_ecdsa' -LocalFile $ENV:UserProfile\.ssh\id_ecdsa
Uninstall-Module -Name Posh-SSH

Thanks Scott H for verifying the SSH steps for the Posh-SSH module and helping me fix the command structure!

If you have WSL enabled you can open a bash session and use SCP there instead.

# BASH via WSL [Hyper-V Host]
scp [email protected]:~/.ssh/id_ecdsa /mnt/c/Users/YOURUSERNAME/.ssh/id_ecdsa

After we copy down the private key file we can test the SSH connection via the OpenSSH client package built into Windows 10 1809+.

# PowerShell [Hyper-V Host]
Start-Service ssh-agent
ssh-add $ENV:UserProfile\.ssh\id_ecdsa
Restart-Service ssh-agent

ssh -i $ENV:UserProfile\.ssh\id_ecdsa [email protected]

Editing the sshd_config file

If your connection is successful, we can go ahead and disable SSH password auth. To do this we need to edit the sshd_config file in Ubuntu.

# BASH [Linux VM]
sudo nano /etc/ssh/sshd_config

Find and edit the entries in the config file:

  • PasswordAuthentication no
  • ChallengeResponseAuthentication no
  • UsePAM no

Now hist CTRL+X then Y to save the file and then restart the ssh service:

# BASH [Linux VM]
sudo systemctl restart ssh

You will most likely get disconnected during the ssh service restart. You can connect back to your host in a few seconds by running ssh -i $ENV:UserProfile.ssh\id_ecdsa [email protected] again in your PowerShell session. You are still able to use password auth if you connect directly to the VM via the Hyper-V console, just in case your ssh key fails!

Windows 10 SSH Client supports an ssh config file! This file can be placed in the .ssh folder and can use standard UNIX syntax!