Basic 1st Cloudron setup advice ... root user vs. sudo user and SSH keys...
-
First time using Cloudron. I have a fresh new Ubuntu 22.04 server up and ready to go, but first I need to understand best practices regarding the following:
Root User vs. Sudo User - To secure my servers, I normally prevent root logins. Create a sudo user, and only login with SSH keys.
But I'm unclear how Cloudron works in this regard. The Installation instructions (https://docs.cloudron.io/installation/) are mute on this so far as I can tell.
- Should I run the install commands as the root user or a sudo user?
The manual does mention some of this in the Security section (https://docs.cloudron.io/security/#securing-ssh-access) - but that seems to be post-install.
Also... in that Security section of the manual, it mentions SSH is handled on port 202. My host has SSH setup on 1022.
- I've read those docs, but am still unsure what I'll need to do to rectify this... or maybe more specifically... what order in which I need to do which task. I can imagine a scenario in which I install Cloudron (via root logged in through port 1022) and then get locked out immediately after the install because it's expecting me to use port 202 instead.
Deep appreciation for any hints on these issues. Thanks.
-
Fresh Ubuntu 22.04 Server.
login as root Step:- run the install as the root user
- add a sudo user and secure sshd and set the port to 202 as written in the docs
-
If a it's fresh server you can always start over and over again
-
Yep. Exactly as I feared. I think the install was successful, but now I've lost the ability to SSH into my box because the ports are all wrong. And I can't edit them without SSH access.
Grrrrrrrrrrr........And no, it's not that easy to start over and over again.
-
All the cuss words.... how do I fix this now?
I ran the install exactly as described. Verbatim.
And now I'm locked out of my box.This is not a $5 DO instance I can just respin a hundred times until it's right. Cloudron is feeling like more hassle than it's worth.
All afternoon to work around the simplest crap.
Unless I'm just missing something.... I think my only option is to have my host recommission this server from scratch.
Very not cool.
-
So frustrated with this experience. The exact scenario I predicted (#2) above came true.
I should have paid more attention to my gut, and been more skeptical of the answer above. After all these hours, my host finally got me back into my server about 10 mins ago.
For anyone else needing help with this... the correct answer is... if your host uses an oddball SSH port like mine, update your [ /etc/ssh/sshd_config ] file before installing Cloudron ... or else you'll have a bad day like me - running wild goose chases trying to troubleshoot it and then finally begging/waiting for your host to bail you out when everything else fails.
Thank you for your efforts, @JLX89
-
@Reveller said in Basic 1st Cloudron setup advice ... root user vs. sudo user and SSH keys...:
For anyone else needing help with this... the correct answer is... if your host uses an oddball SSH port like mine, update your [ /etc/ssh/sshd_config ] file before installing Cloudron ... or else you'll have a bad day like me - running wild goose chases trying to troubleshoot it and then finally begging/waiting for your host to bail you out when everything else fails.
Thank you for your efforts, @JLX89
So nothing to do with Cloudron and everything to do with your host?! And as you had to be ssh-ed in with the correct βoddballβ port to install Cloudron - how did the port change by the next time you tried to log in?
-
This post is deleted!
-
The question is why is the host setting an "oddball" SSH port on initial configuration? This is not standard practice so I feel it is quite right that the host should "bail you out" if that causes problems. I assume the host makes customers aware of this? The documentation for Cloudron in any case makes it very clear which ports are accessible by the firewall.
-
Sorry for the frustrating experience but I have to say in several years of using Cloud infrastructure, this is the first time I hear of someone providing a server on non-port 22. This is why such a special case has not made it to the docs. May I ask what VPS provider this is? We test installation over 30 providers, all use port 22 by default.
-
G girish marked this topic as a question on
-
G girish has marked this topic as solved on
