Fixing permissions for EC2 private key file

By Tomica Kaniski in Other 0 Comment

This time, I was playing around with AWS and created some EC2 instances.

When you are creating and working with your instances, you will need to take care of the authentication – you would usually import or create new key pair and use private key on your machine to connect via SSH to the EC2 instance in AWS. The whole process of creating a key pair and downloading the private key is pretty simple – on the page below, you select name, type and format of your key pair and, when created, private key begins automatic download to your PC:

Now you can create your instance and select the created key pair for authentication:

If you have your private key ready and the instance is up and accessible to you, you can use (for example) SSH to connect to it:

So… we have a challenge! Looks like our private key is not secured enough and others may have access to it!

If we look at the permissions, we can see that all of them are actually inherited… so, we’ll need to remove the inheritance/inherited permissions and give them only to the account that needs it:

And after some “tweaking”:

If we retry the connection, this happens:

 

Excellent!

And if you’re not a fan of clicking through the permissions dialog, here are scripts that can help you with this – they basically remove the inheritance and add full access permissions to the owner of the file (needs path to your private key file as a parameter!):

  • the “PowerShell” flavour:

  • the “CMD” flavour:

Hope it helps!

Cheers!

P.S. Scripts are also available at my GitHub (https://github.com/TomicaKaniski/toms-notes-code/).

P.P.S. There’s also a script that restores inheritance and inherited permissions… in case you… mess something up. 😀

Found my forgotten Raspberry Pi

By Tomica Kaniski in Other 2 Comments

And, naturally, decided to put it to use (although, for exactly what… is currently unclear). 😊

So… how?

As there was already a micro SD card inside my Raspberry Pi, I was all set!

Basically, what I had to do:

  • download the OS image (Raspberry Pi OS Lite)
  • download imaging software (Etcher)
  • extract the OS onto micro SD card
  • enable SSH by adding an empty file called “ssh” (yes, without any extension) to the boot volume
  • boot it up
  • set it up as I like

Extracting the OS image onto micro SD card is a “breeze” with right tools – select OS image, select where do you want to put it and click Flash:

After it’s finished, don’t forget to enable yourself the SSH access (it’s easier that way):

Done.

Let’s put the card back into Raspberry Pi and boot it up.

Few seconds later, you can use (e.g.) Windows Terminal and included SSH client to access your Raspberry Pi (default networking option is DHCP, with default username of pi and password raspberry):

I wanted to “tweak” my installation a bit (with the provided raspi-config script), so I’ve used the following for disabling unnecessary devices, custom network settings, etc.:

# raspi-config script is located in /usr/bin/raspi-config
# settings (some of them) are located in /boot/config.txt

# update the raspi-config script (or you can use 'sudo raspi-config nonint do_update') and vim... is nice to have
sudo apt update
sudo apt install -y raspi-config vim

# set static ip address (configure in '/etc/dhcpcd.conf', can check interfaces with 'ip link' - can be done nicer, but... :))
echo 'interface eth0' | sudo tee -a /etc/dhcpcd.conf
echo 'static ip_address=192.168.12.101/24' | sudo tee -a /etc/dhcpcd.conf
echo 'static routers=192.168.12.1' | sudo tee -a /etc/dhcpcd.conf
echo 'static domain_name_servers=192.168.12.1' | sudo tee -a /etc/dhcpcd.conf

# set password (for user 'pi')
echo "pi:MyExtraSecretPass#123" | sudo chpasswd

# set boot options to my liking
sudo raspi-config nonint do_boot_behaviour B1
sudo raspi-config nonint do_boot_wait 1

# set/disable unnecessary interfaces
sudo raspi-config nonint do_camera 1
sudo raspi-config nonint do_ssh 0
sudo raspi-config nonint do_vnc 1
sudo raspi-config nonint do_spi 1
sudo raspi-config nonint do_i2c 1
sudo raspi-config nonint do_serial 1
sudo raspi-config nonint do_onewire 1
sudo raspi-config nonint do_rgpio 1
sudo raspi-config nonint do_memory_split 16
sudo raspi-config nonint do_expand_rootfs
sudo raspi-config nonint do_wifi_country HR
sudo raspi-config nonint do_change_timezone Europe/Zagreb

# upgrade packages and set hostname
sudo apt upgrade -y
sudo raspi-config nonint do_hostname pimaster
sudo reboot

# ssh back into your pimaster
ssh [email protected]

And after a while, my Raspberry Pi is finally ready:

Cheers!