From 409eccd9560a705f5b6d6e7412eb0476870c9369 Mon Sep 17 00:00:00 2001 From: thomasabishop Date: Mon, 6 Oct 2025 19:36:34 +0100 Subject: [PATCH] content: new entries on network management --- zk/Create_a_deploy_user.md | 59 ++++++++++++++++++++++ zk/DHCP.md | 24 +++++++++ zk/Generating_SSH_key_for_server_access.md | 40 +++++++++++++++ 3 files changed, 123 insertions(+) create mode 100644 zk/Create_a_deploy_user.md create mode 100644 zk/DHCP.md create mode 100644 zk/Generating_SSH_key_for_server_access.md diff --git a/zk/Create_a_deploy_user.md b/zk/Create_a_deploy_user.md new file mode 100644 index 0000000..ec2d628 --- /dev/null +++ b/zk/Create_a_deploy_user.md @@ -0,0 +1,59 @@ +--- +tags: + - servers +--- + +# Create a deploy user + +When I want to run deploy operations on my server from a client that is not me +(e.g. Forgejo) it is best to create a user for this purpose that has limited +conditions - more restricted than my `/home` user. + +Create user on server: + +```sh +sudo useradd -m -s /bin/bash deploy +``` + +> `-m` gives him a home directory which is necessary for him to have an `.ssh/` +> directory. `/bin/bash` gives him the ability to run shell commands. + +Give permissions: + +```sh +sudo chown -R deploy:www-data /var/www +sudo chmod -R 755 /var/www/ +``` + +This: + +- Adds the user ("deploy") to the group of the default web server user + (`www-data`) +- Gives deploy user full read/write/execute + +Then create an SSH key-pair for the deploy user following the steps at +[Generating an SSH key for server access](./Generating_SSH_key_for_server_access.md) +and add his public key to the `authorized_keys` file on the server. + +He'll first need his own `.ssh` directory however: + +```sh +sudo mkdir -p /home/deploy/.ssh +sudo touch /home/deploy/.ssh/authorized_keys +sudo chmod 700 /home/deploy/.ssh +sudo chmod 600 /home/deploy/.ssh/authorized_keys +sudo chown -R deploy:deploy /home/deploy/.ssh +``` + +Then attempt to connect to ensure SSH access is working: + +```sh +ssh -i .ssh/deploy_self_host_server deploy@server_ip + +``` + +Now the SSH key associated with the deploy user can be used to remotely execute +deployment functions on the server from any client. + +Next need to add deploy user's key to Forgejo eolas-api repo and test the action +again diff --git a/zk/DHCP.md b/zk/DHCP.md new file mode 100644 index 0000000..4f853eb --- /dev/null +++ b/zk/DHCP.md @@ -0,0 +1,24 @@ +--- +tags: [internet, networks] +--- + +# DHCP + +Stands for **Dynamic Host Configuration Protocol** and operates on consumer +routers. This is a server protocol. + +Automatically assigns IP addresses and network configuration settings to devices +when they connect to a network. + +Saves you from manually configuring each device on the network. Dynamically +distributes: + +- [IP addresses](./IP_addresses.md) +- [Subnet masks](./IP_addresses.md) +- Default gateway addresses +- DNS server addresses + +> Why was this pertinent to the configuration of my Pihole? DHCP on my router +> will chose the default DNS server. I wanted to change the default DNS server +> to use the address of the Pihole on the network. This change has to be made in +> the DHCP settings. diff --git a/zk/Generating_SSH_key_for_server_access.md b/zk/Generating_SSH_key_for_server_access.md new file mode 100644 index 0000000..3c38bb2 --- /dev/null +++ b/zk/Generating_SSH_key_for_server_access.md @@ -0,0 +1,40 @@ +--- +tags: + - servers +--- + +# Generating SSH key for server access + +Using local machine generate new key: + +```sh +ssh-keygen -t ed25519 -C "user@clientname" -f ~/.ssh/user_clientname +``` + +This creates a public/private key pair on the local machine, viz: + +``` +.ssh/user_clientname +.ssh/user_clientname.pub +``` + +Get the public key: + +```sh +cat .ssh/user_clientname.pub +``` + +Add to the server's authorized keys: + +```sh +echo "PASTE_PUBLIC_KEY_HERE" >> ~/.ssh/authorized_keys +``` + +Test by using the new public key to connect: + +```sh +ssh -i ~/.ssh/user_clientname user@servername +``` + +Paste the private key into whatever client wants to access the server (e.g. +Forgejo).