From: dbucklin@sdf.org Date: 2017-11-02 Subject: Shoving off with Lightsail [Lightsail][1] is basically a stripped-down version of Amazon's EC2 cloud computing service. I've wanted to have a cloud-based instance for a while, but it seemed that the complexity of setting up EC2 just barely overcame my willingness to commit to such an endeavor. With Lightsail, I had a cloud-based Debian instance up and running in just a few clicks. As you might expect, there are a few more steps to make it *really* fun, so I'll go through my initial steps. Immediately after setting up my Lightsail Debian instance, I was able to use the web-based ssh client to connect to it. But I really wanted to be able to ssh to it from my machine at home, my phone, and my Raspberry Pi. As with a native machine, [the first thing you want to do][4] is update the software. The next thing you want to do is [set up a user account for your- self][3]. Lightsail sets up an `admin` account for you, but I don't recommend using that everyday. `sudo useradd <user>` Also, add this user to the sudoers group so that you can do things like install sofware and manage the instance. As I write this, the procedure is to add the following line to `/etc/sudoers.d/<user>`: `<user> ALL=(ALL:ALL) ALL` **Note:** The first time I did this, I messed up the format and this somehow prevented *anyone* from using sudo. Not having the root password for the instance, this basically meant that I could no longer manage the instance. While it's possible to fix this without trashing the instance, I chose to start over. Now that I've created my user, I want to be able to use ssh to con- nect to my Lightsail instance. To do this, Lightsail requires that you use a keypair stored in a .pem file. Lightsail sets up a de- fault keypair for you and you can download it from your Account page. This works out of the box with your default user account (e.g. `admin`), but you'll need to set it up for use with the user account you created for yourself. 1. Set a static IP for your instance. *(optional, but recommend- ed)* 2. Download your pem file from AWS. 3. Run `ssh-keygen -y` locally and give it the path to your pem file. 4. Back on your Lightsail instance, paste the key into `.ssh/au- thorized_keys` for your new user. Now you should be able to ssh to your new user account from your local machine (or any machine with the pem file) with the follow- ing: `ssh -i <pemfile.pem> <user@host>` If you have a domain sitting around, you can [set up DNS][7]. This opens up some fun possibilities, but mainly makes it easier to re- member your hostname. 1. Create a DNS zone in Lightsail 2. Update your registrar with the AWS DNS servers 3. Add an A record to the DNS zone (I took the subdomain off and it seems to work fine) 4. Wait for the DNS settings to propogate Now you can log in and install and configure software ([of- flineimap, msmtp, mutt][5], [weechat][6], pastebins, a gopher serv- er, bookmark manager, [the list goes on][8]). *But why wouldn't you set up dynamic DNS and just connect to your machine at home?* Well, yeah, I suppose I *could* do that, but it probably wouldn't be as complicated or expensive, now, would it? Seriously, though, my home network isn't the most reliable and, frankly, it might ac- tually be easier to set up a Lightsail instance. Plus, having a box in the cloud seems so badass and the network speed/latency is mar- velous. [1]: https://lightsail.aws.amazon.com [2]: https://stackoverflow.com/questions/46937957/unable-to-ssh-to-remote-server [3]: https://aws.amazon.com/premiumsupport/knowledge-center/new-user-accounts-linux-instance/ [4]: https://www.doomd.net/2017/06/a-few-things-to-do-when-first-setting-up-a-lightsail-instance-running-wordpress.html [5]: https://pbrisbin.com/posts/mutt_gmail_offlineimap/ [6]: https://weechat.org/files/doc/devel/weechat_user.en.html [7]: https://lightsail.aws.amazon.com/ls/docs/how-to/article/lightsail-how-to-create-dns-entry [8]: https://github.com/Kickball/awesome-selfhosted