HackMD
System Adminstation Colaberation Note
Lecture 01
- install FreeBSD
- install Application on FreeBSD
FreeBSD installation ( macOS )
Install FreeBSD on macOS
Install FreeBSD using parallels desktop
- FreeBSD IOS 13.1 list : https://download.freebsd.org/ftp/releases/arm64/aarch64/ISO-IMAGES/13.1/
- FreeBSD-13.1-RELEASE-arm64-aarch64-disc1.iso.xz (download link)
disc vs did
https://forums.freebsd.org/threads/difference-between-disc-1-and-dvd-1.54329/
Add new VM on parallels desktop
- navigate to controll panel and select
add new VM
- continue
- create new VM from ISO file
- continue step
- ignore alert and select
other OS(not other linux)
Install FreeBSD
refernce to : NYCU NASA install FreeBSD pdf
ssh into FreeBSD ( login to FreeBSD via macOS terminal )
- type
ifconfigcommand to check current device IP
- ssh into FreeBSD just like logging into other VPS
- successful login
other OS
free to share experience of setting up environment on other OSJason
Homework
prerequisites
- judge user & group setting
- wireGuard VPN
homework
General task
- SSH Public Key and judge User :
The task is to setup correct ssh configuration so that judge server could ssh into our VM asjudgeuser to test our evironment setting .
Thepublic keycould be download from OJ( online judge ) , then we have to copypublic keyfrom our local workspace ( macOS for me ) to FreeBSD VM ( which also can be seen as remote server )
By using ssh-copy-id or scp command , the public key can be sent to VM .
Another solutiuon is using curl command to dowdload public key directly from OJ .
As for configuration file of wiredGuard can be sent to VM via scp command . ( or using curl )
- Install FreeBSD 13.1-RELEASE and apply the security patch :
After installing FreeBSD , runfreebsd-versionwould get13.1-RELEASEas result ( withoutp7tag after ) , so we have to update the system to latest patch . By runningfreebsd-update fetch installcommand to get latest patch . - Time Zone :
Time Zone have already setup duringbsdintall
User & Group task
Using adduser ( user must have root user's credential ) to create new user and also setting user's group meanwhile .
For the requirement of judge user could run sudo command without password , we have to config sudoer file . ( user must have root user's credential )
- Using
visudocommand :
configsudoerfile directly viavieditor
- Edit
sudoerfile viavim:
The defaultsudoerfile is located at/usr/local/etc/sudoers, so we could editsudoerfile usingviminstead ofvi( which is more easy to use ) .
WireGuard
Copy the configuration file into /usr/local/etc/wireguard/ using scp.
And start VPN tunnel using wg-quick command.
https://www.wireguard.com/install/#freebsd-kmod-userspace-go-tools
commands
freebsd-update fetch install: update system to latest patch versionshutdown -p nowrebootsu:su - USERNAME: change to USERNAME ( the whole environment will change )su USERNAME: change to USERNAME ( reserve some previous user information )
groups USERNAME: checkUSERNAME's groupsadduserrmuserpw group mod GROUP_NAME -m USERNAME: addUSERNAMEuser toGROUP_NAMEgroupvisudo: edit sudoer config file- sudoer file defult location :
/usr/local/etc/sudoers
- sudoer file defult location :
wg-quickwg-quick up /path/to/file.conf/usr/local/etc/wiredguard/vpnName.conf( defult config file location )
scpscp /path/to/local-server/file User@Host:/path/to/remove-server/dir
ssh-copy-idssh-copy-id -i /path/to/keyGenFile.pub User@Host
service sshd restart
Weird Bug ?
Bug Situation:
After setting up wiredGuard and authorized_keys , the judge server could ping VM but can't ssh into MV .
I have tried remove .ssh/authorized_keys and download public key from judge server serverl times , however the judge server still not can ssh into MV.
Solution:
My friend Owen remove the whole .ssh directory and create .ssh directory , copy authorized_keys then solve this condition .
Reference
- install FreeBSD on Mac M1 chip using UTM
- install FreeBSD on Mac M1 chip using VMware
- NYCU SA [install FreeBSD]
- NYCU SA [install Applications]
