From CSE330 Wiki
Revision as of 18:27, 9 August 2012 by Shane (talk | contribs) (Created page with 'This page describes how to set up a web server on a Linux machine. If you are unfamiliar with using Linux from the command line, you should read the Linux guide first.…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

This page describes how to set up a web server on a Linux machine. If you are unfamiliar with using Linux from the command line, you should read the Linux guide first.


When connecting to your machine over the internet or intranet, you will most likelly be using ssh (secure shell). SSH access requires that the sshd daemon is running in your machine.

By default, SSH is preinstalled on your EC2 instance. If you are not using an EC2 instance, simply install it from yum or aptitude.

SSH Keys

Normally, you can SSH into your machine with one of two ways: you can use traditional username/password authentication, or you can use a public/private key pair. A public/private key pair is generally considered to be more secure, but it requires that you always have access to your private key file when you want to log into your remote machine. By default, EC2 instances allow only public/private key pair authentication. You can enable password-based authentication by changing the PaswordAuthentication option in /etc/ssh/sshd_config to yes:

PasswordAuthentication yes

SSH Server Configuration

The configuration files for SSH are in /etc/ssh. You can modify the files to affect SSH permissions, among other things. For example, it is always a good idea to disable root access over ssh. This could be done by editing /etc/ssh/sshd_config and setting

PermitRootLogin no

For more detail on editing files on the command line, see the Linux guide.

Note that you must restart the ssh process for this to take effect. Should that fail, rebooting your server should do the trick.

Warning: Disabling root access over SSH for your EC2 instance should only be done after setting up an additional user account and adding that account to the sudoers list.

SSH Client Configuration

Unix-Based Systems (including Mac OS X)

Mac OS X is based on BSD, a flavor of Unix. As such, Mac OS X comes pre-built with all the tools you need to use SSH! Simply fire up Terminal and enter the command

ssh username@hostname

To use SSH with a key pair, use the command

ssh -i /path/to/key.pem username@hostname

Non-Unix-Based Systems (including Microsoft Windows)

Unfortunately, using SSH with Windows is more complicated. It is necessary to install an SSH client to support the connections. A widely used SSH client for Windows is PuTTY. You can download PuTTY from http://www.chiark.greenend.org.uk/~sgtatham/putty/

PuTTY is fairly simple and straight forward with one caveat: Amazon's .pem key pair files are not compatible with PuTTY keys. In order to convert .pem keys to a PuTTY .ppk privte key file, you should use the puttygen.exe utility available from the same page [1] as PuTTY. Next select import under the conversions menu,load the amazon .pem key file and press the save private key button. Be sure to save the file in the directory where PuTTY looks for its keys.

Copy and paste works similarly to the X Window System in Unix. You use the left mouse button to select text in the PuTTY window. The act of selection automatically copies the text to the clipboard: there is no need to press Ctrl-Ins or Ctrl-C or anything else. In fact, pressing Ctrl-C will send a Ctrl-C character to the other end of your connection (just like it does the rest of the time), which may have unpleasant effects. The only thing you need to do, to copy text to the clipboard, is to select it.

To paste the clipboard contents into a PuTTY window, by default you click the right mouse button. If you have a three-button mouse and are used to X applications, you can configure pasting to be done by the middle button instead, but this is not the default because most Windows users don't have a middle button at all.

Also, here is a good PuTTY tutorial that you might find useful to get started: http://kb.mediatemple.net/questions/1595/Using+SSH+in+Putty+%28Windows%29


SSHFS is a filesystem client which allows secure mounting of remote file systems. While there are other ways to mount remote file systems, SSHFS has the advantage of being able to mount a file system located on any host that has an SSH daemon running without any host side installation or configuration. This means that you can easily access and edit your files using all of your local applications including IDEs.

As you may have inferred from the name, the underlying implementation utilizes SSH File Transfer Protocol in combination with FUSE, a package now included in the kernel that allows unprivileged users to easily create their own file systems in userspace (see the wikipedia entry for more information [2]).

To mount a share using password based authentication, the command is

sshfs user@domain:/path/to/remote/directory /path/to/local/mountpoint

e.g. To mount the directory /home/joe/myfiles in the user joe's home directory for a machine with the domain schmoesfiles.org using SSHFS you would enter the command

sshfs joe@www.schmoesfiles.org:myfiles

Note that if you are using public key authentication, the command to mount the remote share is slightly different

sshfs -o IdentityFile=/path/to/private/key user@domain:/path/to/remote/directory /path/to/local/mountpoint

To unmount the filesystem you can use the following command

fusermount -u /path/to/local/mountpoint


Any server running an SSH server is also compatible with SFTP or Secure File Transfer Protocol. (Compare to FTP, or File Transfer Protocol.)

You can use SFTP from the command line, or you can use any GUI file transfer client. All FTP clients I have seen also support SFTP. One popular FTP client is Filezilla.

SUDO Users

For security reasons, you should never SSH into your server as the root user. Instead, you should use a normal user to whom you give sudo privileges. (For more detail on sudo, see the Linux guide.)

When you create an Amazon EC2 instance, the user you set up initially is already given SUDO privileges. If you want to give more users SUDO privileges, use the command visudo, which opens up the SUDO configuration file in the system's default text editor. (Never edit the file /etc/sudoers directly!) SUDO users are specified using lines similar to

alice   ALL=(ALL) ALL

In this case, Alice can run any command as SUDO privileges on the computer. For more detail on SUDO configuration, see http://www.linuxhelp.net/guides/sudo/