5/10/2023 0 Comments Linux workspace managerSo $releasever needs to be hardcoded to 7 in CentOS-Base.repo in order to work. Some explanation: $releasever of Amazon Linux is 2, but the compatible CentOS repositories are CentOS 7. Sudo docker cp $centos:/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Sudo sed -i 's/\$releasever/7/g' /etc//CentOS-Base.repo Sudo docker cp $centos:/etc//CentOS-Base.repo /etc//CentOS-Base.repo centos=$(docker run -rm -di centos:7 cat) Then copy the CentOS repository files to your WorkSpace. Don’t forget to add yourself to the Docker group with usermod -a -G docker $USER. The easiest way to do this is to install docker. What’s the point of authenticating twice with the same password? Edit /etc/sudoers.d/01-ws-admin-user and change the final ALL to NOPASSWD:ALL. Note that if you’re SSHing from a shell, you’ll need to escape the backslash that separates your AD domain from your username, i.e. Your WorkSpace is now SSHable! tail -f /var/log/secure for a good laugh. Add TCP port 22 from “Anywhere” and save. It’s a lot more convenient to access later, and the Elastic IP won’t change.Įdit the ENI’s security group. Visit “Network Interfaces” and select the ENI “Created by Amazon WorkSpaces.” While you’re here, by the way, I highly recommend registering the Elastic IP attached to your WorkSpace ENI with some kind of DNS. The WorkSpace itself isn’t visible in the EC2 console, but the network interface attached to it is. Once you’ve done that, open up the AWS Console. Add your public key(s) to ~/.ssh/authorized_keys. An exposed SSH port in an AWS IP block is a massive target for brute-force attacks no sense in letting anyone try. This prevents password logins and allows only key-based authentication. ![]() You won’t be able to connect to an Unhealthy WorkSpace through the WorkSpaces client, so it’s good to have SSH handy for debugging.īefore exposing port 22 to the Internet, edit /etc/ssh/sshd_config and tighten up the security a little bit: set ChallengeResponseAuthentication to no. An Unhealthy WorkSpace is a WorkSpace that AWS can’t reach, usually caused by networking problems. This is worth fixing up sooner rather than later, as you may run into a problem in the future with your workspace becoming Unhealthy. However, there’s no way to get to it from the Internet. Enable SSHįortunately, Linux WorkSpaces run sshd by default. Fret not, this is as configurable a Linux machine as any - but in different ways than you might be used to. So you’ve spun up a fresh Linux Workspace and discovered in short order that it is ugly as sin.
0 Comments
Leave a Reply. |