Rapid Application Deployment Engine
Security
We recently decided to change our default security policy when using Rapp. This will enhance the security of your applications by making hacking attempts a little more difficult.
From now on, the first time you publish an application using wn push, it will block password-based ssh logins attempts for the root user:
... remote: Security: Preventing root login... remote: remote: -------------------------------------------------------------- remote: remote: IMPORTANT: Rapp will now disable password-based root SSH remote: login access by default. remote: remote: If you want to access your Webby using root and public key remote: authentication, follow this steps: remote: remote: 1. Make sure you have the latest gem version (1.0.4.2) remote: remote: $ wn version remote: [Webbynode] Rapid Deployment Gem v1.0.4.2 remote: remote: 2. If needed, update your gem remote: remote: $ gem install webbynode remote: remote: 3. Run the authroot command remote: remote: $ wn authroot remote: Your local SSH Key has been added to your root user remote: remote: Now youll be able to log into your Webby as root without remote: typing a password. remote: remote: -------------------------------------------------------------- ...
Instead of using the root user, you can safely use the git user that is created specially for the Rapp engine. This user has sudo privileges, so you can do anything you used to do with root.
To login using git, just use ssh normally:
$ ssh git@100.200.10.1 Linux sandbox 2.6.32-24-generic-pae #39-Ubuntu SMP Wed Jul 28 07:39:26 Ubuntu 10.04.1 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ System information as of Wed Feb 23 11:22:28 EST 2011 System load: 0.0 Processes: 107 Usage of /: 11.2% of 11.81GB Users logged in: 1 Memory usage: 32% IP address for eth0: 100.200.10.1 Swap usage: 0% Graph this data and manage this system at https://landscape.canonical.com/
If you deployed a Rapp application to your server before, it’s likely that you will not be prompted for a password, since we use the safer public key authorization.
However, if you still want to login using root, you can add your existing ssh key (that you already use for deployments) using the Webbynode gem, you can use the authorize_root command, aliased as just authroot for your convenience.
To do that, follow the steps shown above: make sure you have the latest version of the Webbynode gem and run wn authroot. After that you’ll be able to login using root and your public key.
Also remember you can use wn remote and issue sporadic commands from your local terminal, without logging into your Webby:
[imac27] fcoury:~/Projects/nodeapp [git:master] wn remote ls -la Performing the requested remote command... total 28 drwxr-xr-x 4 git git 4096 2011-02-23 11:18 . drwxr-xr-x 6 git www-data 4096 2011-02-23 09:50 .. drwxr-xr-x 8 git git 4096 2011-02-23 11:18 .git -rwxr-xr-x 1 git git 36 2011-02-22 23:15 .pushand -rw-r--r-- 1 git www-data 531 2011-02-22 23:15 server.js drwxr-xr-x 3 git git 4096 2011-02-23 01:26 .webbynode -rw-r--r-- 1 git www-data 52 2011-02-23 11:18 x [imac27] fcoury:~/Projects/nodeapp [git:master] $
Restoring password-based root login
We strongly advise that you don’t restore password-based authentication, but if you insist, just run:
$ wn settings allow_root true
And push it:
$ wn push
And your password-based ssh root access will be restored.
Basic Topics
Advanced Topics
Additional Info