Preparation for Onboarding

This guide provides step-by-step instructions to prepare a server for onboarding into FIGO.

1. Install SSH

To install the OpenSSH server, run:

sudo apt update
sudo apt install -y openssh-server

Ensure that the SSH service is running:

sudo systemctl enable ssh
sudo systemctl start ssh
sudo systemctl status ssh

To improve security, disable password authentication and enforce key-based authentication.

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find and modify the following lines:

PasswordAuthentication no
PubkeyAuthentication yes

Then restart the SSH service to apply changes:

sudo systemctl restart ssh

To allow the ubuntu user to run sudo commands without a password:

Edit the sudoers file:

sudo visudo

Add the following line at the end:

ubuntu ALL=(ALL) NOPASSWD:ALL

Alternatively, create a dedicated sudoers file:

echo "ubuntu ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/ubuntu
sudo chmod 0440 /etc/sudoers.d/ubuntu

Verify that passwordless sudo works:

sudo -l -U ubuntu

You should see:

(ALL) NOPASSWD: ALL

To test it:

sudo whoami

If it prints root without asking for a password, it is correctly configured.

To allow secure access from the FIGO main node, add its public SSH key to the authorized_keys file of the remote user (e.g., ubuntu).

Edit the authorized_keys file:

sudo nano /home/ubuntu/.ssh/authorized_keys

Copy and paste the following key into the file:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaONS6eu014yRBE+6LzKZeFkmQiSiwQUdVBQEVmQmK gpuserver_stefano.salsano@uniroma2.it

Ensure the correct file permissions:

sudo chmod 600 /home/ubuntu/.ssh/authorized_keys
sudo chown ubuntu:ubuntu /home/ubuntu/.ssh/authorized_keys

This step ensures that the FIGO main node can securely access the server via SSH.

—

Following these steps ensures that the server is properly prepared for onboarding into FIGO.