How I saved my back... or learned to work in the cloud
Recently, I’ve been doing more writing, but whenever I want to write, I don’t want to carry my MacBook Pro 15”… it’s a great machine, but I know if I want to do anything over 2hours on it, I will have to carry the charger for it (which adds 1.4 lbs / 680 grams on top of 5.6 lbs / 2.5 kg) and takes up more space in my bag. Worst, sometimes I never end up doing work on it but I have to carry the computer the whole day. This has happened for my morning meetup group sessions: Code Gym. So, I want something lighter. I have made my iPad into something which I can do more writing on via Notability, but at the end of the day, I just want to work in Emacs. The articles I post are written in markdown and I just want to have a machine to do that. I love white text on black and I really just want emacs key bindings.
When encountering the free AWS plan, I remembered an article I read about a programmer which just did all their work on an iPad for a year. If I could program on an iPad, the the weight would go away, the focus with a single app at a time. With an iPad, my bag would weigh closer to 1.44 lbs / 650 g… which is the weight of the MacBook Pro 15” charger! The logitech ultra thin keyboard cover for iPad 2 fits perfectly and adds 0.73 lbs / 300 g, making the setup about 2 lbs / 910 g. A big difference to my back!
With the hardware setup decided, I want to setup the software. This is where AWS free comes in. Setting up a cloud server has been good. I use alot of my software within a terminal on a virtual machine in my MacBook Pro (emacs and tmux) so I’m perfectly fine without a full on graphical interface. In a way, I’m more efficient that way since I have customized emacs profusely. (I even have a web browser and irc working in emacs on terminal!)
I have setup a server before and my main concerns were:
The AWS free tier solves the price issue, for a year at least. Otherwise, the T2.micro instance running a whole month would cost $9.50, not that bad. Digital Ocean’s smallest droplet would be $5/month. Either would work, but AWS’ free year makes the choice simpler, for now. :-D
The next concern is security. I don’t want others to access my server and using SSH keys would be very secure. Whitelisting IP address would make it even more secure. Two factor authentication.
This really takes security to another level because the security system depends on two things: a password, which I only know, and a token, which I only have. Even if an attacker knows my password, they still have to get my token, which is only accessible by my phone.
This article on Digital Ocean explains how to setup Two Factor Authentication for SSH logins.
Setting up Two Factor Authentication to log in
The steps to setup SSH with two factor authentication (here for future reference.)
install google’s libpam authenticator module
sudo apt-get install libpam-google-authenticator
next, modify sshd’s pam configuration to use google authenticator:
/etc/pam.d/sshdadd line at the top:
auth required pam_google_authenticator.so
/etc/ssh/sshd_config, change the Challenge Response Authentication setting to yes:
Configure authenticator for the user by logging in as the user and running:
google-authenticatorand follow the steps.
Don’t forget: restart the SSH server:
sudo service ssh restart
TFA and ssh keys
One thing I didn’t realize: the two factor authentication only kicks in when the user is logging in using a password. Logging in with an ssh key does not require the verification code. This allows very fine grain control. Computers I control will have my SSH key and can log in easily. Computers I don’t have control can still access my server but require a verification code, like when I am on a friend’s computer.
Easier to remember server address
To make this setup a little more accessible since we have a secure login system in place, a real domain name! (The amazon ec2 domain name leaves a lot to be desired. :-) ) Adding accessibility via domain name is easy. If you have a domain name you can just set up your registrar to point at the IP address. Another option is to use a free service such as No-IP. The free plan allows up to three names but they will have to be unique on the *.ddns.net subdomain.
All done, now what?!
What to do next? Well, now that I have a server online that is accessible, I want to explore a few things:
Running my own server
as a rails programmer, I should be able to run my own server to show off my works, like websockets! :-)
Having my own server online again has opened up new opportunities again. I feel like I’m part of the internet a bit more. If you want to get online with a similar setup, please contact me. I’m more than happy to help you out.