CI/CD Pipeline using Node.js and Jenkins - 2: Security Issues
In my last blog post I set up the HelloWorld Node.js app on a Digital Ocean droplet. Today, I had a few security and access issues when re-creating the server using the snapshot I took previously.
Create a new SSH key for my laptop
I initially created the project using my desktop so now to connect to my droplets I needed to create a new key-value pair to use with my laptop.
I used puttygen to create another key-value pair and copied this to security section of DigitalOcean.
To add this to the droplet I created last time, I re-created the droplet from the snapshot I’d taken and selected All SSH pairs under the security section. This means that I can log in from either my laptop or desktop.
Problem: I couldn’t log in as non-root
After setting all that up - there was another problem. I couldn’t log in as a non-root user. So I logged in as the root user.
First, I checked if my twulz user still existed using getent passwd | grep twulz
yep it exists!
After some googling, the problem was that the .ssh directory was for the root user, but wasn’t copied to the twulz user, so to fix I did the following commands:
adduser --system --group twulz
mkdir /home/twulz/.ssh
chmod 0700 /home/twulz/.ssh/
cp -Rfv /root/.ssh /home/twulz/
chown -Rfv twulz.twulz /home/twulz/.ssh
chown -R twulz:twulz /home/twulz/
gpasswd -a twulz sudo
echo "twulz ALL=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)
service ssh restart
usermod -s /bin/bash twulz
Problem: Node-app wasn’t auto-starting on a new droplet:
After taking a snapshot, destroying the droplet and re-creating the Node-app server, I had to restart pm2:
- Create the droplet from the snapshot
- Sign in to twulz user
- Move to the
/node-app/foldercd node-app - Start pm2:
pm2 start index.js - Go to
http://IP-ADDRESS:3000
This post is short and sweet because I spent way too much time on the ssh problem!