60 Free Minutes with Ubuntu 10.10 in Amazon EC2
I decided to try Ubuntu in the Cloud because 1) I had a few minutes this afternoon and 2) it's free. If you follow the directions on their Web site you'll have access to an Ubuntu 10.10 server for 60 minutes, hosted by Amazon Elastic Compute Cloud (Amazon EC2). It's really simple, so easy a caveman could do it. (Ouch.)
Near the end of my hour I got this warning in the shell:
So, I logged out and that was it!
I suggest everyone give this a try, especially if you've never spun up an EC2 instance. Next I'd like to try the AWS Free Usage Tier.
Thanks to Ubuntu and Amazon EC2 for making this such an easy process.
My only concern is this: how easy would it be to spin up free VMs like this for nefarious means?
Tweet
- First make sure you have a public-private SSH key pair.
richard@neely:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/richard/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/richard/.ssh/id_rsa.
Your public key has been saved in /home/richard/.ssh/id_rsa.pub.
The key fingerprint is:
c6:e0:9c:84:74:3d:2d:09:b3:a2:e5:97:7b:63:59:da richard@neely
The key's randomart image is:
+--[ RSA 2048]----+
| . +o o |
| . o o= . |
| + + o |
| + = = |
| . . * S . |
| . o = |
| . * E |
| o . |
| |
+-----------------+ - Next visit www.launchpad.net and create and account.
- Visit the editsshkeys page created for your account (like https://launchpad.net/~taosecurity/+editsshkeys for me) and paste the content of your public SSH key into the window.
- Now it's time for https://10.cloud.ubuntu.com/. I read:
Try Ubuntu 10.10 Server in Amazon EC2, entirely on our dime!
All you need is an SSH client, and an SSH public key associated with your Launchpad.net account, and we will launch an Ubuntu Server instance in Amazon EC2 for you.
We will give you the hostname and you can SSH directly to the instance with your public SSH key on file in Launchpad. You will have full sudo (root) access, so take it for an hour-long joyride, install applications, configure services, test your programs, and evaluate the overall experience. We will terminate and clean up the instance automatically within an hour.
I selected Ubuntu Server (10.10) with WordPress for fun. - WAIT while the server is provisioned. It takes a few minutes but the Web site keeps refreshing to keep you informed.
- When done, SSH to the server us user ubuntu. Be ready to enter your SSH keyphrase.
richard@neely:~$ ssh ubuntu@184.72.80.52
The authenticity of host '184.72.80.52 (184.72.80.52)' can't be established.
RSA key fingerprint is 56:df:06:bf:30:c6:d6:26:76:2f:f1:6f:51:97:86:70.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '184.72.80.52' (RSA) to the list of known hosts.
Linux ip-10-212-127-243 2.6.35-22-virtual #33-Ubuntu SMP Sun Sep 19 23:54:13 UTC 2010 i686 GNU/Linux
Ubuntu 10.10
Hello taosecurity, welcome to the Cloud!
This instance will terminate around Tue Nov 23 21:37:00 UTC 2010"
Welcome to Ubuntu!
* Documentation: https://help.ubuntu.com/
System information as of Tue Nov 23 20:42:00 UTC 2010
System load: 0.35 Processes: 76
Usage of /: 7.0% of 9.84GB Users logged in: 0
Memory usage: 17% IP address for eth0: 10.212.127.243
Swap usage: 0% IP address for eth0:0: 184.72.80.52
Graph this data and manage this system at https://landscape.canonical.com/
---------------------------------------------------------------------
At the moment, only the core of the system is installed. To tune the
system to your needs, you can choose to install one or more
predefined collections of software by running the following
command:
sudo tasksel --section server - At this point I had a fully functional server with Wordpress installed. I played with the server to create a first post.
- I also tested how quickly I could add software. WOW.
sudo apt-get install ubuntu-desktop
...edited...
Fetched 429MB in 28s (15.2MB/s) - I started a second SSH session to tunnel the X protocol and started Firefox:
- From another server I scanned the EC2 instance to see what services are exposed:
tao001:~# nmap -sV 184.72.80.52
Starting Nmap 4.62 ( http://nmap.org ) at 2010-11-23 15:56 EST
Interesting ports on ec2-184-72-80-52.compute-1.amazonaws.com (184.72.80.52):
Not shown: 1710 closed ports
PORT STATE SERVICE VERSION
22/tcp open ssh (protocol 2.0)
25/tcp open smtp Postfix smtpd
80/tcp open http Apache httpd 2.2.16 ((Ubuntu))
5901/tcp open vnc VNC (protocol 3.8)
6001/tcp open X11 (access denied)
1 service unrecognized despite returning data.
If you know the service/version, please submit the following fingerprint at
http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port22-TCP:V=4.62%I=7%D=11/23%Time=4CEC2A95%P=x86_64-unknown-linux-gnu%
SF:r(NULL,27,"SSH-2\.0-OpenSSH_5\.5p1\x20Debian-4ubuntu4\r\n");
Service Info: Host: ec2-184-72-80-52.compute-1.amazonaws.com
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.457 seconds - I ran Tshark to capture traffic and created a capture with this protocol distribution:
richard@neely:~$ tshark -q -r tshark.pcap -z io,phs
can't open file /home/richard//tmpssl/Renegotiating_TLS_20091104_pub/caps/apache22_wget_DHE/server.key
===================================================================
Protocol Hierarchy Statistics
Filter: frame
frame frames:3764 bytes:424367
eth frames:3764 bytes:424367
ip frames:3750 bytes:422885
udp frames:177 bytes:120953
dns frames:80 bytes:8271
ntp frames:24 bytes:2160
data frames:70 bytes:105980
dcerpc frames:3 bytes:4542
icmp frames:17 bytes:1710
tcp frames:3556 bytes:300222
http frames:54 bytes:100166
data-text-lines frames:10 bytes:17428
media frames:1 bytes:818
image-jfif frames:1 bytes:4434
png frames:1 bytes:1194
xml frames:2 bytes:1430
unreassembled frames:1 bytes:2962
smtp frames:14 bytes:3392
imf frames:1 bytes:561
tcp.segments frames:1 bytes:116
http frames:1 bytes:116
ssh frames:1 bytes:105
ipv6 frames:14 bytes:1482
udp frames:14 bytes:1482
dns frames:14 bytes:1482
===================================================================
Near the end of my hour I got this warning in the shell:
Broadcast Message from root@ip-10-212-127-243
(somewhere) at 21:17 ...
You have about 10 minutes before instance termination
So, I logged out and that was it!
I suggest everyone give this a try, especially if you've never spun up an EC2 instance. Next I'd like to try the AWS Free Usage Tier.
Thanks to Ubuntu and Amazon EC2 for making this such an easy process.
My only concern is this: how easy would it be to spin up free VMs like this for nefarious means?
Tweet
Comments
I mean, Ubuntu is famous for being one of the simplest desktop distros but I'm still a little frightened about ussing it as a server distro. I'm still in love with Debian.
Would you like to change my mind about that ?
I did a back of the envelope calculation last year and you can get an impressive bandwidth spike for a DDoS attack rather quickly. Of course, AWS will detect that and shut it down, but that does take some time.
And if you use a stolen credit card, you're even farther ahead (as an attacker).
You should note that much (most?) of the AWS space is blacklisted in most SMTP DNS blacklists. AWS warns of this is some of its documentation.