Score:0

Configuring a cloud VM to be accessed by multiple users

sg flag

I am a college CS professor. I want to have a remote server that all of my students can connect to. This is incredibly easy to do when I own the hardware. Just create user accounts on my server with the permissions I want them to have (read/write access to files in one folder, database connection), give the students the credentials. Easy. So easy.

This seems impossible to do on any of the major cloud platforms. I have tried GCP, AWS, and Azure. I've read so much documentation and I cannot find anything remotely close to my use case. All of the "for education" features force you to basically have one machine per student, not one machine all students can access. I've tried to use just regular VMs in the cloud (not "for education") and that also doesn't seem to be configurable the way I want. I just want to add user accounts to the VM and let students sign in to them. But to actually give sign in access to the VM, it seems that students need to have an account on that cloud service and I have to give their account administrative access to the VM I've created, which I do not want to do. What am I missing?

pt flag
If you have `root` access to a vm, you should be able to create user accounts to your heart's content -- regardless of whether it's in the cloud or on your local system. You can configure passwords, ssh credentials, or any other authentication mechanism you'd like. Can you update your question to include the *specific* steps you've tried, and in what way they have failed?
berndbausch avatar
us flag
It would also help to know what operating system these VMs are running. Perhaps Windows has restrictions related to licensing? There should be no restrictions whatsoever for Linux VMs.
Score:1
gp flag
Tim

Cloud VMs are in many ways the same as on-premise servers. A Linux server is a Linux server, Windows is Windows. Just log into your server and configure it they way you do with any other server. I've done just that with my Ubuntu Linux server on AWS.

If you need more help suggest you write a more detailed, precise question, saying what you've tried and what didn't work, then we can help with individual issues.

Score:0
cn flag

Let's assume SSH, other protocols would be different. Users provide you a SSH public key. (You do not need to see their private key.) Configure this as a credential to a personal, non privilaged (not root, not sudo) user.

How to implement this varies greatly depending on the user identity system available to your organization. Which might not be a service of your cloud provider, you can auth against whatever you like.

A manual solution could be you creating local users on the server and uploading their ~/.ssh/authorized_keys. Tedious to maintain, users do not have a self service option.

Google Cloud has OS Login where you can grant any Google account (personal or managed) access to instances with their personal ssh key. Users granted the roles/compute.osLogin role are not privilaged, so they will not have sudo. Probably only makes sense if your organization already grants Google accounts, a Workspace domain or Cloud Identity.

Or you might have an identity system that is not from your cloud provider. FreeIPA for example can store ssh keys, and integrate those with ssh auth on hosts. Again requires a bit of work to deploy a identity system if it does not exist yet.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.