diff --git a/Doc/Sdi/CloudProvider/gettingStarted.xml b/Doc/Sdi/CloudProvider/gettingStarted.xml
index 2a7aa0319f3ae21bda7c5afd4d85735c6ac9bfc2..11ca053a5f7e1608a5ed67672b64112f25dc059f 100644
--- a/Doc/Sdi/CloudProvider/gettingStarted.xml
+++ b/Doc/Sdi/CloudProvider/gettingStarted.xml
@@ -685,21 +685,22 @@ provider "hcloud" { token = "<emphasis role="red">xdaGfz9LmwO8SWkg ... </emphasi
<para>On success you'll receive an e-mail containing your
server's IP address and the <code>root</code> user's password
- for <xref linkend="glo_ssh"/> login.</para>
+ for <xref linkend="glo_ssh"/> login. Why does this happen? Log
+ in to your server.</para>
</listitem>
<listitem>
- <para>Subject your configuration to a
- <productname>Gitlab</productname> project. Versioning the
+ <para>Subject your configuration to version control in a
+ <productname>Git</productname> project. Versioning the
previous <xref linkend="glo_Terraform"/> configuration might
- expose your cloud provider's API token. To circumvent this
- problem follow the steps outlined in <xref
+ expose your cloud provider's API token. Circumvent this
+ problem by following the steps outlined in <xref
linkend="sdi_cloudProvider_terra_hello_sshProblemApiTokenSolve"/>.</para>
</listitem>
<listitem>
- <para> Ditch unsafe (and tedious) <xref linkend="glo_ssh"/>
- password login in favour of public/private key access. </para>
+ <para>Ditch unsafe (and tedious) <xref linkend="glo_ssh"/>
+ password login in favour of public/private key access.</para>
<tip>
<para>Create a <link
@@ -715,19 +716,20 @@ provider "hcloud" { token = "<emphasis role="red">xdaGfz9LmwO8SWkg ... </emphasi
</listitem>
<listitem>
- <para>Currently when executing <command
- linkend="glo_Terraform">terraform</command>
- <option>apply</option> both your server's IP and <link
+ <para>Currently when executing the <command
+ xlink:href="https://developer.hashicorp.com/terraform/cli/commands/apply">terraform
+ apply</command> command both your newly created server's IP
+ and <link
xlink:href="https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/server#datacenter">data
- center location</link> are not being shown explicitly. Add an
+ center location</link> are not being shown. Add an
<filename>outputs.tf</filename> file containing two
corresponding <code
xlink:href="https://developer.hashicorp.com/terraform/language/values/outputs">output</code>
entries.</para>
<para>On success when executing <command
- linkend="glo_Terraform">terraform</command>
- <option>apply</option> you should see something like:</para>
+ xlink:href="https://developer.hashicorp.com/terraform/cli/commands/apply">terraform
+ apply</command> you should see something like:</para>
<screen>terraform apply
...
@@ -738,8 +740,8 @@ Apply complete! Resources: 3 added, 0 changed, 0 destroyed.
Outputs:
-hello_datacenter = "hel1-dc2"
-hello_ip_addr = "95.217.154.104"</screen>
+<emphasis role="red">hello_datacenter = "hel1-dc2"
+hello_ip_addr = "95.217.154.104"</emphasis></screen>
</listitem>
</orderedlist>
</question>
@@ -837,8 +839,7 @@ hello_ip_addr = "95.217.154.104"</screen>
</figure>
<figure xml:id="sdi_cloudProvider_cloudInit_helloWorld">
- <title> »hello, world ...« <filename>userData.yml</filename>
- file</title>
+ <title>»hello, world ...« <filename>userData.yml</filename> file</title>
<programlisting language="yaml">#cloud-config
packages:
@@ -875,8 +876,7 @@ Someone could be eavesdropping on you right now (<emphasis role="red">man-in-the
<question>
<para>We continue our exercise series <xref
linkend="sdi_cloudProvider_terra_qandaBasicSystem"/> by adding a
- <productname>Cloud-init</productname> configuration. Follow the
- subsequent steps:</para>
+ <productname>Cloud-init</productname> configuration:</para>
<orderedlist>
<listitem>
@@ -891,24 +891,30 @@ Someone could be eavesdropping on you right now (<emphasis role="red">man-in-the
</tip>
<para>On success pointing your web browser of choice to
- <uri>http://<your server's IP></uri> you should see
- something like:</para>
+ <uri>http://<your server's IP></uri> should result in
+ something similar to:</para>
<screen>I'm Nginx @ "95.217.154.104" created Sun May 5 06:58:37 PM UTC 2024</screen>
</listitem>
<listitem>
- <para>Working on security modify your current configuration
- by:</para>
+ <para>Working on security modify your current
+ configuration:</para>
<itemizedlist>
<listitem>
- <para>Disallow <xref linkend="glo_ssh"/> password
+ <para>Read the <link
+ xlink:href="https://linux.die.net/man/5/sshd_config">sshd_config(5)
+ - Linux man page</link></para>
+ </listitem>
+
+ <listitem>
+ <para>Disallow <xref linkend="glo_ssh"/> password based
logins</para>
</listitem>
<listitem>
- <para>Disallow <code>root</code> login</para>
+ <para>Disallow <code>root</code> login altogether</para>
</listitem>
<listitem>
@@ -981,8 +987,35 @@ root@95.217.154.104: Permission denied (publickey).</screen>
<itemizedlist>
<listitem>
- <para>Upgrade all distribution packages at server creation
- time. If so required your system should reboot.</para>
+ <para>Currently your (most likely outdated) cloud provider
+ supplied distribution does not get upgraded on
+ installation time:</para>
+
+ <screen>$ ./bin/ssh
+...
+devops@hello:~$ sudo su -
+root@hello:~# apt update
+Hit:1 http://security.debian.org/debian-security bookworm-security InRelease
+Hit:2 http://deb.debian.org/debian bookworm InRelease
+...
+Reading package lists... Done
+Building dependency tree... Done
+Reading state information... Done
+<emphasis role="red">6 packages can be upgraded. Run 'apt list --upgradable' to see them.</emphasis>
+
+# apt list --upgradable
+Listing... Done
+less/stable-security,stable-security 590-2.1~deb12u2 amd64 [upgradable from: 590-2]
+libc-bin/stable-security,stable-security 2.36-9+deb12u7 amd64 [upgradable from: 2.36-9+deb12u6]
+libc-l10n/stable-security,stable-security 2.36-9+deb12u7 all [upgradable from: 2.36-9+deb12u6]
+libc6/stable-security,stable-security 2.36-9+deb12u7 amd64 [upgradable from: 2.36-9+deb12u6]
+locales-all/stable-security,stable-security 2.36-9+deb12u7 amd64 [upgradable from: 2.36-9+deb12u6]
+locales/stable-security,stable-security 2.36-9+deb12u7 all [upgradable from: 2.36-9+deb12u6]</screen>
+
+ <para>Modify your <productname>Cloud-init</productname>
+ configuration to upgrade your distribution at server
+ creation time. If so required your system should also
+ reboot.</para>
</listitem>
<listitem>
@@ -990,16 +1023,26 @@ root@95.217.154.104: Permission denied (publickey).</screen>
linkend="glo_ssh"/> failed connection attempts.</para>
<tip>
- <para>Answer <link
- xlink:href="https://superuser.com/questions/1830245/i-cant-get-fail2ban-working-on-debian-12#answer-1830273">On
- Debian 12 there are a couple of things you have to do to
- make it work</link>.</para>
+ <itemizedlist>
+ <listitem>
+ <para>Develop your desired configuration manually on
+ an already created server. Then automate the
+ process.</para>
+ </listitem>
+
+ <listitem>
+ <para>Read the answer <link
+ xlink:href="https://superuser.com/questions/1830245/i-cant-get-fail2ban-working-on-debian-12#answer-1830273">On
+ Debian 12 there are a couple of things you have to
+ do to make it work</link>.</para>
+ </listitem>
+ </itemizedlist>
</tip>
</listitem>
<listitem>
<para>Install the <code>mlocate</code> file indexer
- package and initialize it</para>
+ package and initialize it.</para>
</listitem>
</itemizedlist>
@@ -1017,33 +1060,9 @@ Building dependency tree... Done
Reading state information... Done
<emphasis role="red">All packages are up to date.</emphasis></screen>
- <para>On contrary a failure of updating packages during
- installation time results in an output similar to:</para>
-
- <screen>$ ./bin/ssh
-...
-devops@hello:~$ sudo su -
-root@hello:~# apt update
-Hit:1 http://security.debian.org/debian-security bookworm-security InRelease
-Hit:2 http://deb.debian.org/debian bookworm InRelease
-...
-Reading package lists... Done
-Building dependency tree... Done
-Reading state information... Done
-<emphasis role="red">6 packages can be upgraded. Run 'apt list --upgradable' to see them.</emphasis>
-
-# apt list --upgradable
-Listing... Done
-less/stable-security,stable-security 590-2.1~deb12u2 amd64 [upgradable from: 590-2]
-libc-bin/stable-security,stable-security 2.36-9+deb12u7 amd64 [upgradable from: 2.36-9+deb12u6]
-libc-l10n/stable-security,stable-security 2.36-9+deb12u7 all [upgradable from: 2.36-9+deb12u6]
-libc6/stable-security,stable-security 2.36-9+deb12u7 amd64 [upgradable from: 2.36-9+deb12u6]
-locales-all/stable-security,stable-security 2.36-9+deb12u7 amd64 [upgradable from: 2.36-9+deb12u6]
-locales/stable-security,stable-security 2.36-9+deb12u7 all [upgradable from: 2.36-9+deb12u6]</screen>
-
<para>Failed login attempts should be banned: Keep a second
login open in advance when trying to simulate login failures!
- You might then see a report similar to:</para>
+ You should then see a report similar to:</para>
<screen>root@hello:~# fail2ban-client status sshd
Status for the jail: sshd