13,420
edits
Changes
no edit summary
|}
# Use your '''centos2''' VM to complete this section.
# Establish an ssh connection to your centos3 VM using the command:<br /><b><code><span style="color:#3366CC;font-size:1.2em;"><code>ssh ops235@centos3</span></code></b> (Where 'ops235' is the account on centos3 and 'centos3' is the hostname of the centos3 VM.)
# You should receive a message similar to the following:<br><br>
#::<span style="font-family:courier">The authenticity of host 'centos3 (192.168.235.13)' can't be established.</span><br>
# Answer '''yes''' to add to the list of known hosts.
[[Image:spoof.png|thumb|right|485px|If you receive a message like the one displayed above, you should investigate why it is happening as it could indicate a '''serious security issue''', or it could just mean that something on '''the host has changed'''(i.e. the OS was <u>reinstalled</u>)]]
<ol><li value="6">Logout of your ssh connection by typing <b><code><span style="color:#3366CC;font-size:1.2em;">exit</span></code></b>.
<li>Check the state of the connection after logging out. Wait a few minutes and then check again. Record your observations.</li>
<li>Make certain to exit all connections, and that your shell is located in your <u>centos3</u> server. You can verify this by entering the command: <b><code><span style="color:#3366CC;font-size:1.2em;">hostname</span></code></b>
<li>Use the Internet to search for "TCP 3 way handshake" to see how TCP connections are established and closed.<br><br></li>
</ol>
<br><br>
<ol>
<li value="10">Start by generating a keypair as your learn account on centos2 using the command:<br /><b><code><span style="color:#3366CC;font-size:1.2em;">ssh-keygen</span></code></b></li>
<li>That should generate output similar to the following:</li>
</ol>
<ol><li value="12"> After generating the keys it prompts you for the location to save the keys. The default is '''~/.ssh''' Your private key will be saved as <code>id_rsa</code> and your public key will be saved as '''id_rsa.pub'''</li>
<li>You will then be prompted for a pass-phrase. The pass-phrase must be entered in order to use your private key. Pass-phrases are more secure than passwords and should be lengthy, hard to guess and easy to remember. For example one pass-phrase that meets this criteria might be "seneca students like fish at 4:00am". Avoid famous phrases such as "to be or not to be" as they are easy to guess. It is possible to leave the pass-phrase blank but this is dangerous. It means that if a hacker were able to get into your account they could then use your private key to access other systems you use.<br><br></li>
<li>Now issue the command <b><code><span style="color:#3366CC;font-size:1.2em;">ssh-copy-id -i ~/.ssh/id_rsa.pub centos3</span></code></b></li>
<li>Now we can ssh into centos3 from centos2 using two different authentication methods.</li>
<li>Make certain to logout of your centos3 system. Use the '''hostname''' command to verify you are back in your centos2 server.</li>
