Open main menu

CDOT Wiki β

Changes

OPS235 Lab 7 - CentOS7 - SSD

No change in size, 03:00, 12 June 2016
no edit summary
# Use your '''centos2''' VM to complete this section.
# Open a terminal and run the '''netstat''' command (pipe to "grep sshd") to check the state of the connection. What is the state (i.e. LISTENING or ESTABLISHED)?
# Open another terminal and establish an ssh connection to your '''centos4centos3''' VM using the command:<br /><b><code><span style="color:#3366CC;font-size:1.2em;">ssh ops235@centos4centos3</span></code></b><br>(Where 'ops235' is the account on centos4 centos3 and 'centos4centos3' is the hostname of the centos4 centos3 VM.)<br><br>
# You should receive a message similar to the following:<br><br>
#::<span style="font-family:courier">The authenticity of host 'centos4 centos3 (192.168.235.13)' can't be established.</span><br>
#::<span style="font-family:courier">RSA key fingerprint is 53:b4:ad:c8:51:17:99:4b:c9:08:ac:c1:b6:05:71:9b.</span><br>
#::<span style="font-family:courier">Are you sure you want to continue connecting (yes/no)? yes</span><br>
#::<span style="font-family:courier">Warning: Permanently added 'centos4centos3' (RSA) to the list of known hosts.</span><br><br>
# Answer '''yes''' to add to the list of known hosts.
# Issue the following command to confirm that you connected to your centos4 centos3 VM: <b><code><span style="color:#3366CC;font-size:1.2em;">hostname</span></code></b>
[[Image:spoof.png|thumb|right|485px|If you receive a message like the one displayed above, you should investigate why it is happening as it could indicate a '''serious security issue''', or it could just mean that something on '''the host has changed'''(i.e. the OS was <u>reinstalled</u>)]]
<ol><li value="7">Switch back to the original terminal and re-run the netstat pipeline command again. Any change to the connection status?</li><li>Return to the second terminal, and logout of your ssh connection by typing <b><code><span style="color:#3366CC;font-size:1.2em;">exit</span></code></b>.
<ol><li value="16"> After generating the keys it prompts you for the location to save the keys. The default is '''~/.ssh''' Your private key will be saved as <b>id_rsa</b> and your public key will be saved as '''id_rsa.pub'''</li>
<li>You will then be prompted for a pass-phrase. The pass-phrase must be entered in order to use your private key. Pass-phrases are more secure than passwords and should be lengthy, hard to guess and easy to remember. For example one pass-phrase that meets this criteria might be "seneca students like fish at 4:00am". Avoid famous phrases such as "to be or not to be" as they are easy to guess. It is possible to leave the pass-phrase blank but this is dangerous. It means that if a hacker were able to get into your account they could then use your private key to access other systems you use.<br><br></li>
<li>Now issue the command <b><code><span style="color:#3366CC;font-size:1.2em;">ssh-copy-id -i ~/.ssh/id_rsa.pub ops235@centos4centos3</span></code></b></li> <li>Try using ssh to now log into your '''centos4centos3''' VM <u>from</u> your '''centos2''' VM. What happens? Were you required to use your pass-phrase? Issue the hostname command to verify that you are successfully logged into your '''centos4centos3''' VM.</li><li>Make certain to logout of your '''centos4centos3''' system. Use the '''hostname''' command to verify you are back in your centos2 server.</li>
</ol>
# Remain in your '''centos2''' VM for this section.
# To connect to a remote host type the command:<br /><b><code><span style="color:#3366CC;font-size:1.2em;">sftp ops235@centos4centos3</span></code></b>
# This will establish an interactive session after authentication.
# Type <b><code><span style="color:#3366CC;font-size:1.2em;">help</span></code></b> to see the list of sftp commands at any time.
<ol>
<li value="8">You can also use the '''scp''' command to copy files to and from remote hosts and even from one remote host to another.</li>
<li>Use '''scp''' to copy your services file to the centos4 centos3 host into the /tmp directory. (The path on a remote host follows the ''':''') using the command: <br /><b><code><span style="color:#3366CC;font-size:1.2em;">scp /etc/services ops235@centos4centos3:/tmp</span></code></b></li><li>Here is a neat trick: You can run commands remotely using ssh by typing the command as an argument after the ssh command. Issue the following command in your '''centos2''' VM:<br><b><code><span style="color:#3366CC;font-size:1.2em;">ssh ops235@centos4 centos3 ls /tmp</span></code></b></li><li>What happened when you issued that command? Where you able to successfully using scp to copy the '''/etc/services''' file to '''centos4centos3's /tmp''' directory?</li><li>Experiment with '''scp''' to copy a file from '''centos4centos3''' directly to '''centos1'''.</li>
</ol>
# Give the '''lab7-check.bash''' file execute permissions (for the file owner).
# Run the shell script and if any warnings, make fixes and re-run shell script until you receive "congratulations" message.
#Arrange proof of the following on the screen:<br><blockquote><span style="color:green;font-size:1.5em;">&#x2713;</span> '''centos2''' VM:<blockquote><ul><li>have tunneled Xwindows application from '''centos1''' via ssh</li><li>have tunneled http through firewall using ssh (on web-browser</li><li>have secured ssh against root access</li></ul></blockquote><span style="color:green;font-size:1.5em;">&#x2713;</span> '''centos4centos3''' VM:<blockquote><ul><li>have configured sshd to '''allow connection to centos4 centos3 VM'''</li><li>have logged in centos4 centos3 VM using '''public key authentication'''</li><li>have scp'd and sftp'd files to centos4 centos3 VM</li></ul></blockquote><span style="color:green;font-size:1.5em;">&#x2713;</span> '''c7host''' Machine:<blockquote><ul><li>Confirmation that sshd is running on host machine</li></ul></blockquote><span style="color:green;font-size:1.5em;">&#x2713;</span> '''Lab7''' log-book filled out.
13,420
edits