Difference between revisions of "OPS235 Lab 7 - Fedora17"
Brian.gray (talk | contribs) |
Brian.gray (talk | contribs) |
||
Line 40: | Line 40: | ||
* If the service is not configured correctly fix it by issuing the command: | * If the service is not configured correctly fix it by issuing the command: | ||
** <code>chkconfig --level 2345 sshd on</code> | ** <code>chkconfig --level 2345 sshd on</code> | ||
+ | * Now that you know the service is running investigate what port number and protocol sshd uses by issuing the command: | ||
+ | ** <code>netstat -atunp</code> | ||
+ | * What protocol and port is the sshd process using? | ||
+ | * What is the state of the port? | ||
+ | * Why do UDP ports not have a state? | ||
+ | * Reissue the <code>netstat</code> command without the <code>n</code> option. | ||
+ | * What is the difference? | ||
+ | * The <code>n</code> option tells netstat to list everything with numerical values, without it netstat resolves IP addresses and port numbers to host names and protocol names using the files <code>/etc/hosts</code> and <code>/etc/services</code> | ||
+ | * <code>netstat</code> is a very useful command for anything to do with networking. Read its man page and make sure you understand its output. |
Revision as of 18:02, 15 March 2010
Contents
Setup and Configure Secure Shell Services (ssh) Using Virtual Machines
Objectives
- To set up, configure Secure Shell Services (ssh/sshd)
- To use the ssh, scp, and sftp clients to access another host securely
- Use ssh to tunnel X applications
- Use ssh to tunnel other traffic
- To customize sshd to create a more private, secure system
Reference
- man pages for ssh, ssh-keygen, sshd_config, ssh_config, scp, netstat, sftp, ifconfig, ping, arp, netstat, service
- A good ssh tutorial
- A good HOW-TO to make ssh more secure
Required materials
- Fedora 12 Live CD or a classmate on the same pod
- One SATA hard disk in a removable drive tray with Fedora host and 3 Fedora Virtual Machines installed
- Completion of Lab 6
Lab Preparation
Lab Investigations
Investigation 1: How do you enable the sshd service.
- OpenSSH should have been installed by default. Lets confirm this by issuing the command:
-
rpm -qa | grep ssh
-
- You should see a number of packages installed including
openssh-clients
andopenssh-server
-
openssh-server<code> installs a service called <code>sshd
, confirm this service is running by issuing the command:-
service sshd status
-
- Now check that the sshd service is configured to start for runlevels 2, 3, 4, & 5, by issuing the command:
-
chkconfig --list sshd
-
- If the service is not configured correctly fix it by issuing the command:
-
chkconfig --level 2345 sshd on
-
- Now that you know the service is running investigate what port number and protocol sshd uses by issuing the command:
-
netstat -atunp
-
- What protocol and port is the sshd process using?
- What is the state of the port?
- Why do UDP ports not have a state?
- Reissue the
netstat
command without then
option. - What is the difference?
- The
n
option tells netstat to list everything with numerical values, without it netstat resolves IP addresses and port numbers to host names and protocol names using the files/etc/hosts
and/etc/services
-
netstat
is a very useful command for anything to do with networking. Read its man page and make sure you understand its output.