Difference between revisions of "OPS235 Lab 7 - Fedora17"
Brian.gray (talk | contribs) (→Investigation 2: How do you establish an ssh connection.) |
Brian.gray (talk | contribs) |
||
Line 65: | Line 65: | ||
Warning: Permanently added 'fedora3' (RSA) to the list of known hosts. | Warning: Permanently added 'fedora3' (RSA) to the list of known hosts. | ||
</pre> | </pre> | ||
− | {{Admon/note | | + | {{Admon/note | | When a user connects to a host using ssh, the host sends a fingerprint or digital signature to the client to establish its identity. The first time a connection is established the identity must be stored for subsequent connections. The fingerprints are stored separately for each user in a file called <code>~/.ssh/known_hosts</code> .}} |
Revision as of 18:36, 15 March 2010
Contents
Setup and Configure Secure Shell Services (ssh) Using Virtual Machines
Objectives
- To set up, configure Secure Shell Services (ssh/sshd)
- To use the ssh, scp, and sftp clients to access another host securely
- Use ssh to tunnel X applications
- Use ssh to tunnel other traffic
- To customize sshd to create a more private, secure system
Reference
- man pages for ssh, ssh-keygen, sshd_config, ssh_config, scp, netstat, sftp, ifconfig, ping, arp, netstat, service
- A good ssh tutorial
- A good HOW-TO to make ssh more secure
Required materials
- Fedora 12 Live CD or a classmate on the same pod
- One SATA hard disk in a removable drive tray with Fedora host and 3 Fedora Virtual Machines installed
- Completion of Lab 6
Lab Preparation
Lab Investigations
Investigation 1: How do you enable the sshd service.
- OpenSSH should have been installed by default. Lets confirm this by issuing the command:
-
rpm -qa | grep ssh
-
- You should see a number of packages installed including
openssh-clients
andopenssh-server
-
openssh-server<code> installs a service called <code>sshd
, confirm this service is running by issuing the command:-
service sshd status
-
- Now check that the sshd service is configured to start for runlevels 2, 3, 4, & 5, by issuing the command:
-
chkconfig --list sshd
-
- If the service is not configured correctly fix it by issuing the command:
-
chkconfig --level 2345 sshd on
-
- Now that you know the service is running investigate what port number and protocol sshd uses by issuing the command:
-
netstat -atunp
-
- What protocol and port is the sshd process using?
- What is the state of the port?
- Why do UDP ports not have a state?
- Reissue the
netstat
command without then
option. - What is the difference?
- The
n
option tells netstat to list everything with numerical values, without it netstat resolves IP addresses and port numbers to host names and protocol names using the files/etc/hosts
and/etc/services
-
netstat
is a very useful command for anything to do with networking. Read its man page and make sure you understand its output. - Make sure your
sshd
service is running on all 3 of your VM's - Answer the Investigation 1 question in your lab log book.
Investigation 2: How do you establish an ssh connection.
- As your learn account establish an ssh connection to your fedora3 VM using the command:
-
ssh ops235@fedora3
-
- Where 'ops235' is the account on fedora3 and 'fedora3' is the hostname of the fedora3 VM.
- You should receive a message similar to the following:
The authenticity of host 'fedora3 (192.168.235.13)' can't be established. RSA key fingerprint is 53:b4:ad:c8:51:17:99:4b:c9:08:ac:c1:b6:05:71:9b. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'fedora3' (RSA) to the list of known hosts.