Open main menu

CDOT Wiki β

Changes

OPS335 Lab 1

581 bytes added, 08:09, 16 January 2017
no edit summary
===Configuring the SSH Service===
*A common (if somewhat blatant way) to try to hack into a machine is to try to ssh as '''root''' and brute-force root's password.**The root user always exists, meaning the attacker doesn't need to try guessing what user names are on your system.**And if If they can get access to root, they can do anything.*To prevent this, we will edit the configuration file for the ssh service to prevent root from ssh'ing into your host machine.* '''Perform the following steps:''' #Login to your Centos host machine for the following steps.#Use the more command to display '''/etc/ssh/sshd_config''' on your host.*This file contains the configuration parameters for the ssh service.*#Take a few moments to view this file. Lines that begin with # are comments. Either simple explanations of parameters, or parameters that have not been set.*#Open the man page for '''sshd_config**'''. This lists all the possible parameters in alphabetical order along with a brief explanation of what each one does.**The parameter we are looking for is '''PermitRootLogin''', read its description.*#Use an a text editor (e.g. vi) to open edit the file '''/etc/ssh/sshd_config''', and find the line that has '''PermitRootLogin'''.**By default it is set to yes, allowing the root user to ssh in to the machine.**# Uncomment it, and change '''PermitRootLogin''' , and change the value to '''no'''.*Now try #Try to use ssh from one of your VMs to log into your host as root.What happened?**You'll still be able to. #This is because (for most services) the '''changes you make to the configuration file will not take effect until the service restarts'''.**#Restart the sshd service on your host and try to ssh in again. Now it should prevent you.*#The configuration option '''permitRootLogin''' for all of your VMs for both labs and assignments MUST be set to '''yes'''. The reason for this is that you have created a virtual network, so you have protected the host from root login, so you don't have to do the same for your VMs. Also, by allowing root login for your VM's will allow you to automatically backup your VMs to your host machine (via a crontab entry) without being prompted for a root password for each VM. Note: Configuration files for most services follow a very similar format. Some use an = between the parameter and its value, some require you to group certain parameters together, and most use # to be a comment. You will get lots of experience working with the configuration files for services in this course.
=== SSH Key Concepts===
13,420
edits