572
edits
Changes
→Generating a Public/Private Key Pair & Sharing the Public Key
<ol>
<li value="7">Edit the '''ifcfg-''interfacename''''' (most likely ifcfg-eth0) file for each of your VMs to use a static IP address (refer to previous OPS235 lab on networking: [ [http://zenit.senecac.on.ca/wiki/index.php/OPS235_Lab_6_-_CentOS7#Part_4:_Configuring_VM_Network_Setup_via_Command_Line_.28centos3.29 Network Config - CLI] ].<br> You should be configuring the BOOTPROTO ('''static''' instead of dhcp), IPADDR, PREFIX (or NETMASK), GATEWAY, HWADDR, and DNS1 for this file. Note the following information for this setup:<ul><li>Set your IPADDR for each VM with the following rules:<ol type="a"><li>Your IPADDR's third octet will use the last 2 digits in your student number.</li><li> Make certain that the 4th octet for your VMs does not start with '''1''' since that is reserved for the '''GATEWAY''' or '''DNS'''by your host machine.<br>For example, Use the forth recommended fourth octets: '''2 for vm1''', '''3 for vm2''', and '''4 for vm3'''.</li></ol></li><li>Don't forget to set the default gateway and DNS server for your VMs. You can use your host's IP address as a DNS server<br>(''libvirt'' will proxy the requests to the real DNS server).</li><li> You can refer to your previous lab to obtain information for setup of these options: [ [http://zenit.senecac.on.ca/wiki/index.php/OPS335_Installation_Lab#Configuring_a_VM_host Configuring a VM Host] ]<br><br></li></ul><li>Make note of the files used and entries required and note them in your lab log-book.</li><li>Save your editing session, and then restart each VM and run the following command to ensure they still have the network configuration you set:<ul><li>'''ping''' (what is the purpose of this command?). Try to ping matrix and google from your host machine.<br>Try to ping matrix and google from each of your VM's to ensure you can reach the outside world.</li><li>'''ssh''' (into another server, like Matrix) </li></ul></li><li>After setting the network configuration for EACH VM, then either the the ifdown and ifup commands or reboot each VM, to verify that you can connect to the Internet with the new static IP network configuration. If you cannot connect to the Internet, then check the network configuration file and make corrections until you have a workable network connection for each VM from boot-up.</ol>
===Configuring the SSH Service===
A common (if somewhat blatant ) way) to try to hack into a machine is to try to ssh as '''root''' and brute-force root's password. The root user always exists, meaning the attacker doesn't need to try guessing what user names are on your system. If they can get access to root, they can do anything. To prevent this, we will edit the configuration file for the ssh service to prevent root from ssh'ing into your host machine.
=== Generating a Public/Private Key Pair & Sharing the Public Key ===
The public/private key pair needs to be generated on and used on your '''host''' machine (i.e. the user/machine you're connecting '''from'''). The private key is the equivalent of a <u>''password''</u> (that it is why it is considered to be <u>''private''</u> - only to be used by ''<u>one</u>'' owner). That is why the private key is stored in the owner's '''~/.ssh/''' directory.
One very common mistake that students make is to either generate the key pair for the WRONG account, or copy the public key to the WRONG account on the intended remote machine.
# You will be creating a '''key-pair on your host machine with no password''' (i.e. when generating keypair press enter for all prompts including the password).
#Make certain you are logged on as '''root''' on your host machine.
# Generate the key-pair by issuing the command:<br><source lang="bash">ssh-keygen -t rsa</source>
'''NOTE:''' When issuing this command, you will end up with the files: '''~/.ssh/id_rsa''' and '''~/.ssssh/id_rsa.pub''' (private and public keys). So far, this topic is generally a repeat of OPS235 lab7. What you may '''<u>not</u>''' know is that by using a '''"trick"''' (the ''magic'' of public key cryptography), you can SSH to a Linux machine without using a password! Learning to perform this trick is <u>'''essential'''</u> in this course and in the industry in general. SSH keys are used everywhere that Linux servers are used.
If you have the private key, you can prove to someone who has your public key that you are indeed the '''actual owner of that public key'''. That is how ssh key authentication works. You are then only required to transfer your public key to a remote server.
'''NOTE:''' Always remember that these keys are '''per-user, <u>not</u> per machine'''. This means that sharing a user's public key will only work for that specific user.
== INVESTIGATION 3: PERFORMING & AUTOMATING BACKUPS ==
# On your '''host machine''', run the following commands:
<source lang=bash>mkdir -p /backup/incremental/vm1
rsync -avz 192.168.x.x:/etc /backup/incremental/vm1/ # where 192.168.x.x is the IPADDR of your vm1</source>
===Online Submission===
Follow the instructions for lab 1 on moodleblackboard.
===In Class Submission(Murray Saul's Classes only)===
[[Image:lab1_signoff.png|thumb|right|300px|Students should be prepared with '''all required commands (system information) displayed in a terminal (or multiple terminals) prior to calling the instructor for signoff'''.]]
'''Arrange evidence (command output) for each of these items on your screen, then ask your instructor to review them and sign off on the lab's completion:'''