== Purpose of Lab 7 ==
[[Image:shield.png|thumb|right|180px120px|Protecting a computer network from unauthorized access is one of the many day-to-day operations for a Linux system administrator and/or security specialist]]
<u>'''Establishing a Safe SSH Connection: Public Key Authentication'''</u>
[[Image:spoof.png|thumb|right|485px|]]
As a system administrator, you have the ability to generate or create public and private keys to ensure safe and secure ssh connections. The system administer can generate these keys for the first time, of if they suspect that a hacker has compromised the server, can remove the existing keys and generate new keys. A common type of attack, Arp Poisoning (Man in the Middle Attack), can be used to redirect packets to a third party while maintaining the illusion that the connection is secure. Therefore, understanding about the generation and management of public/private keys are important to the security of servers.
When a user connects to a host using ssh, the host sends a fingerprint or digital signature to the client to establish its identity. The first time a connection is established the identity must be stored for subsequent connections. The fingerprints are stored separately for each user in a file called <code>~/.ssh/known_hosts</code> . <br /><br />From now on when you connect to that host the client will compare the received fingerprint against the list of known hosts before connecting. If the fingerprint does not match it could indicate somebody had setup a system to impersonate the computer you wish to connect to and you would receive a message similar to depicted in the diagram on the right.
==INVESTIGATION 2:==
<u>'''Using SSH Effectively'''</u>
[[Image:spoof.png|thumb|right|485px|If When you receive a message like have created an SSH server, then users can take advantage of secure shell tools (including the one displayed above, you should investigate why it is happening as it could indicate a '''serious security issuescp''' and '''sftp''', utilities) The ssh client utility also contains many options to provide useful features or it could just mean that something on options when establishing secure connections between servers. One of these features is referred to as '''the host has changedtunnelling'''- this term refers to running programs on remote servers (i.e. running the OS was program on a remote server, yet interacting and viewing program on your local server. Since '''X-windows''' in Linux is a support <u>reinstalledlayer</u>)]]When a user connects to a host using transmit graphical information efficiently between servers, ssh, the host sends tunnelling becomes more useful and important to allow organizations to work efficiently and securely in a fingerprint or digital signature user-friendly environment. <u>'''Making SSH More Secure'''</u> Anytime you configure your computer to allow logins from the client network you are leaving yourself '''vulnerable to establish its identitypotential unauthorized access''' by so called "hackers". The first time Running the sshd service is a connection is established the identity fairly common practice but '''care must be stored taken to make things more difficult for subsequent connectionsthose hackers that attempt to use "brute force" attacks to gain access to your system. The fingerprints are stored separately for each user in a file called <code>~/Hackers use their knowledge of your system and many password guesses to gain access'''.ssh/known_hosts</code> They know which port is likely open to attack (TCP:22), the administrative account name (root), all they need to do is to "guess" the password. <br /><br />From now on when you connect Making your root password (and all other accounts!) both quite complex but easy to that host remember is not hard. The Linux system administrator can also '''configure the client will compare SSH server to make the received fingerprint against SSH server more secure'''. Examples include not permitting root login, and change the list of known hosts before connectingdefault port number for ssh. If <u>'''Deceiving the "Hacker"'''</u> To help harden (protect a server from attack or "penetration"), system or security administrators have the fingerprint does not match it could indicate somebody had setup ability to "trick" or "mislead" a potential hacker in order to prevent system penetration. In this part, you will learn to impersonate use a combination of '''SSH server configuration''' and '''iptables rules''' to <u>redirect</u> the computer you wish SSH port to connect allow secure data traffic via another port (as opposed to the default port: 22), and you would receive a message similar use iptables to depicted in reject (better log) incoming tcp traffic via the diagram on default port. What is the rightresult of this?Simple.Permit the SSH service for the organization, and yet '''trick and confound the potential hacker''' into thinking that ssh traffic is used on a port that is no longer available (but they may not know this!) Sneaky! >;)
{{Admon/important |Be Aware of the Following Issues| Be aware of these common mistakes that students make that can cause problems for their future labs.}}
* Not following instructions
* Not constantly issuing commands to verify previous command were properly executed
