Changes

Jump to: navigation, search

OPS235 Lab 7 - Fedora17

321 bytes added, 19:54, 3 January 2014
no edit summary
[[Category:OPS235]]
{{Admon/caution|Draft Lab|This lab has NOT been released for regular distribution. When the lab is ready to be released, this caution banner will disappear.}}
= Setup and Configure Secure Shell Services (ssh) Using Virtual Machines =
[[Category:OPS235]][[Category:OPS235 Labs]]
==Overview==
=== Investigation 1: How do you enable the sshd service. ===
{{Admon/note | Use your f16host f17host computer system | Complete the following steps on your fedora host.}}
# OpenSSH should have been installed by default. Lets confirm this by issuing the command:<br /> <code>rpm -qa | grep ssh</code>
# You should see a number of packages installed including <code>openssh-clients</code> and <code>openssh-server</code>
# <code>openssh-server</code> installs a service called <code>sshd</code>, confirm this service is running by issuing the command:<br /><code>systemctl status sshd.service</code>
# Now check that the sshd service is configured to start for runlevels 2, 3, 4, & 5, by issuing the commandautomatically:<br /><code>systemctl is-a list-units | grep enabled sshd</code> # If the .service is not configured correctly fix it by issuing the command:<br /> <code>chkconfig --level 2345 sshd on</code>
# Now that you know the service is running investigate what port number and protocol sshd uses by issuing the command:<br /><code>netstat -atunp</code>
# What protocol and port is the sshd process using?
# Before we can use this new port we must change our firewall to allow traffic through the new port number and block access to port 22:<br /><code>iptables -I INPUT -p tcp -s0/0 --dport 22 -j DROP</code><br /><code>iptables -I INPUT -p tcp -s0/0 --dport 2200 -j ACCEPT</code>
# To test the new port connect to fedora1 from fedora2 using the following command:<br /><code>ssh -p 2200 user@fedora1</code>
{{Admon/important|Cannot connect via SSH?|To fix issues with the ability to ssh, on both machines:<ul><li>Ensure ssh is running. Systemctl status sshd.service.</li><li>Disable selinux by going into /etc/selinux/config and change "enforcing" to "disabled"; "targeted" to "minimum".</li><li>If your are still encountering problems flush iptables.</li></ul>}}
{{Admon/tip | Tip! | For scp access the option to be used is: <code>scp -P 2200</code>}}
{{Admon/tip | Tip! | For more ideas on making sshd more secure consult the HOW-TO link above.}}
Msaul
Administrators
13,420
edits
Retrieved from "https://wiki.cdot.senecapolytechnic.ca/wiki/Special:MobileDiff/90154...103160"

Navigation menu