1,576
edits
Changes
→Switching to SSH keypair authentication:
== Part 3: Adding a Firewall Rule for the Custom SSH Port ==
[[Image:Ops705_sshd_custom_rule.png|right|500px|thumb|Figure 9: Adding a firewall rule for our new SSH custom port.]]
As mentioned, we want to change what port the system uses to allow incoming SSH connections. To do that, we have to add an extra rule to our firewall to allow it through:
# Review your current rules for reference: <code>sudo iptables -nvL --line</code>
=== SSH Listen Port ===
[[Image:Ops705_sshd_listenport_custom.png|right|400px|thumb|Figure 10: Setting the custom listen port for SSHd.]]# From the command line, run the following (it will take a few minutes): <code>sudo semanage port -a -t ssh_port_t -p tcp 22222</code>
# Using vim, open the SSH configuration file: <code>sudo vim /etc/ssh/sshd_config</code>
# Find the line (near the top) containing the words: '''Port 22'''
=== Switching to SSH keypair authentication: ===
[[Image:Ops705_filezilla-connect.png|right|400px|thumb|Figure 11: Connection information for FileZilla using the custom port.]]# First, download and install the FileZilla Client software on your personal computer.
# On your Linux VM as a regular user, generate your SSH keypair (accept all defaults): <code>ssh-keygen</code>
# Install the new keys on the system: <code>ssh-copy-id -p 22222 localhost</code>
# Using FileZilla on your personal computer, log into the Linux VM and download your new public key:to your personal computer. They can be found on your Linux VM in <code>~/.ssh/</code>
#* On Windows, store the downloaded key here: <code>C:\Users\[yoursenecaid]\.ssh\</code>
#* On Mac, store the downloaded key here: <code>~/.ssh/</code>, then run the following command: <code>chmod 700 ~/.ssh; chmod 600 ~/.ssh/id_rsa*</code>
# With a second terminal, verify that you can login to your VM's SSH from your personal computer without a password (keypair authentication). Do not move on to the next step until you’re sure.
#* Login the same way as before. '''If you aren't asked for a password, then keypair authentication has succeeded.'''
# Save both keys (''id_rsa'' and ''id_rsa.pub'') to secondary, portable location. This can be online storage like OneDrive or Dropbox, or to a USB drive. You will need your keys when you come to class to log in to your Linux VM going forward.
=== Adding Your Professor's Public Key ===
In this section, you will add your professor's public key to allow them to log in to your Linux VM and run lab checks and perform troubleshooting when needed.
# On Blackboard, find your professor's public key in ''Course Documents'' and copy the text from inside the file.
# Using the following command as your '''regular user''', install your professor's public key on to your Linux VM (substitute <professorID> for the actual public key text): <code>echo "<professorID>" >> ~/.ssh/authorized_keys</code>
# On your test terminal, log out and log back in again to check that keypair authentication is still working.
=== Disabling SSH password authentication: ===
[[Image:Ops705_sshd_passauth_no.png|right|300px|thumb|Figure 12: Disabling password-based authentication in SSHd.]]
# Make sure you have two SSH separate terminals connected to you Azure Linux VM.
# In your control terminal, use '''vim''' to open the SSH configuration file: <code>sudo vim /etc/ssh/sshd_config</code>
#* If you can't reconnect, use your control terminal window to find any mistakes you may have made. Remember, don't disconnect from your control terminal until you're sure you can reconnect! Use as many test terminal windows as you need.
= INVESTIGATION 4: Confirming Your Linux Work =[[Image:script-check-lab2.png|thumb|right|400px|If all checks pass, then user performed task correctly and can continue.]]===Running a Shell Script to Check Your Work=== Although you have been double-checking your work (right?), you ''might'' have made some mistakes. For example:* Forgetting to enable iptables.* Missing a firewall rule.* Forgetting to update Linux. To check for mistakes, a '''shell script''' has been created to check your work. '''If the checking shell script detects an error''', then it will tell you and offer constructive feedback on how to fix that problem so you can re-run the checking shell scripts until your work is correct. Perform the following steps:# Change directories to ~/bin: <code>cd ~/bin</code># Make sure you have the most recent lab files: <code>git pull</code># Change back to your home directory: <code>cd ~</code># Run the checking script for your Linux work in this lab: <code>labcheck2.sh</code>#* If you encounter errors, then view the feedback to make corrections, and then re-run the checking script.#* If all checks pass, then proceed to the next part.# Assuming you passed all checks, take a screenshot of the full script output. You'll need it for later. = INVESTIGATION 5: Updating Windows Server 2022 2019 =
Updating your Windows Server VM in Azure is a little bit easier. It takes advantage of the cloud infrastructure to allow point-and-click updates.
== Part 1: Updating with Artifacts ==
[[Image:Ops705_artifacts1.jpg|right|500px|thumb|Figure 13: Adding artifacts to your Windows VM in Azure.]]
# Spin up your Windows Server VM, and wait until it's fully started up.
# In the Azure blade for your Windows Server VM, click on the '''Manage artifacts''' item in the menu bar to the left.
= Lab Submission =
Submit to Blackboard full-desktop screenshots (PNG/JPG) of the following:
# Logging in to your Linux VM without a password on port '''22222'''.
# Run the <code>yum update</code> command to show there are no further updates to install and screenshot the result.
# Service status of ''firewalld'' and ''iptables''.
# Listing of your modified firewall rules.
# A full view of the contents of your '''othertext.txt''' file.# A full view of the contents of '''~/.ssh/authorized_keys'''.
# Listing of your applied artifacts in Azure for your Windows Server VM.
