Changes

Jump to: navigation, search

OPS235 Lab 7 - CentOS7 - SSD

45 bytes added, 08:34, 15 June 2016
no edit summary
=== Part 1: Enabling the sshd service. === '''Perform the following steps:'''
# Use your '''c7host''' machine to complete this section
# How is the file '''/etc/services''' related to the difference?
# Make sure the '''sshd''' service is running on '''all 3 of your VM's'''
 
'''Answer Part 1 observations / questions in your lab log book.'''
=== Part 2: Establishing a Safe SSH Connection: Public Key Authentication ===
{|width="40%" align="right"
As a system administrator, you have the ability to generate or create public and private keys to ensure safe and secure ssh connections. The system administer can generate these keys for the first time, of if they suspect that a hacker has compromised the server, can remove the existing keys and generate new keys. A common type of attack, Arp Poisoning (Man in the Middle Attack), can be used to redirect packets to a third party while maintaining the illusion that the connection is secure. Therefore, understanding about the generation and management of public/private keys are important to the security of servers.
'''Perform the following steps:'''
# Use your '''centos2''' VM to complete this section.
</ol>
'''Answer Part 2 INVESTIGATION 1 observations / questions in your lab log book.'''
=INVESTIGATION 2: USING SSH AND OTHER SECURE SHELL UTILITIES=
=== Part 1: How do you use scp and sftp. ===
When you have created an SSH server, then users can take advantage of secure shell tools (including the '''scp''' and '''sftp''' utilities)
The ssh client utility also contains many options to provide useful features or options when establishing secure connections between servers. One of these features is referred to as '''tunnelling''' - this term refers to running programs on remote servers (i.e. running the program on a remote server, yet interacting and viewing program on your local server. Since '''X-windows''' in Linux is a support <u>layer</u> to transmit graphical information efficiently between servers, ssh tunnelling becomes more useful and important to allow organizations to work efficiently and securely in a user-friendly environment.
'''Perform the following steps:'''
# Remain in your '''centos2''' VM for this section.
</ol>
'''Answer Part 1 observations / questions in your lab log book.'''
 === Part 2: How do you use ssh to tunnel X. ===
{|width="40%" align="right"
|- valign="top"
:You can also use ssh to '''tunnel window and bitmap information''', allowing us to login to a remote desktop host and '''run a Xwindows application''' such as <b>gedit</b> or <b>firefox</b> and the application will run on the remote host but be displayed on the local host.
 
'''Perform the following steps:'''
# For this section, you will be using your '''centos1''' and '''centos2''' VMs.
# Experiment with running other GUI applications through '''ssh'''.
'''Answer Part INVESTIGATION 2 observations / questions in your lab log book.'''
=INVESTIGATION 3: SECURING THE SSH CONNECTION=
=== Part 1: How do you use ssh to tunnel other traffic. ===
[[Image:Tunnel.png|thumb|right|600px|You can also use an ssh connection to '''tunnel other types of traffic'''. There could be different reasons for doing this. For example tunneling traffic for an unencrypted application/protocol through ssh can '''increase the security of that application''' (i.e. deceive potential hackers).<br><br>Alternatively you could use it to '''circumvent a firewall that is blocking traffic''' you wish to use but allows ssh traffic to pass through.]]
Sneaky! >;)
'''Perform the following steps:'''
# For this section, you will still be using your '''centos1''' and '''centos2''' VMs.
'''Answer Part 1 observations / questions in your lab log book.''' ===Part 2: Making sshd More Secure ===
Anytime you configure your computer to allow logins from the network you are leaving yourself '''vulnerable to potential unauthorized access''' by so called "hackers". Running the sshd service is a fairly common practice but '''care must be taken to make things more difficult for those hackers that attempt to use "brute force" attacks to gain access to your system. Hackers use their knowledge of your system and many password guesses to gain access'''. They know which port is likely open to attack (TCP:22), the administrative account name (root), all they need to do is to "guess" the password.<br><br> Making your root password (and all other accounts!) both quite complex but easy to remember is not hard.
The Linux system administrator can also '''configure the SSH server to make the SSH server more secure'''. Examples include not permitting root login, and change the default port number for ssh.
'''Perform the following steps:'''
# For this section, you will still be using your '''centos1''' and '''centos2''' VMs.
</ol>
'''Answer Part 2 INVESTIGATION 3 observations / questions in your lab log book.'''
= LAB 7 SIGN-OFF (SHOW INSTRUCTOR) =
13,420
edits

Navigation menu