Changes

# Use your '''c7host''' machine to complete this section

# How is the file '''/etc/services''' related to the difference?

# Make sure the '''sshd''' service is running on '''all 3 of your VM's'''

{|width="40%" align="right"

As a system administrator, you have the ability to generate or create public and private keys to ensure safe and secure ssh connections. The system administer can generate these keys for the first time, of if they suspect that a hacker has compromised the server, can remove the existing keys and generate new keys. A common type of attack, Arp Poisoning (Man in the Middle Attack), can be used to redirect packets to a third party while maintaining the illusion that the connection is secure. Therefore, understanding about the generation and management of public/private keys are important to the security of servers.

# Use your '''centos2''' VM to complete this section.

</ol>

=INVESTIGATION 2: USING SSH AND OTHER SECURE SHELL UTILITIES=

When you have created an SSH server, then users can take advantage of secure shell tools (including the '''scp''' and '''sftp''' utilities)

The ssh client utility also contains many options to provide useful features or options when establishing secure connections between servers. One of these features is referred to as '''tunnelling''' - this term refers to running programs on remote servers (i.e. running the program on a remote server, yet interacting and viewing program on your local server. Since '''X-windows''' in Linux is a support <u>layer</u> to transmit graphical information efficiently between servers, ssh tunnelling becomes more useful and important to allow organizations to work efficiently and securely in a user-friendly environment.

# Remain in your '''centos2''' VM for this section.

</ol>

{|width="40%" align="right"

|- valign="top"

:You can also use ssh to '''tunnel window and bitmap information''', allowing us to login to a remote desktop host and '''run a Xwindows application''' such as <b>gedit</b> or <b>firefox</b> and the application will run on the remote host but be displayed on the local host.

# For this section, you will be using your '''centos1''' and '''centos2''' VMs.

# Experiment with running other GUI applications through '''ssh'''.

=INVESTIGATION 3: SECURING THE SSH CONNECTION=

[[Image:Tunnel.png|thumb|right|600px|You can also use an ssh connection to '''tunnel other types of traffic'''. There could be different reasons for doing this. For example tunneling traffic for an unencrypted application/protocol through ssh can '''increase the security of that application''' (i.e. deceive potential hackers).<br><br>Alternatively you could use it to '''circumvent a firewall that is blocking traffic''' you wish to use but allows ssh traffic to pass through.]]

Sneaky! >;)

# For this section, you will still be using your '''centos1''' and '''centos2''' VMs.

Anytime you configure your computer to allow logins from the network you are leaving yourself '''vulnerable to potential unauthorized access''' by so called "hackers". Running the sshd service is a fairly common practice but '''care must be taken to make things more difficult for those hackers that attempt to use "brute force" attacks to gain access to your system. Hackers use their knowledge of your system and many password guesses to gain access'''. They know which port is likely open to attack (TCP:22), the administrative account name (root), all they need to do is to "guess" the password.<br><br> Making your root password (and all other accounts!) both quite complex but easy to remember is not hard.

The Linux system administrator can also '''configure the SSH server to make the SSH server more secure'''. Examples include not permitting root login, and change the default port number for ssh.

# For this section, you will still be using your '''centos1''' and '''centos2''' VMs.

</ol>

= LAB 7 SIGN-OFF (SHOW INSTRUCTOR) =