Chapter 10 UNIX-LINUX Lab

Chapter 10 Lab kstudent@workstation ~]$ lab start ssh-review é GCR].“g lfib tyst RO R R SO Y Ensuring the required packages are installed . Creating required user productionl on servera Creating required user production2 on servera Creating required user productionl on serverb Creating required user production2 on serverb : Removing temporary files on serverb ................. L:ET ST T & VA A1 VAR DI L S T ) figev; + Permitting SSH as root on serverb .............. Recording the ndSsun_%gmégtc/ssh/sshd cpnfig [student@uofkstatiéfi"?i ssh student@servera Act:lvatn the web cinnsole q:ltlwstelct&sgnab Register this system with Red Hat finsiqhtmj‘nsighfi”o.’uen : Create an account or view all your systeqs [student@serve R CEEE T o M [productionl@server Generating pub11c/private rsa key pair. Enter file in which to save the key (/home/productionl/.ssh/id rsa): Created directory '/home/productionl/.ssh’ Enter passphrase (empty for qP ER LTI N T R ETEY L T T ES L B Your identification has been saved R holle/productionl .sshli Your public key has been saved g_(lhole/productionl.‘flssh/i.d rgn .pub The key fingerprint is: SHA256 : JwcCCBK2M2LM/pBfuOB12LObsC1118/132DXYW4j /K4 productionl@serve le.com WER Y '?r"andonal'? SUELES E 4~ [SHA256] - - - - [productionl@servera ~]$ ssh-copy-id productionl@serverb /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/productionl P VAT ST T Jlnb.lxanp

The authenticity of host 'serverb (172.25.250.11)' can't be established. ED25519 key fingerprint is SHA256:peUGgfxFNw6It6WK4CB2rs+jqll/LhA32M1: This }ey is not known by any other names Are you sure you want to continue connecting (yeslml[f!nv:rprint]fi’“' /usr/bin/ssh-copy-id: INFO: I!telpllll. s log * Wlt.h ‘the new key( out any that are already installed . - /usr/bin/ssh-copy-id: INFO: 1 key(s) re € ed now it is to install the new keys productionl@serverb's password: Permission denied, please try again productionl@serverb' &passun Last failed login: Thu Sep 21 ©1:16:45 EDT 2023 fm 172 There was 1 failed logil s fi [productionl@serve [root@serverb ~]# vim /etc/ssh/sshd_config (GRS ERE I - T2 d G CET BT T RETV [root@serverb ~]# vim /etc/ssh/sshd_config [T CEETVE B E A - T d G CET T T [root@serverb ~]# vim /etc/ssh/sshd_config [root@serverb ~]# cat /etc/ssh/sshd_config # $0penBSD: ‘IM cmfl',“lu 2021/07/02 Q:"f fi' ‘the sshd server systen-wide on 1 # :,sM :pnf!.g(w nr&lpfnmnn t sshd_config shipped wit! # OpenSSH is to specify options vith their default value where # possible, but 'Luvn them commented. Uncommented opt # 1% lodify the system-wide sshd configuratio # /etc/ssh/sshd_config.d/ which will be Include (gt:/ull/uhd config. d% # If you want to change the port on a SELinux system,

# SELinux about this change. # semanage po # #Port #AddressFamily an: #ListenAddress ©.0.0. #ListenAddres: mostkef'fetc/ssh/uh_ho:_ | ELCR LGV VAR I LR ST EE R #HostKey l(ftc/ss!|lssl'l_l'ma.t_e(lzss:l.s_ # Logging #syslogFacility #LoginGraceTime PermitRootLogin n #StrictModes yes #MaxAuthTries 6 #MaxSessions #PubkeyAuthentication # The default is to check both .ssh/authorized keys and .ssh/authorized keys: # but this is overridden so installations will only check .ssh/authorized_ ke Authnnx:fluvsFllfi,/.etrmt_lutlmrned_u LVETNGLIp ELL T #AuthorizedPrincipalsFile #AuthorizedKeysCommand no #AuthorizedKeysCommandUser nobod # For this to work you fiflfillfi need #HostbasedAuthentication no # Change to yes if you don't t # HostbasedAuthentication #IgnoreUserKnownHosts no LALCURR ST I TR #lgnnrenhns;é, # To disable tunneled #PasswordAuthentication yes

rmiTEMpTyrassworas #KerberosAuthentication #KerberosOrLocalPasswd yes #KerberosTicketCleanup #KerberosGetAFSToken no rmrosunkuurog [ SSAPI optiol #G6SSAPTAuthentication . LA (QTELTTE L ENS EN YL #GSSAPIStrictAcceptorCheck #GSSAPIKeyExchange no issnlznubleuuur&\ ; %flm&;fiu PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the KbdInteractiveAuthentication and # # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass # the setting of "PermitRootLogin without-password". B # If you just want the PAM account and session checlumtho # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. # WARNING: ‘'UsePAM not supported Fedori ELURLLY P # problems #UsePAM #fillmoentFomrflinfi #AllowTcpForwarding y #GatewayPorts no #X11Forwarding no #X11Displayoffset #X11UseLocalhost #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #PermitUserEnvironment r #Compression delayed #ClientAliveInterval ClientAlivelInterval 60 #ClientAliveCountMax #UseDNS no B