Lab 20

docx

School

San Antonio College *

*We aren’t endorsed by this school

Course

2325

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

7

Uploaded by BaronRiver11822

Report
To configure your SSH server in CentOS 9 to keep inactive sessions open for at least one hour, secure it to listen on port 2022 only and allow only user lisa to log in, and test the settings from server2, follow these steps: Lab 20 - Task Preparation 1. Update the system: sudo dnf update Figure 1: dnf update command output 2. Enable and start the SSH service: a) sudo systemctl enable sshd Figure 2: Using sudo systemctl enable sshd command b) sudo systemctl start sshd Figure 3: Using sudo systemctl start sshd command
c) Confirm the SSH service status: sudo systemctl status sshd Figure 4: Confirming sshd status using output from the systemctl status sshd command The service should display it is active and enabled. Lab 20 - Task 1 Configure your SSH server in such a way that inactive sessions will be kept open for at least one hour. (Found in Connection Keepalive Option Section ) 1. Edit the SSH server configuration file: sudo vim /etc/ssh/sshd_config Figure 5: Command to enter the /etc/ssh/sshd_config file
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Below is the first 15 lines of the …/sshd_config file. Figure 6: Sample output of the /etc/ssh/sshd_config file 2. Find the following parameters: a) #ClientAliveInterval b) #ClientAliveCountMax While in vim command mode, type /ClientAlive . This will cause vim to search and highlight the entered characters.
3. Uncomment the parameters and set the values as follows: You can uncomment the ssh options by deleting the # symbol at the beginning of the line for each option. Upon # deletion, the color will change from blue to orange. a) ClientAliveInterval 3600 b) ClientAliveCountMax 3 Figure 7: ssh Keepalive option settings To maintain the session, the SSH server will send a null packet to the client every 3600 seconds or once an hour. The session will end if the server does not hear back from the client after three null packets have been sent. Save and close the file. 4. Save your changes and close the file. Figure 8: Saving changes and exiting vim 5. Restart the SSH service: sudo systemctl restart sshd Figure 9: Restarting the sshd service Since the SSH service is a daemon running in the background that maintains SSH connections, restarting it is essential to apply changes to the configuration file. Restarting will be necessary for the changes to take effect; this is especially true when modifying session timeouts. Now, your SSH server will keep inactive sessions open for at least sixty minutes. Note : It is crucial to remember that extending the SSH timeout could pose a security concern since attackers can stay connected to your server even when they aren't utilizing it. Only increase the timeout when required. Lab 20 - Task 2 Secure your SSH server so that it listens on port 2022 only and that only user lisa is allowed to log in. (Found in Exercise 20-1 Configuring SSH Security Options) 1. Configure the SSH service to listen on port 2022 only: sudo vim /etc/ssh/sshd_config
a) Find the following line: Port 22 Figure 10: Line Port 22 b) Change it to: Port 2022 Figure 11: Port 22 line uncommented and changed to Port 2022 2. While still in the /etc/ssh/sshd_config file, configure the SSH service to allow only user lisa to log in: a) Add the line AllowUsers lisa Figure 12: Configuration to allow lisa sshd log in 3. Save and close the file. Figure 13: vim save and quit command 4. Restart the sshd service by typing, sudo systemctl restart sshd 5. Configure the firewall to allow incoming connections to port 2022: a) Open the firewall for port 2022 also, using firewall-cmd --add-port = 2022/ tcp, Figure 14: sudo firewall-cmd --add-port=2022/tcp command output
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
b) followed by firewall-cmd --add-port = 2022/ tcp –permanent Figure 15:Firewall-cmd --add-port=2022/tcp --permanent command output Note: Disregard the warning. I got it from using the command prior. 6. Configure SELinux to allow incoming connections to port 2022: sudo setsebool -P ssh_port_t ssh_port_2022_t To set SELinux to accept inbound connections to port 2022, type sudo setsebool -P ssh_port_t ssh_port_2022_t . Here's a command breakdown: sudo : This keyword instructs the operating system to run the command with root privileges. setsebool : This command modifies or sets Boolean values in SELinux. -P : Indicates the command to make the modification persistent, meaning it will take effect even after a reboot. ssh_port_t : specifies whether incoming connections to the SSH port are permitted. ssh_port_2022_t: determines whether incoming connections to port 2022 are allowed. Lab 20 - Task 3 Test the settings from server2. Make sure that the firewall as well as SELinux are configured to support your settings. (Found in Exercise 20-1 Configuring SSH Security Options, Step 9) 1. Test the settings from server2: ssh lisa@server1.example.com -p 2022 If you can log in successfully, then the settings are configured correctly. Note : You may need to update the firewall and SELinux settings on server2 as well, depending on your configuration.

Related Documents

Quiz5.docx
Case 1 Reflection.pdf
script practicum.docx
Excel_4G_Aquatics_Instructions.docx
Lab 11.docx
Lab 4.docx
CenOS 9 - Lab 17.1.docx
CenOS 9 - Lab 24.1.docx
CenOS 9 - Lab 22.1.docx
CenOS 9 - Lab 18.1.docx
CCTV Cameras.docx
6010 Week 2 Discussion.docx