Srping2024 Osp201 Lab4
Srping2024 Osp201 Lab4
3. Add your private key to your session keyring. Enter your passphrase when
prompted:
exec /usr/bin/ssh-agent $SHELL
ssh-add
4. Transfer the public key to the server VM. When prompted, enter the password
for your user account on the server
VM. (Substitute your own username and IP address in the following command.):
ssh-copy-id donnie@192.168.0.7
6. Observe the authorized_keys file that was created on the server VM:
ls -l .ssh
cat .ssh/authorized_keys
1. On either an Ubuntu, CentOS, or AlmaLinux 8 server VM, look for this line in
the sshd_config file:
#PasswordAuthentication yes
2. Remove the comment symbol, change the parameter value to no , and reload the
SSH daemon. The line should
now look like this:
PasswordAuthentication no
3. Now, when the botnets scan your system, they’ll see that doing a brute-force
password attack would be useless.
They’ll then just go away and leave you alone.
4. Look for either of these two lines, depending on whether the server is an Ubuntu
or a CentOS 7/AlmaLinux VM:
#PermitRootLogin yes
#PermitRootLogin prohibit-password
Uncomment the line and change it to the following:
PermitRootLogin no
6. On CentOS/AlmaLinux, do this:
sudo systemctl reload sshd
7. Attempt to log in to the server VM from the client that you used in the previous
lab.
8. Attempt to log in to the server VM from another client on which you haven’t
created a key pair.
(You shouldn’t be able to.)
9. As before, keep the server VM, because we’ll do more with it in a bit.
You’ve reached the end of the lab – congratulations!
7. Log out of the SSH session, and then log back in. View the system log file to see
the new entries from this new login.
8. Open the /etc/ssh/sshd_config file for editing. Change the LogLevel DEBUG3
line to the following:
LogLevel VERBOSE
9. After saving the file, reload or restart the SSH daemon. Log out of the SSH
session, log back in, and look at the entries in the system log file.
This lab will work on any of your VMs. Follow these steps:
1. On the VM that you wish to configure, create user accounts for Frank, Charlie,
and Maggie.
2. On CentOS or AlmaLinux, do it like this:
sudo useradd frank
sudo passwd frank
4. From either your host machine or from another VM, have the three users log in.
Then, log them back out.
5. Open the /etc/ssh/sshd_config file in your favorite text editor. At the bottom of
the file, add an AllowUsers line with
your own username, like so:
AllowUsers donnie
6. Then, restart or reload the SSH service and verify that it has started correctly:
7. Repeat step 3. This time, these three kitties shouldn’t be able to log in. Open
the /etc/ssh/sshd_config file in your
text editor. This time, add an AllowGroups line to the bottom of the file for the
webadmins group, like so:
AllowGroups webadmins