ssh keys, yum, ntp, rsync

Similar documents
Configuring a Standalone VCL Environment using VMware Server 2.0

StampA5D3x/PortuxA5/PanelA5. Quickstart Guide

Create Test Environment

Network Configuration for Cisco UCS Director Baremetal Agent

GM8126 MAC DRIVER. User Guide Rev.: 1.0 Issue Date: December 2010

Let us ping! First we will learn the Hello World of a networked machine.

CIS Test 1- Practice - Fall 2011

Access Server: User's and Developer's Guide <<< Previous Next >>>

Configure HOSTNAME by adding the hostname to the file /etc/sysconfig/network. Do the same to all the other 3(4) nodes.

Hostname and IP Address

Newsreader virtual machines Technical Report NWR

Using Shell Commands

Configure HOSTNAME by adding the hostname to the file /etc/sysconfig/network. Do the same to all the all nodes.

XE2000/XE3000 IP-PBX: Getting Started Guide Package Contents

New System Setup Guide

Hosting Applications Using Configuration Management Tools

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES. BSc (Hons) COMPUTER NETWORKS AND SECURITY SEMESTER ONE EXAMINATION 2014/2015 UNIX MODULE NO: CPU5003

Enabling CDC_ETHER Connection for Skywire GSM CAT1

RG-MACC_2.0 Installation Manual

IP over IB Protocol. Introduction CHAPTER

Lab #9: Basic Linux Networking

TABLE OF CONTENTS. ACI Solutions Team by Tomas de Leon 2

Wi-Fi Guide: Edimax USB Adapter on BBG

Oracle 11g RAC on Linux- CRS Inderpal S. Johal. Inderpal S. Johal

Practical Magic with SSH. By David F. Skoll Roaring Penguin Software Inc. 1 February

Getting Started with PetaLinux SDK

Basics of GNS3 and Cisco IOS

Cryptography Application : SSH. Cyber Security & Network Security March, 2017 Dhaka, Bangladesh

Quick guide for configuring a system with multiple IP-LINKs

NVIDIA Professional Application Center

HP Services zl Module ngenius Integrated Agent Installation and Getting Started Guide

UNIVERSITY OF BOLTON CREATIVE TECHNOLOGIES. BSc (Hons) COMPUTER NETWORKS AND SECURITY SEMESTER ONE EXAMINATION 2017/2018 UNIX MODULE NO: CPU5003

John the Ripper on a Ubuntu MPI Cluster

These documents and software are covered under the terms and conditions of the fp Technologies, Inc. Program License Agreement

raw]$ uname -a Linux laguna el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 GNU/Linux

Linux. Computer networks - Administration 1DV202. fredag 30 mars 12

Linux Essentials Objectives Topics:

RG-MACC-BASE_v2.01. Installation Guide

Enabling CDC-ETHER Connection for Skywire CAT1

CS Fundamentals of Programming II Fall Very Basic UNIX

Clustered Data ONTAP 8.3 Update 2, IPspaces. Self-paced Lab NETAPP UNIVERSITY. NetApp University - Do Not Distribute

Blueprints. Quick Start Guide for installing and running KVM

Accessing the Networking Stack

SSH. What is Safely 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:

2-1-1 ssh Secure SHell

ssh and handson Matsuzaki maz Yoshinobu 1

Configuring the BeagleBone Black s Ethernet Port for SSH Access

Setting Up A High-Availability Load Balancer (With Failover and Session Support) With HAProxy/Wackamole/Spread On Debian Etch

2-1-1 ssh Secure SHell

Installation von Oracle Real Application Cluster 10gR1 auf CentOS 4.2 mit Raw-Devices

Sirindhorn International Institute of Technology Thammasat University

Chapter 5 Network Layer

GMSplus Customer Connection Test Procedure

CS158 - Assignment 9 Faster Naive Bayes? Say it ain t so...

Cryptography Application : SSH. 7 Sept 2017, Taichung, Taiwan

This is a guide about using Putty on Windows with OpenSSH on Linux. You would learn about how to:

CS 215 Fundamentals of Programming II Spring 2019 Very Basic UNIX

INSTALLATION RUNBOOK FOR Hitachi Block Storage Driver for OpenStack

Jackson State University Department of Computer Science CSC / Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan

FiberstoreOS IP Service Configuration Guide

What is Secure. Authenticated I know who I am talking to. Our communication is Encrypted

FUJITSU Server PRIMEQUEST 2000 Series. Basic Installation Guide for Linux/KVM

Backup and Restore Technical Note

Cryptography - SSH. Network Security Workshop May 2017 Phnom Penh, Cambodia

Cryptography - SSH. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Lab Working with Linux Command Line

Linux Training. for New Users of Cluster. Georgia Advanced Computing Resource Center University of Georgia Suchitra Pakala

Services, logging, accounting Todd Kelley CST8177 Todd Kelley 1

High Availability of IBM Security Directory Server using Heartbeat A highly available authentication system

IT341 Introduction to System Administration. Project 4 - Backup Strategies with rsync and crontab

CHAPTER 7 DEMONSTRATE THE PAN IN LINUX

Emergency shell commands 1

Canopy Wireless Broadband Platform

Embedded Linux Systems. Bin Li Assistant Professor Dept. of Electrical, Computer and Biomedical Engineering University of Rhode Island

Using Juju with a Local Provider with KVM and LXC in Ubuntu LTS

Application Hosting Configuration Guide for Cisco ASR 9000 Series Routers

Build your own Lightweight Webserver - Hands-on I - Information Network I. Marius Georgescu. Internet Engineering Laboratory. 17 Apr

IT Services Security. The Dark Arts Of SSH. Author: John Curran Version: 0.1

Internet Tool Practice. 이지민 장동현

Files (review) and Regular Expressions. Todd Kelley CST8207 Todd Kelley 1

Replace HyperFlex Self-Signed SSL Certificates with CA-issued Certificates

World Sync, Clone, and Snapshot... Overview and Introduction. School of IS Curtin University. Overview

Project #6: Using ssh, scp and sftp with Key-Based Authentication

Shell Scripting. Todd Kelley CST8207 Todd Kelley 1

Silexica Software Licensing Introduction & Installation Version 1.0 English

VisibleThread - Server Configuration Help

How to configure VIVACOM 3g USB ( internet ) modem HUAWEI Mobile broadband E173 on Debian and Ubuntu GNU / Linux

Getting Started with Application Hosting

First of all, these notes will cover only a small subset of the available commands and utilities, and will cover most of those in a shallow fashion.

Package management rpm Package management with yum The tar tool

Using keys with SSH Rob Judd

LECTURE 7. Readings: - SSH: The Definitive Guide; D.J. Barret et al.; O Reilly Lecture outline: - SSH. Marco Spaziani Brunella, Manuel Campo

Step 3: Select This computer is part of business network,., click next

Sirindhorn International Institute of Technology Thammasat University

CS197U: A Hands on Introduction to Unix

PetaLinux SDK Guide to QEMU System Simulation

Prerequisites: Students must be proficient in general computing skills but not necessarily experienced with Linux or Unix. Supported Distributions:

SuMegha Cloud Lab Kit

This document guides the user through: 1. Setting up and configuring networking for the BeagleBone black or green with the host.

Packet Generator User Guider V0.1

Transcription:

ssh keys, yum, ntp, rsync 1

CST8177 Linux Operating Systems II Saturday 25-April-15 9:00-11:00 T119/T126 2

ifconfig to find your VM's ip address so you can ssh to it ssh key login yum ntp tar scp rsync 3

run the /sbin/ifconfig command You will need root account to configure your IP address: # ifconfig eth0 Link encap:ethernet HWaddr 00:0C:29:14:F8:93 inet addr:192.168.180.207 Bcast:192.168.180.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe14:f893/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1112 errors:1099 dropped:0 overruns:0 frame:0 TX packets:4178 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:210424 (205.4 KiB) TX bytes:624100 (609.4 KiB) Interrupt:19 Base address:0x2024 4

key-based logins are more secure than password logins you run ssh to log in from a client to a server on the client, you have a private and public key pair (with passphrase) on the server, you put your public key into ~/.ssh/authorized_keys IMPORTANT: permissions 700 on.ssh/, 600 on authorized_keys when you log in from the client to the server, you're prompted for your key's passphrase 5

Anybody can generate a matching private/public key pair You let anybody and everybody have a copy of the public key it's public! You keep your private key secret and hidden, only you have it it's private! Anyone who has your public key can use your public key to create a challenge that only someone with the matching private key can meet (in other words, only you can meet). 6

Key pairs are designed mathematically so that something encrypted with one key of the private/public pair can be decrypted by only the matching key of the pair. Something encrypted with the public key CANNOT be retrieved with the public key the private key is required! So the "challenge" is to encrypt a message (maybe random) with the public key. Only someone with the private key can decrypt the message and retrieve the original message 7

A copy of your public key is stored in authorized_keys in your account You have the private key and you tell the ssh server that you want to log in The ssh server says "OK", I have your public key here, and I'll use it to encrypt this random message, and give the result to you. If you can tell me the original message, you must have the private key (and you must be you). You use your private key to retrieve the original message, and send it back to the server. The server lets you in, because it assumes only you have the private key necessary to retrieve the original (random) message. 8

Cinderella's slipper? the assumption is that only Cinderella's foot (which only Cinderella has) will fit into the slipper The foot and the slipper match like a private and public key match One difference is that in public key cryptography, everybody has a copy of the slipper (only the real Cinderella has the foot that will fit the slipper) If I want you to prove to me that you are Cinderella, I get you to prove to me that your foot fits in the Cinderella slipper if it fits, you must be Cinderella The mathematics ensures that nobody else's foot will fit somebody's slipper, and given a slipper, you cannot create the matching foot. 9

Generating a keypair on Linux client: $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/wen99999/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/wen99999/.ssh/id_rsa. Your public key has been saved in /home/wen99999/.ssh/id_rsa.pub. The key fingerprint is: 81:27:65:81:26:fb:1b:6c:71:ae:a0:9c:58:5b:64:3b wen99999@wen99999 The key's randomart image is: +--[ RSA 2048]----+.+.. o+ +o o +.o.. o + +S. E =. + = + +. = o +-----------------+ [wen99999@wen99999 ~]$ 10

install your (client) public key to the server put the contents of id_rsa.pub (we generated this file on the client) into ~/.ssh/authorized_keys on the server can do this with vi, copy-paste alternatively, can do this with ssh-copy-id command you're running this command on the client client$ ssh-copy-id username@example.com now you should be able to log in with the key, and you'll need to give your passphrase for your key 11

http://www.howtoforge.com/ssh_key_based_logins_putty 12

http://teaching.idallen.com/cst8207/14f/not es/520_package_management.html yum can install software packages for you, retrieving them from a repository over the network performs dependency analysis: if the package you want to install depends on another package, it will install that too can also query installed packages, remove packages, update packages, etc run with root privileges 13

Examples: (see "man yum" for details) yum install ntp install the package "ntp" and its dependencies yum update update all currently installed packages yum update "nt*" # quote the glob from the shell update all packages that match the glob yum v repolist # print info about repositories yum list installed # list the installed packages yum list available # list the available packages yum list # combination of two above yum search fortune # search package names for fortune 14

we shouldn't need to change these, but if you're curious... repository files are in /etc/yum.repos.d CentOS-Base.repo main CentOS repository mirrors CentOS-Media.repo uses the DVD in your drive as a repository To configure your machine to use the EPEL repository (for cowsay, fortune-mod, etc): rpm Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/ep el-release-6-8.noarch.rpm 15

we'll be using the ntp package to keep our CentOS clocks synchronized with a time server, such as 1.centos.pool.ntp.org ntpd, the ntp daemon, will look after keeping our clocks accurate /etc/ntp.conf configures the daemon, and all we need to do is arrange for the daemon to start: bash$ chkconfig ntpd on bash$ chkconfig --list ntpd 16

now that the ntpd daemon is configured to start upon entering runlevels 2,3,4,and 5, let's check whether it's running: bash$ service ntpd status ntpd is stopped we are in runlevel 3 but we haven't actually entered that runlevel since we ran chkconfig we'll start it manually this one time: bash$ service ntpd start 17

create an archive of a directory tar cvzf mydirectory.tgz mydirectory c: create an archive v: verbose, print the filenames as their added z: compress the archive f: use the following as the filename for the archive extract an archive tar xvzf mydirectory.tgz x: extract an archive z: uncompress the archive 18

print listing of an archive without extracting tar tvzf mydirectory.tgz mydirectory t: print a listing v: verbose, like a long listing z: the archive is compressed f: use the following as the filename for the archive In each of the above examples exactly one of t, c, or x is mandatory f with an archive name is mandatory z: is mandatory if archive is, or is to be, compressed v: is optional for verbosity 19

scp behaves much like the familiar cp command, but with remote capabilities The arguments (source or destination) can optionally be for a remote file/directory http://teaching.idallen.com/cst8207/14f/notes/015_file_transfer.html A remote argument has a colon in it To copy local passwd file to wen99999's home directory on a remote computer scp /etc/passwd wen99999@cst8177.idallen.ca: Notice the colon in the remote dest argument file ~wen99999/passwd on cst8177.idallen.ca is created or if it already existed, it's overwritten 20

Whatever name follows the colon is relative to the home directory on the remote side (unless it's an absolute path and therefore not relative) use -p option to preserve timestamps, modes (analogous to -p with cp command) Use CAPITAL P option to specify a port if you're at a McDonalds and you want to copy to myuser's home directory on the CLS: scp -P 443 localfile.txt myuser@cst8177.idallen.ca: again, notice the colon in the remote argument notice that port option is -p for ssh, -P for scp 21

absolute local to absolute remote file foo scp -p /etc/passwd user@remote.com:/home/user/foo relative local file to absolute remote directory scp -p myfile user@example.com:/home/user/ directory and its contents to remote directory scp -rp mydir user@example.com:somedir absolute remote file to local home dir scp -p user@example.com:/etc/passwd ~ relative remote file to current local dir scp -p user@example.com:somedir/foo. 22

rsync behaves similarly to scp only one rsync argument can be remote Example copy local (relative) to local (absolute): rsync avh adir /some/dir a: archive mode, preserve permissions, timestamps, etc H: preserve hard links v: verbose if "dir" exists, "/some/dir/adir" will result if "dir" does not exist, "/some/dir" will be created and contain "adir", "/some/dir/adir" will result 23

be careful with a trailing slash on the source a trailing slash on source has special meaning: copy the contents of the directory these are the same rsync avh /src/foo /dst/ rsync avh /src/foo/ /dst/foo copy contents of src directory to dst directory rsync -avh /src/ /dst # /src/* in /dst/ copy src directory to dst directory rsync -avh /src /dst #end up with /dst/src 24

If you can't remember directory creation, and directory contents (trailing slash) versus directory itself, then use dot as the source directory for unambiguous usage All of the following will sync the local dir directory to make the remote rdir directory the same as dir, whether rdir already exists or not Use the same name (dir) on both sides if desired rysnc avh path/to/dir/. user@remote:path/to/rdir rysnc avh path/to/dir/. user@remote:path/to/rdir/. rysnc avh path/to/dir/./ user@remote:path/to/rdir rysnc avh path/to/dir/./ user@remote:path/to/rdir/. 25

rsync can copy across the network rsync avh dir/. wen99999@remote.example.com:dir that will copy/synchronize the local "dir" with the remote "dir" in wen99999's home directory on the remote machine named remote.example.com notice the colon in the remote argument if you forget the colon, you do a local copy to a file with '@' in its name 26

after the colon, you can specify a relative path (relative to the home directory) or an absolute path rsync avh adir/. wen99999@192.168.0.170:/etc/adir that example uses an absolute path at the destination end, and an IP address instead of a hostname 27

the other direction works too rsync wen99999@192.168.0.170:/etc/passwd. that copies the remote file /etc/passwd to the current directory (.), resulting in./passwd this time, we are not using archive mode this time, we are using an IP address instead of a fully qualified domain name 28

rsync compares source and destination and minimizes the number of bytes that need to be copied to update the destination rsync algorithm is designed to transfer only the parts of a file that have changed notice the "speedup" in the summary when you use the "-v" option 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback