Using Remote Connectivity for System Management

This chapter covers the following topics:

• SSH (Secure Shell)

• Executing Commands as Another User

The exam objective covered in this chapter is as follows:

• Objective 2.4: Given a scenario, configure and execute remote connectivity for system management

Used to be that you could just move your chair and work on a server system, way back in the day, but so very quickly that changed to having all the servers in the server room somewhere else, and not wanting to walk there, or even being in the location or even city or country as the servers!

Having grown up in the era of computing when using Telnet (an unsecure remote connectivity option that preceded SSH) and clear-text FTP was commonplace, I’ve witnessed the evolution of the world of remote networking from a much kinder and gentler place in which hacking was not very common to the current situation in which hacking is a persistent threat and secure terminal access to connect to remote systems safely and reliably to do work, mainly administering them, is an absolute requirement.

Today, you must have SSH installed and configured to be the most secure you can make it, as described in this chapter. You also need to know the importance of using passphrase authentication instead of password authentication to connect to a remote server or group of servers.

Another topic of great importance discussed in this chapter is the concept of privilege elevation or, as the Linux+ exam objectives state, “executing commands as another user.” This requires you to have an understanding of several different tools, both for the exam and as a responsible systems administrator.

The elevation of privilege is even more appropriate in conjunction with SSH because typically you should never allow the root user to sign in over SSH. Gaining access to root-restricted resources means you need to elevate yourself to having root access or equivalent when you get to the other system.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter or simply jump to the “Exam Preparation Tasks” section for review. If you are in doubt, read the entire chapter. Table 11-1 outlines the major headings in this chapter and the corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Review Questions.”

Table 11-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping

1. You want to use a more secure tool than rpc to remotely copy data across the network. Which of the following tools would you use?

1. ssh-add

2. sftp

3. ssh-agent

4. scp

2. You want to disable Secure Shell logins for all users except the root user. Which of the following files would you create to make this happen?

1. /etc/nossh

2. /etc/nologin

3. /etc/disablessh

4. /etc/sshrootonly

3. The process of allowing remote-running GUI-based applications to display locally when connected to the remote system via SSH is called ________.

1. Remote Display

2. SSH GUI Mode

3. X11 Forwarding

4. Tunnel Mode

4. Which command allows you to execute commands as another user, but only if you know the other user’s password?

1. runas

2. pkexec

3. sudo

4. su

5. Which option to the su command allows you to fully take on the user’s account settings, including settings that are applied during the login process?

1. -a

2. -u

3. -l

4. -r

6. Which file is used to configure sudo access?

1. /etc/config/sudo.config

2. /etc/default/sudoers

3. /etc/sudo

4. /etc/sudoers