EX200 Red Hat Certified System Administrator RHCSA – Establishing secure connections via SSH

1. Installing and configuring SSH server part 1

Welcome all to this chapter. Today I would like to start talking about Red Hat servers. And to be more specific, I would like to say I would like to explain how you can actually connect to one via remote. And for this we are going to need two systems. Basically one will be a server and another one will be a red Hat, a client, so to say. For that purpose, I have chosen to download Sentos. Sentos is basically a red Hat. It’s almost exactly the same. There’s about 2% difference in between the two. Nothing that anybody would actually notice. Most of the differences are negligible. In fact, I have advised all to actually use Sent us at the beginning of the course as it is free and you will be able to follow through the course without any problems. So I will now bring up my second machine.

My second machine will be my server, which will be sent off and I will use my existing machine, which is a Red Hat, in order to connect to this server via SSH. SSH is a communication, I suppose you can say it’s a way of communicating between two machines. You basically log into a machine via remote and then there you can execute commands and all traffic is heavily encrypted. So only you and the other person on the other side can actually see what can actually know what is going on as anybody in between or anybody else will not be able to see pretty much anything. Anyway, in order for us to do this, we will first need to download Sent US. Their official website is www. centaus. org.

You can just go ahead and click on get Sentos. Now there are several things here. It is possible for you to actually download a minimal ISO and then install a non GUI, something of a kind. But for the purposes of this tutorial, I have downloaded a full version because I am able to get a full screen there. But you yourself will not need a full screen. So you can actually download a minimal ISO file without any GUI interface of whatsoever. This is not a bad idea because it will consume minimal amount of resources. And considering that this is a virtual machine, every bit of resource, any amount of resources, resources on our systems are limited. And the less you use, the better it is. Let me put it like that. But as I said, for the purpose of this tutorial, I would like to have a full screen. So I will download a full DVD ISO. Do not worry, I have I’m not going to download it now during tutorial. Rather instead I have downloaded previously. But you can also go ahead and it says ISOs are also available via torrent.

So you can go ahead and click there and then you have these different things. I mean these are 64 bit versions. If you need a 32 bit version, you can go ahead and click on alternative downloads, if I’m not mistaken. And there you go. Unfortunately, sent OS. Seven. I don’t see a 32 bit version here, but it doesn’t matter. You can download Sentos 6. 6 here. I 38 six. That would be the 32 bit version. You will be able to do pretty much the same things that we do here. If you have a 32 bit system, you won’t be deprived of pretty much anything. Some of you might say, oh, but it’s not the latest version, or something of a kind. Well, the difference in the versions usually are the high end features and they’re fine tuning. So to say something that somebody who is learning, somebody who is trying to pass the Red Hat certified system administrator exam is not going to notice that much anyway. So pick the version that you need downloaded, and I have already downloaded mine. I have a virtual box here. So I have red hat. It is up and running. You can see my previous session.

One of my previous sessions is here. Anyway, I just cleared the screen and I will leave Red Hat as it is. I will leave the machine running. I have enough resources on this particular machine to a lot to the Next machine. But if you don’t, as I said, install the minimal version and give less resources. I do have a ton of other virtual machines here. None of them are running at the moment. They’re all powered off. But I would like to create a new one which will be sent to us. The installation is pretty much the same. I will quickly go through it so that you may see it. Send OS. It is immediately recognized as a if you type in Sentos, it will recognize as a Linux system and it immediately recognizes it as a Red Hat 64 bit version. There’s also a 32 bit version if needed. So just go ahead and click on Next.

Can I create a machine sent to US in the parent folder? This folder already? Oh yeah. Okay. So I have somebody I have one of my machines that is named yes, I do have another machine which is named exactly the same. I’m using that one for a completely different purpose, so I won’t mess with it. This one I will name sento s Udemy. Let’s put it so Sentos Udemy you can name it whatever you wish. I simply couldn’t name it Sent to US because I already have a machine called Sent to US. Go ahead and click on Next. I will allot at least 1GB of Ram, even though it can run on less. Next, how much space? I will give it about 128 gigs. You can get away with 20 if you don’t have enough space. Maybe 20 is not the best of ideas. Try in between 30 and 50 if you tried to say space. But it should work out without any problems. Anyway, go ahead and click on Create and there you go we have this so right click on it, say Settings, click on Settings, go to Storage, select the device first click on Controller ID where it says Empty and then let’s go ahead and choose our virtual CD DVD drive. Where is it? Okay, there we go. So mine is in Downloads yours is wherever you’ve downloaded it, most likely in Downloads. Again, it doesn’t matter if you’re doing this on a Windows or a Linux system.

My host is Linux. But it’s completely relevant whether your host is Windows or Linux or Mac. The procedure is basically the same. Just download a file from the net and then select it here in the Virtual Box interface. Because Virtual Box interface is pretty much the same for all operating systems out there that are supported. So I have sent OS 64 DVD. Yes. I will take this one. Is this the one that I want? No, I have the DVD down below so I will select that one and there we go I have the ISO file. Go ahead and click on OK now I will power the machine on and let the installation fly.

Install Sent OS Seven I can also test the media but I won’t because this is a virtual machine and I’m fairly certain that everything is all right as I have used this image prior to this tutorial for other purposes this hardware has not undergone upstream testing. Please consult I don’t really care it will run. It is amazing how many things can actually go wrong and Linux system will still actually manage to boot and run which is a bit weird, but still it works. Don’t ask me how, it just works and you definitely won’t need to know this for Red Hat how? Why? Kernel, the background of things, et cetera for the exam anyway, go ahead and select your language. I will leave the default one because actually I’m going to select UK because I use the UK keyboard. So go ahead and click on Continue.

Going a bit slow here, but it doesn’t really matter. I will just select the default options here, primarily because it doesn’t really matter to me. But I don’t want a minimal install. I personally will go ahead and say server with GUI. But you can also say minimal install, and this will consume the least amount of resources in your system. But I want a server with GUI. So what do we want here? There are a few things that we can actually install from here. So we can go ahead and select our desktop environment, which will be KDE. And notice that you do have more options here depending on which version of Red Hat you purchase from the net and not the version, but which package of Red Hat that you purchase from the net. That is the amount of options that you will have, like these here. But with Sentos you have all the options by default. That is why it is good to have Santos first to actually test out all the options and then actually buy Red Hat if you need it. So what else do we need? So Katie, I don’t really need any of these things. I don’t need a database, virtualization tools, not at the moment. Development compatibility, libraries is not a bad idea always. We will later on install LDAP as well.

I wonder if I can actually find it here. It doesn’t really matter. I mean I will show you how to install it from the command line anyway. So we have done that. I don’t really see the need for anything else really. I just need a desktop and that’s it. Everything else I will install manually. We’ll go ahead and click on Done installation destination. I will also just click on Done. That’s going to take consume the whole disk. I’m sure that you remember we went through all these steps and we have seen how all this works and hopefully by this point of time it is all clear. If it’s not, go ahead and ask any questions that you like. I want to configure my network settings. I want to say bridge mode and I forgot to do this. Then I allow all okay, network not connected. I do want the network to be connected during the installation can be very useful and very important. So begin installation.

Set root password. Just some nonsensical password that doesn’t really matter. But I would advise you to actually put something strong on a production environment for a virtual machine. You can do whatever you want here. Pretty much you need to click on Done twice if the password is bad. So next for user name we will use creator. And down below I need to type in the password. I’m just going to go ahead and type in the same one because it’s completely relevant. Now click on Done twice because it won’t allow you to actually do it without clicking it twice. If the password is not the best, if the password does not conform with the standardized rules. But since we are the ones performing the installation, it is assumed that we are rooted, that we have complete control. So we can bypass all of those things anyway. I will pause the video here and then we will continue not in the follow tutorial, but rather instead we will continue within this tutorial. I’ll just pause it so you don’t have to sit through the installation for no reason whatsoever.

Okay, so the installation is complete. Let’s just go ahead and reboot the device. Reboot the machine actually sorry, should take just a bit of time. No big deal. There, there we go. It’s putting it up. Just select the first one, press Enter, that’s all you need to do. And then you’ll be prompted with a login screen. Just like in Red Hat. No big deal. There pretty much the same thing in every sense that matters to us. Let me just go ahead and exit this, see if I can expand it. It’s not going to catch guest editions by default. I won’t show you how to install virtual box guest editions here, because I already have for Red Hat, and it’s exactly the same procedure. There is nothing different that you need to do here in order to obtain a full screen, so I will do that outside of a tutorial in order to save us a little bit of time. Now, you will need to accept a license here, just like you do have to do with Red Hat.

So just go ahead and click on done. But you don’t have to pay for anything. Just say finish configuration and that’s it. It’s completely free. No extra charges or anything of a kind. All the updates, repos, and everything else that you might think of that comes along with CentOS is pretty much free as far as Centaus itself as an environment is concerned. I’m just waiting for it to boot up. Sometimes I wish I had like, four socket computer or something of a kind with four processors on it. That would be nice. Then I could assign multiple cores to these machines. I can do so now, but it would slow down my physical machines significantly. So let’s go ahead and log in. Just sign in. It shouldn’t take long now. Just black, ugly screen. Oh, well, what can you really do about it? That’s the way it is.

That’s the way you get accepted any moment. Come on. I am literally begging you, please, pretty please. Booting. Booting for the first time. I guess it takes a bit longer. Excellent. So there we go. If I just right click on the screen and click open in terminal. That’s the fastest way to open up a terminal. And just as I say that okay, there’s the welcome screen. I need to go ahead and click next through that. Basically, if you want to configure a keyboard, feel free. Okay, so now we have our terminal here, and come on. I do not require Gnome help. Okay? To be honest, it’s going to ask you this the first time you install it. I will go ahead and zoom this in so you can see it better. Excellent. So what do we need here what we need to install the SSH servers, and we need to verify that we have connectivity. Now let’s do a few things with the network. First, there will be a separate section on network configuration, but for the time being, I will just go through just a few basic commands that you can memorize like this, and then later on, I will give detailed explanations.

As far as network is concerned, we need to know these things because well, we need to know the IP address if we want to connect to the other server or we need to know the host name. But then that host name needs to get resolved somewhere and we don’t have a DNS server. I don’t really have a DNS server here rather instead problem has occurred. At first boot I sincerely hope I didn’t click restart there. Anyway, I don’t have a DNS server set up here. So we will be using IP addresses and then later on we will see what we will use for LDAP. The first thing that we need to do is verify that we are connected to internet. So just go ahead and type in ping and the thing that the address that’s at the top of my mind is basically Google. com unknown host. So we do not have internet connectivity. This can be a problem. Go ahead and click on devices. Let’s see are we in bridged mode?

Bridge mode allowed. Okay so all of this seems fine and dandy let me see what our network manager here says wired off on turn it off actually on sorry. There we go. So if we type in ping Google. com, this is going to work. Excellent for getting a reply. Let’s clear the screen. Now, let us go ahead and type in if config. This command might be familiar to you because in Windows you would type in IP config, but here you will type in if configur, press Enter and you will get a few interfaces down below. So we are at the moment using this interface ENP zero s three. And this is the IP address. Your might be a bit different depending on how your router or your computer assigns these things. Depending on how your connection is set up, it’s completely relevant. What you need is your functioning interface, and then you need to know the IP address of that interface and you will need to confirm that you are well, you don’t actually need to be connected to the Internet for this because we are doing everything internally, which is kind of convenient.

For us. But for the time being, I want you to know where you can actually find your IP address. Go ahead and clear the screen. Type in Yum, same as in red hat. Yumsearch SSH press Enter and this will consume a little bit of your time until it actually figures it out. And there you go. So there is open SSH server X 86 64. This is what we will need. So if we go ahead and clear the screen and type in Yum install and then paste in this particular file, press Enter. The installation will run. Of course it won’t. We need to be root. Sometimes I forget these things. I don’t know why. So go. Ahead and type in yum install I sincerely hope that the screen and the terminal are large enough I can see them clearly and I’m standing and I’m sitting quite some distance away from my screen. So I hope that all of you can see it as well. But then again, I have pretty good site. Press Enter and this will begin the installation procedure. But since another application is holding Yum locked, which is my pending update, I will need to kill it first. And that we’re going to deal with this in the follow up tutorial where we’ll continue. Because I am running a bit short on time here.

2. Installing and configuring SSH server part 2

Welcome all to this tutorial. Today I will show you how you can create a passwordless SSH login. Why should you do this? Well, to be quite, to be frank and brief, passwords are insecure. Let me put it so why? Well, you know, they can be guessed. That’s the first flaw. Second flaw is that you actually have to type it in and whoever is looking from behind your back or whoever is nearby can hear you typing. So they can either figure out so they can literally hear the amount of keys you press on your keyboard and they will know the length of your password or they can actually see you typing it in. They don’t have to catch all the characters. But if you keep typing it in every day and if somebody’s there in the office, they will eventually see it and know it. And if you use that password on some of your other services as well, that can be a security nightmare.

Security scenario nightmare. Let me put it so anyway, in order for us to avoid such inconvenient situations, we will configure our SSH server to permit passwordless logins via keys. So let’s go over to our SSH server which is sentos. I will go ahead and log in. I’m sure I have a few stuff running here. Okay, that was me testing these sort of things out. Now let’s go ahead and have a look at our configuration file in order to have a look at the SSH configuration file. SSHD configuration file just type in vim at CSSD config and here you can configure a lot of things and I mean a lot of things. You can actually change the port. So by just deleting this by just deleting this bar and typing in a different port number different port number. You can actually change the port here if you like but I will just leave 22. Usually when it goes over the internet, people tend to change the port.

Feel free to do so down below. I have also changed a few other settings. I have these two set on yes, Rsoauthentication and Public Key authentication authorized files is set there. And I have also disabled the root login. Not sure where it is. Let me just go ahead and find it. Okay, so root no it’s at the top. There we go. So permit root login. It says no here. Usually it will say yes and it will be written off like this. Yes and there should be a bar here as well. So it will be commented out. What you need to do is remove the bar and type in no. Because we do not want anybody to be able to log into our server as brute. Rather instead we want them to be able to log into our server as a regular user and then be able to switch to root if there is a need for it. Of course.

Anyway, I’ve done those modifications for myself. You can do some other ones as well depending on your needs. But as I said, you won’t most of these things. You will like 90% of the things in here you will not require for the Redhead certified system administrator. You can also disable password authentication but I would advise against it for the time being. Instead of yes, just type in no. Anyway, I will go ahead and quit. I’m not going to do any modifications here because I’ve already changed the file myself. After you have done all of this, you just use this command in order to restart the server and that is all you really need to do just to make sure that all of it gets applied. Let’s go back to our Red Hat client now. And from here we are going to attempt a login. Let’s just exit root because we don’t want to be doing this as root. And now we are going to attempt to log in. First make preparations for a passwordless login and then attempt a passwordless login.

So what do we need to do? We need to type in SSH and after that key gen press Enter. You can just go ahead and press Enter. Here it says Enter file in which to save the key. You have the default file. The default file is just fine for me. It says that it already exists. Would I like to overwrite it? You most likely won’t get this part because I’ve done this a few times before and the keys have stayed there. So I’m just going to say yes overwrite Enter passphrase. Now I’ll I’m not going to use a passphrase in addition to my keys. So I’m just going to go ahead and press Enter twice. And that is literally all you need to do in order to create a key. Now, creating a key is not enough. You need to import a key onto the server. How do you do that? Well, you type in SSH copy ID and then you need to type in the user and the server. So 182168 101. Now I need to type in the password. Is it going to work? Permission is not pleased. What? Come on. Do I have Caps look on or something? I don’t think I do. Let’s go ahead and try this again. Of course not. I love it when I make these silly mistakes with spelling. Okay, there we go. So it has went through without any problems as you just saw.

You should be rather careful when typing these things in to make sure that they are correct. Now we will do as the program basically suggests. Now try logging into the machine with SSH and then this create her at the IP address. So Sshcreator at 1921-6811 and we are prompted with a password again. So we are doing something wrong here. Something is not right. What do you suppose could be the case? So let’s go ahead and type in the password permission did not.

Please try again. Why are you doing this? I truly am a genius. I am a genius. Please give pay tribute or something of a kind. Agent Admitted Failure to sign in using the Key and this is going to be an error that you’re going to get. I have gotten it read through the forms or something of a kind, mainly due to the key configuration on the server side. So you most likely had a key that was previously there or something of a kind on the server, the portion of which has stayed there. Or something went wrong during the key import phase and now the agent is admitting failure because it can’t handle it. I’ve made a quick patch for it. Quick work around. Not sure how well is it going to work now, but let’s see if we will actually succeed. Come on. Echo pretty much nothing into homecreator. SSH authorized keys. Excellent.

So now that file is empty and I have restarted to reset the service as well. Let’s go ahead and repeat the procedure once again and import the keys to see what happens. Okay, now we have imported the keys again. Let’s see if it works. Agent admitted failure using the key. Let’s go back again. Let’s see what we can actually do with this. Echo servicesshd restart and let’s see if I actually have anything else left in that file. Okay, so let’s cat authorize keys. No, there is nothing in that file. It’s empty. Well, let’s go ahead and remove it to altogether. So RM authorized keys. Yes. And let’s do service SSHD. I’m doing this simply to save you a bit of time during your own process, during your own session of doing this. So you don’t have to ask me. Rather instead you can see the troubleshooting process yourselves. So let’s go ahead and actually generate another key as well.

Okay, go through that. Yes, please overwrite it fastphrase. No fast phrase. Now we need to import the key. Copy it actually over to the server. Excellent. Now that is done. Let’s go ahead and attempt to log in. Agent Admitted Failure okay, so after searching for it a little bit on the net, I found out that that was actually an SSH error. That this was an SSH error. And in spite of everything, I have actually decided to incorporate everything into this tutorial just because I believe that you too will probably encounter this error. And I would really love it if you actually were able to see the solution in the tutorial just in case you encounter an error. If you don’t encounter an error, great for you, but at least you know what the solution for it is and it might serve you at a certain point of time. Go ahead and type in SSH Add, press Enter and there you go. Identity Added.

The solutions which I’ve tried previously was due to my belief that I have misconfigured it or something of a kind. But no, not really. Everything was fine. However, SSH does have this error that occurs from time to time and it is necessary for you to know how to fix it. And that is why I’ve chosen to incorporate this into this tutorial as opposed to just cutting out this part with greetings and not including it. If you do encounter some errors here, feel free to go into the discussions section. I am always around and I try to answer all questions as fast as I can. So let’s go ahead and clear the screen now and attempt to log in. Okay, so this is me testing out the SCP. There we go. So we have managed to log in without any difficulties. We are now a user creator on our SSH server. Okay, now, since we’ve done this, I would like to show you one final thing that is related to SSH. I would like to show you how you can copy pretty much anything from one point to another. This can be done regardless of the distance and of the size. For example, this is something that people do.

They create something on their home machines. They create a website or something of a kind, and then they copy it over to their cloud somewhere where the site becomes alive. You can also copy your entire SQL database. It is all dependent on you. You can combine SAP with tar. I’ve showed you how to use tar in the previous tutorials. So you can create one huge tarball. You can create a tarball of 100GB or something of a kind. And then you can use the SCP command to basically copy pretty much anything from any point to any other point in a secure encrypted fashion, which is very useful and very nice. So I am now on my server over here and I will go ahead and enter desktop. I do believe that I have a file here. It’s called example.

Now I will copy example from my server from the Sent OS SSH server onto my Red Hat client. In order for us to do that, let me just show you that I don’t really have anything in the path. I will copy it into downloads. And let me just show you that I don’t really have anything in downloads. Well, I do have some things here, but I definitely don’t have a file under the name of Example. Let’s go ahead and copy the file. Let me see if I have a command memorized here. There we go. So this is the syntax for copying local files to a remote site. I would advise you to go into the net and just to type in SCP usage examples using your favorite search engine. Their examples are numerous, depending on what your purpose is. But it’s fairly similar always. It doesn’t change that much. It just allows you to copy things from one end to another. And it allows for the encryption layer to exist so that nobody can see what even though somebody could possibly capture traffic in between, they couldn’t actually see what it was because it’s encrypted. And let me just go ahead and press Enter.

Well, before I do, I’m sure you understand. This is a file here. This is a command SCP. This is a local file. I could have also typed in I could have also typed in front of the example something like this path through the file. I could have also used this and specified a path to the file. But since I’m already in the desktop folder and the file is there, doesn’t really matter. I can just go ahead and use it like this. Then I specify the user name on the remote site. I specify the IP address, and I also have the directory. So you put a colon here and then you specify a directory on the remote site.

Where in which folder do you want to copy this file? Simple as that. Just go ahead and press Enter. It will prompt you for a password. Press Enter. Permission denied. Okay, let me get my passwords. Excellent. So there you go. The file has indeed been copied. Let’s go over to this other screen and type in LS and you can see that the example is dead. Let me just show it like this to you. There you go. It’s right there. I managed to copy it. As I said, the file size doesn’t matter. You could copy an entire database in this fashion. Anyway, I bid you all farewell and a ton load of luck.

3. SSH passwordless login and SCP ( secure copying of files between hosts )

Welcome back everybody. Let’s just go ahead and go back into the terminal. Now, you might have noticed that I spread this across the whole screen. And I’m not sure if this white color is killing you or not. I have also installed VirtualBox guest editions and I’ve ran updates. So all I did was yum update. That’s it. And I have installed VirtualBox guest editions. The procedure is exactly the same as it is with Redhead. Now, let me just go ahead and do this. So, preferences and profiles are named. We need to edit that. What shall we place? So colors. Excellent. So I will use exactly the same colors as I have used them there, as I have used them on Red Hat as well.

So last time we’ve tried to install the SSH open SSH server, but we have failed. I have failed miserably. Primarily because the Yum packet manager was actually occupied with the Package Kit. So what we need to type in is Yum again, actually, let’s just go ahead and type in Search SSH. The way you would handle that error that we got previously where we were locked with Package kit is following. Let the search just finish and then I’ll show you. So psyphon EF actually, we can do this. Alex Grab. And then the name of the process which is occupying your time. So I’m sure you know this option for your case. Pat Skid.

Now, I’ve killed it. But a moment ago it was actually running. So I managed to isolate the PID of the process. And then I just wrote Kill and then the PID number here. That’s it. That’s all I needed to do. And then Yum ran. I have shown you some of these things and how you can do them in the previous tutorials. So just go ahead and type in Yum install now. And where is it? Where is it? Let’s see which one do we need? An open source implementation of SSH protocol, version one and two. I am going to take this one for the time being. And then later on we will install some additional services as well. Yeah, of course, they need to be root. So let us become root. I tend to forget this from time to time. Common error. It will happen to you as well. There is very little that you will be able to do in order to prevent it. But then again, it’s not really an error.

You just lose 2 seconds of your time and that is it. Excellent. So it says Package OpenSSH is already installed and latest version. Now, this is good news. Good news indeed, since we don’t need to actually spend any time on the installation. But here is the installation command, the one that is selected now on the screen. So Uninstall OpenSSH x 86 64. And that is pretty much all you really need to do in order to install it. Now, let me just see if we need something else?

No, I do not believe that we do. Excellent. So let’s just go ahead and clear the screen. Oh, by the way, if you’re using a 32 bit version, you won’t get the 64 bit version. Your search will actually return 32 bit versions which you can install just the way that the repositories are configured. Anyway, now that we have finished up our installation, we do need to open up our Firewall. Now, Firewall is a subject which we will cover in a separate tutorial, of course, because it is rather broad and all of that. But for the time being, I will show you a single command and how you can edit IP tables, which is basically a Linux Firewall.

The very first thing you need to do is go ahead and type in IP tables, which is a command. Do not worry if you do not understand the whole command or if some portions of it remain unclear to you, because as I said, there will be a separate tutorial dealing with Linux Firewall. Linux Firewall is basically Iptables and I will explain in far greater detail available options there and I will demonstrate how you can configure Firewalls Linux Firewall further. But for the time being, I would like to insert a rule into position one. Insert a rule into accepted to input. There we go. With tab into input at position one, I would like to specify a protocol which will be TCP and Dport, which will be my destination port. This will be 22 because SSH is configured to function on port 22 by default. Furthermore, I will need to type in J, the command what do we expect the system to do? So accept it. And that’s really it. That’s all you need to type in. And now argument. Okay, let’s go ahead and have a look.

IP tables h actually, let’s just try this. There we go. So I was just missing one Hyphen there and if we do IP tablesput, you can see that my very first rule in the chain is DCP. We did the station port for SSH. 22 is the standard port for SSH. We will be of course able to change that at will to pretty much give it a choice from a wide we’ll be able to give it another port from a wide range of port choices a bit later on. For the time being, you need to punch a hole in your Firewall in order for this to work. Otherwise SSH protocol will not work. I mean, it will work on the server, of course, but nobody will be able to connect to it, which is rather inconvenient.

So let’s just take a look at this command once again shortly. Iptables is the Firewall and that is the command that you use to edit the Firewall. I could have used append here, but instead I have used Insert because Insert allows me to specify a position in the chain or in the portion. Let’s go ahead and do this again because I really didn’t explain what chains are. To me, it comes naturally, but I’m afraid you won’t understand what a chain is. I will explain this later, of course. So it’s Hyphen I, which is for insert and then input is basically a segment of the firewall. That’s all that it is. And what I’m saying in that segment, take the first position, and in the first position, please insert, please accept basically here all packets which are TCP on the destination port of 22. Now, this is the basic explanation of what I have just written here. But as I said, this rule you can use as well.

You can just retype it for me. This will punch a hole in your firewall and open up a route for SSH secure shell. And later on, I will show you in far greater detail how this command works, what other options you have, and how you can manipulate your firewall rules to your heart’s content. Anyway, now that we have indeed done that, I have ran a reset on this machine. So let’s just see if it actually contains the same IP address as before. I have Config, doesn’t actually have an IP address because networking is disabled. Let’s have a look. Now I have config. Okay, we have 1921-6811. I will now go ahead and open up my red hat machine. So it’s right here should be functional. Excellent. So now we would like to connect to that place. All that you need to type in is SSH username. Who do you want to be on the remote system? So obviously I want to be creator at 1921-6811.

And if I press Enter, it will ask me, it will say basically that the authenticity of a host 192-1681 can’t be established. The authenticity cannot be established because the fingerprint, it doesn’t have its key in the files. There’s nothing to compare it with. It doesn’t exist. It just means that we’ve actually never connected to this client before or to the server before would be a correct way of putting it. So are you sure you want to continue connecting? Because we are now going to import this key from somewhere else. And I will type in yes, because I know exactly where I’m logging in. But if you’re not certain or if you don’t know, I would definitely suggest you don’t do it because you’re accepting the encryption from somebody and you’re accepting a remote shell, basically because we are going to connect to them via remote shell. But a lot of problems can come to be because this remote shell works both ways. When you type in commands there, you have to get a return output from somewhere else and there can be a lot of tempering with it.

So if you know where you’re logging into, go ahead and say yes. If you have no idea where this place is, please say no. There is no need to connect to it. So go ahead and say yes. Now it says warning permanently added to the list of known hosts. So the key has been added, the fingerprint that is. And now we will need to actually type in the password here. So test a fairly simple password and there we go. We are now logged in. How do you know that we’re logged in? Well, if Fig will show me that IP address and you’re like, well, you might have typed it in on the Red Hat server as well. The Red Hat client as well. Here. Well, let me show you. Okay, so terminal, come on. I don’t think I’ll be able to do this. Oh, I actually will. So you see here it says if config and then we have the IP address. But here when we type in if config, we have a completely different IP address. You can also type in who am I? It says creator and if I type in on my own system, who am I? It says random guy. So I have successfully become a completely different person over here as opposed to over there on my own system. Anyway, now we can issue commands like whatever we want. We can create file. You can do everything that we have done thus far in a shell. For example, I can go ahead and touch create.

I’m doing this the long way around. So home creator and now I can perhaps go into downloads and then in downloads I will go ahead and create hey, anybody there? Press enter and this file has indeed been created there. So let’s go ahead. I will minimize this. And now I’m in my center west machine. So let’s go ahead and go navigate into downloads. A double dot CDSpace. Double dot is go back one folder. Then I’m typing in a slash and I’m going to type in downloads LS. And you see that there is a need of file. Hey, anybody there? Fairly simple protocol to master, not a big deal. You can log in with ease. Now, logging in with passwords is not the best of options whether instead what we want to do is log in with keys and we also want to examine the configuration files for SSH, the key files for SSH, et cetera. All of that we will do in the final and last tutorial in regards to SS, SSH and remote connection to a server or to a client or to wherever you would like to. Anyway, I bet you all farewell and I hope to see you in the follow up tutorial.

• Category: Uncategorized