932
edits
Changes
Added the steps for preventing ssh'ing to root on the host back in. Not only does it give experience in managing a service, it prevents one of the ways a number of machines were taken over in 2014.
<ol><li value="2">Launch your '''vm2''' machine, login to the machine, and open a shell terminal.</li><li>Use one of the commands above to check the status of your SSH server.</li><li>Issue one of the above commands to stop of the ssh server and run a command to verify that the ssh server is no longer running.</li><li>Issue another one of the above commands to start the SSH server and to verify that it is running.</li><li>Issue a command (not listed above) to confirm that the ssh service will run upon the next vm2 startup.</li></ol>
===Configuring a Service===
*A common, if somewhat blatant, way to try to hack into a machine is to try to ssh as root and brute-force the password.
**The root user always exists, meaning the attacker doesn't need to try guessing what user names are on your system.
**And if they can get access to root, they can do anything.
*To prevent this, we'll edit the configuration file for the ssh service to prevent root from ssh'ing into your host machine.
*Use cat to display /etc/ssh/sshd_config on your host.
*This file contains the configuration parameters for the ssh service.
*Lines that begin with # are comments. Either simple explanations of parameters, or parameters that have not been set.
*Open the man page for sshd_config
**This lists all the possible parameters in alphabetical order along with a brief explanation of what each one does.
**The parameter we are looking for is PermitRootLogin, read its description.
*Use an editor (e.g. vi) to open /etc/ssh/sshd_config, and find the line that has PermitRootLogin.
**By default it is set to yes, allowing the root user to ssh in to the machine.
**Uncomment it, and change it to no.
*Now try to use ssh from one of your VMs to log into your host as root.
**You'll still be able to. This is because (for most services) the changes you make to the configuration file do not take effect until the service restarts.
**Restart the sshd service on your host and try to ssh in again. Now it should prevent you.
*The configuration files for most services follow a very similar format. Some use an = between the parameter and its value, some require you to group certain parameters together, and most use # to be a comment. You will get lots of experience working with the configuration files for services in this course.
=== SSH Keys===
# Refer to the above notes to allow an ssh connection from your host machine to any of your Virtual Machines (''vm1'', ''vm2'', ''vm3'') without requiring a password.
# Test each ssh connection between host and each virtual machine to ensure that this works.
== INVESTIGATION 3: BACKUPS ==