1,576
edits
Changes
m
When complete, show your instructor Submit to Blackboard full-desktop screenshots (PNG/JPG) of the following in-class:# Log Logging in to your Linux VM without a password on port 22222.
[[Category:Fall 2022]]
Chris.johnson moved page OPS705 Lab 3 to OPS705 Lab 3 (2227) without leaving a redirect
== Part 3: Adding a Firewall Rule for the Custom SSH Port ==
[[Image:Ops705_sshd_custom_rule.png|right|500px|thumb|Adding a firewall rule for our new SSH custom port.]]
As mentioned, we want to change what port the system uses to allow incoming SSH connections. To do that, we have to add an extra rule to our firewall to allow it through:
# Review your current rules for reference: <code>sudo iptables -nvL --line</code>
=== SSH Listen Port ===
[[Image:Ops705_sshd_listenport_custom.png|right|400px|thumb|Setting the custom listen port for SSHd.]]
# Using vim, open the SSH configuration file: <code>sudo vim /etc/ssh/sshd_config</code>
# Find the line (near the top) containing the words: '''Port 22'''
#* If the status is in a ''Failed'' state, retrace your steps. Look back at the SSHd config file for typos. Redo the last two steps to apply additional changes.
#* If the status is '''active (running)''', move onto the next step.
# In your '''test terminal''', disconnect from your SSH connection and reconnect'''using the new port 22222'''.(Ex: <code>ssh -p 22222 yourSenecaUsername@address</code>)
#* If you're able to reconnect, move on to the next step.
#* If you can't reconnect, use your control terminal window to find any mistakes you may have made. Remember, don't disconnect from your control terminal until you're sure you can reconnect! Use as many test terminal windows as you need.
=== Switching to SSH keypair authentication: ===
[[Image:Ops705_filezilla-connect.png|right|400px|thumb|Connection information for FileZilla using the custom port.]]# First, download and install Filezilla FileZilla on your personal computer.
# On your Linux VM as a regular user, generate your SSH keypair (accept all defaults): <code>ssh-keygen</code>
# Install the new keys on the system: <code>ssh-copy-id -p 22222 localhost</code># Using Filezilla FileZilla on your personal computer, log into the Linux VM and download your new public key:
#* On Windows, store the downloaded key here: <code>C:\Users\[yoursenecaid]\.ssh\</code>
#* On Mac, store the downloaded key here: <code>~/.ssh/</code>
# With a second terminal, verify that you can login to your VM's SSH from your personal computer without a password (keypair authentication). Do not move on to the next step until you’re sure.
#* Login the same way as before. '''If you aren't asked for a password, then keypair authentication has succeeded.'''
=== Disabling SSH password authentication: ===
[[Image:Ops705_sshd_passauth_no.png|right|300px|thumb|Disabling password-based authentication in SSHd.]]
# Make sure you have two SSH separate terminals connected to you Azure Linux VM.
# In your control terminal, use '''vim''' to open the SSH configuration file: <code>sudo vim /etc/ssh/sshd_config</code>
= Lab Submission =
# Run the <code>yum update</code> command to show there are no further updates to install and screenshot the result.
# Service status of ''firewalld'' and ''iptables''.
[[Category:OPS705 Labs]]
[[Category:Digital Classroom]]