13,420
edits
Changes
→Generating a Public/Private Key Pair & Sharing the Public Key
#The option '''PermitRootLogin''' for '''all of your VMs''' for both labs and assignments MUST be set to '''yes'''. The reason for this is that you have created a virtual network, so you have protected the host from root login, so you don't have to do the same for your VMs. Also, by allowing root login for your VM's will allow you to automatically backup your VMs to your host machine (via a crontab entry) without being prompted for a root password for each VM.
'''Note: ''' Configuration files for most services follow a very similar format. Some use an = between the parameter and its value, some require you to group certain parameters together, and most use # to be a comment. You will get lots of experience working with the configuration files for services in this course.
=== SSH Key Concepts===
'''Perform the following Steps:'''
# Make certain you are in your '''host ''' machine.
# You will be creating a '''key-pair on your host machine with no password''' (i.e. when generating keypair press enter for all prompts including the password).
# You generate Make certain you are logged on as '''root''' on your host machine.# Generate the key-pair by issuing the command:<br><source lang="bash">ssh-keygen -t rsa</source>
'''NOTE:''' When issuing this command, you will end up with the files: '''~/.ssh/id_rsa''' and '''~/.ss/id_rsa.pub''' (private and public keys). So far, this topic is generally a repeat of OPS235 lab7. What you may '''<u>not</u>''' know is that by using a '''"trick"''' (the ''magic'' of public key cryptography), you can SSH to a Linux machine without using a password!<br>Learning to perform this trick is <u>'''essential'''</u> in this course and in the industry in general. SSH keys are used everywhere that Linux servers are used.
If you have the private key, you can prove to someone who has your public key that you are indeed the '''actual owner of that public key'''. That is how ssh key authentication works. You are then only required to transfer your public key to a remote server.
<ol><li value="45">You are going to share the public key from the '''root user in your host machine''' with the '''root user of your vm1 machine'''.</li><li>Make certain you are logged on as '''root'''.</li><li>Copy contents of your '''~/.ssh/id_rsa.pub''' from your host machine, and append the contents to '''~/.ssh/authorized_keys''' on each of your Virtual Machine servers</li><li>Simply issue the Linux command '''ssh-copy-id -i ~/.ssh/id_rsa.pub username@server'''<br><br>In your case: ssh-copy-id -i ~/.ssh/id_rsa.pub root@IPADDR_for_vm1</li><li>Make certain to copy the public key for root on your host to your vm2 and vm3 machines as well.</li><li>Use the ssh command to test each ssh connection between your host and each virtual machine that you can connect to the VMs without having to use a password. This is essential to create backups from VMs to your hostmachine without being prompted for password.</li></ol>
'''NOTE:''' Always remember that these keys are '''per-user, <u>not</u> per machine'''. This means that sharing a user's public key will only work for that specific user.
== INVESTIGATION 3: PERFORMING & AUTOMATING BACKUPS ==
