Changes

Jump to: navigation, search

OPS235 Lab 7 - Fedora17

247 bytes added, 10:34, 18 March 2011
no edit summary
<ol><li value="7">* Logout of your ssh connection by typing <code>exit</code>.
<li>Check the state of the connection after logging out. Wait a few minutes and then check again. Record your observations.</li>
<li>Use the Internet to search for "TCP 3 way handshake" to see how TCP connections are established and closed.</li></ol>
{{Admon/tip | Tip: | In this part of the lab you established an ssh connection to another host using a password to establish your identity. But passwords are not the only or even the best way of authenticating your identity. We can also use Public/Private key encryption.}}
<ol><li value="10">* Answer the Investigation 2 question in your lab log book.</li></ol>
{{Admon/note | | Public Key authentication is a method of establishing identity using a pair of encryption keys that are designed to work together. One key is known as your private key (which as the name suggests should remain private and protected) and the other is known as the public key. (which as the name suggests can be freely distributed) The keys are designed to work together to encrypt data asymmetrically, that is to say that when we encrypt data with one of the keys it can only be decrypted with the other key from the pair. This means that when we connect, ssh can use the private key that only exists on my system in my account, to encrypt a message. That message can be decrypted by anybody with the corresponding public key. While it doesn't mean the message is secure as anybody could decrypt it with the public key, it does establish my identity, if the host can successfully decrypt the message then it must have come from the one person in possession of the private key. This basic method of authentication is used extensively in many network communications protocols that require the ability to authenticate identity.}}
* # Start by generating a keypair as your learn account on fedora2 using the command:** <br /><code>ssh-keygen -t dsa</code>* # That should generate output similar to the following:
<pre>
Generating public/private dsa key pair.
93:58:20:56:72:d7:bd:14:86:9f:42:aa:82:3d:f8:e5 user1@fedora2
</pre>
* <ol><li value="3"> After generating the keys it prompts you for the location to save the keys. The default is <code>~/.ssh</code> Your private key will be saved as <code>id_dsa</code> and your public key will be saved as <code>id_dsa.pub</code></li></ol>
{{Admon/tip | Tip: | You will then be prompted for a passphrase. The passphrase must be entered in order to use your private key. Passphrases are more secure than passwords and should be lengthy, hard to guess and easy to remember. For example one passphrase that meets this criteria might be "seneca students like fish at 4:00am". Avoid famous phrases such as "to be or not to be" as they are easy to guess. It is possible to leave the passphrase blank but this is dangerous. It means that if a hacker were able to get into your account they could then use your private key to access other systems you use.}}
* <ol><li value="4"> Once your keys have been saved you should check to make sure the permissions of the <code>.ssh</code> directory and your key files are secure. </li>* <li> Use the following commands to secure them:<br />** <code>chmod 700 ~/.ssh</code><br />** <code>chmod 600 ~/.ssh/id_dsa*</code><br /></li>* <li>The next step is to copy your public key to fedora3 (the remote host). You can use the scp command to do it.</li>* <li><code>scp</code> (secure copy) is used to copy files between hosts over the ssh protocol. The files are sent over an encrypted channel as is all ssh traffic. </li>* <li>Issue the command:** <br /><code>scp ~/.ssh/id_dsa.pub ops235@fedora3:</code></li>* <li>This will copy your public key to your ops235 home directory on fedora3.</li>* <li>The ''':''' is important as it separates the hostname from the path where it is copied to. </li>* <li>The default location is the users home directory on the remote host but you can also use an absolute or relative path after the ''':'''</li>* <li>Enter your password to complete the copy.</li>* <li>Now ssh to fedora3 using a password to authenticate.</li>* <li>Once logged in to fedora3 we need to add the public key to your list of authorized_keys</li>* The <li>he safest way to do this is to append the contents of <code>id_dsa.pub</code> to the <code>.ssh/authorized_keys</code> file. To do this use the command:<br />** <code>cat ~/id_dsa.pub >> ~/.ssh/authorized_keys</code></li></ol>
{{Admon/important | Note! | You don't want to overwrite the file as it may contain multiple public keys. Make sure you are using the append redirection '''>>''' and not '''>'''.}}
* <ol><li value="16"> Once again you should secure the <code>.ssh</code> directory and the <code>authorized_keys</code> file using the following commands:<br />** <code>chmod 700 ~/.ssh</code><br />** <code>chmod 600 ~/.ssh/authorized_keys</code></li>* <li>Logout of fedora3 and log back in again.</li>* <li>You should be prompted to enter your passphrase to unlock your private key.</li></ol>
{{Admon/tip | Tip: | If you are connecting from terminal started from in your GUI environment you can also choose it to remember your passphrase every time you login to the GUI.}}
* <ol><li value="19">Now we can ssh into fedora3 from fedora2 using 2 different authentication methods.</li>* <li>Answer the Investigation 3 question in your lab log book.</li></ol>
=== Investigation 4: How do you use scp and sftp. ===
Msaul
Administrators
13,420
edits
Retrieved from "https://wiki.cdot.senecapolytechnic.ca/wiki/Special:MobileDiff/60439"

Navigation menu