Prerequisites

Figure 957. Shell / Bash Slide presentation

Bash Guide for Beginners


Figure 958. Secure Shell Slide presentation

The definitive guide, also available at SafariOnline

  • Public/private keys, pass phrases

  • Trusted hosts

  • Port forwarding

  • X11 forwarding

  • ssh agent


Figure 959. Working with files Slide presentation

Figure 960. Gathering network related information Slide presentation

Figure 961. Handle processes Slide presentation

Figure 962. vim text editor introduction Slide presentation

Vim Introduction and Tutorial


Figure 963. Creating a ssh public/private key pair Slide presentation
ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/goik/.ssh/id_rsa): 
Created directory '/home/goik/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/goik/.ssh/id_rsa.
Your public key has been saved in /home/goik/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:mi/5CaYsND/Dc+qr8CJ9Yji/zzP1SwuES/OmlnqvvK0 goik@bw-lehrpool
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|                 |
|     .           |
|    + . S        |
|  o. =.o         |
|.+ +.oOo.        |
|=o=+&*+=.o       |
|.=*%E#oo*.       |
+----[SHA256]-----+

Figure 964. Configuration file permissions on windows network file systems Slide presentation
cd .ssh 

touch known_hosts 
cp id_rsa.pub authorized_keys 

setfacl -R --remove-all . * 

chmod go-w . * 
chmod ugo-x * 
chmod go-r id_rsa 

Enter secure shell client configuration directory.

Creating an empty file known_hosts being subsequently populated by ssh public host keys during remote logins. This allows for remote system identification.

The authorized_keys file contains the set of public keys providing remote log in authorization to the current system.

This invocation pays tribute when using a Windows network share: The extended ACLs are too open with respect to security considerations.

Only the owner is allowed to read .ssh directory content and files being contained within.

Configuration files do not necessitate execution privileges.

The ssh private key should only be accessible by its respective owner.


Figure 965. Resulting permissions and configuration test Slide presentation
ls -al

drwxr-xr-x+  2 goik fb1prof    0 Oct 13 16:03 .
drwxr-xr-x+ 30 goik fb1prof    0 Oct 13 16:04 ..
-rw-r--r--+  1 goik fb1prof  398 Oct 13 16:02 authorized_keys
-rw-------+  1 goik fb1prof 1675 Oct 13 16:02 id_rsa
-rw-r--r--+  1 goik fb1prof  398 Oct 13 16:02 id_rsa.pub
-rw-r--r--+  1 goik fb1prof  222 Oct 13 16:03 known_hosts

Testing ssh private key based logins to your local system:

~> ssh localhost
Welcome to Ubuntu 18.04.3 LTS ...

exercise No. 1

Enabling index based file search

Q:

  • Install the mlocate package.

  • Index your current file system using the updatedb command

  • Use the locate aptitude command to search for filenames containing the string »aptitude«.

  • Create a new file mylocaltest.txt.

  • Use locate localtest. What do you observe?

  • Rebuild the index again.

  • Use locate again searching for files containing the »localtest« string again.

A:

The first locate localtest call fails since the mylocaltest.txt file is not part of the index yet. After rebuilding it will be found.

exercise No. 2

Using the tail -f command

Q:

  • Login to your VM

  • Issue tail -f /var/log/auth.log.

  • Ask your partner to log into the same VM and watch for incoming changes.