RH124 - ch10s04

Preface A: Introduction

Section A.1: Red Hat System Administration I

Section A.2: Orientation to the Classroom Environment

Chapter 1: Getting Started with Red Hat Enterprise Linux

Section 1.1: What is Linux?

Section 1.2: Quiz: Getting Started with Red Hat Enterprise Linux

Section 1.3: Summary

Chapter 2: Accessing the Command Line

Section 2.1: Accessing the Command Line

Section 2.2: Quiz: Accessing the Command Line

Section 2.3: Accessing the Command Line Using the Desktop

Section 2.4: Guided Exercise: Accessing the Command Line Using the Desktop

Section 2.5: Executing Commands Using the Bash Shell

Section 2.6: Quiz: Executing Commands Using the Bash Shell

Section 2.7: Lab: Accessing the Command Line

Section 2.8: Summary

Chapter 3: Managing Files From the Command Line

Section 3.1: Describing Linux File System Hierarchy Concepts

Section 3.2: Quiz: Describing Linux File System Hierarchy Concepts

Section 3.3: Specifying Files by Name

Section 3.4: Quiz: Specifying Files by Name

Section 3.5: Managing Files Using Command-line Tools

Section 3.6: Guided Exercise: Managing Files Using Command-line Tools

Section 3.7: Making Links Between Files

Section 3.8: Guided Exercise: Making Links Between Files

Section 3.9: Matching File Names with Shell Expansions

Section 3.10: Quiz: Matching File Names with Shell Expansions

Section 3.11: Lab: Managing Files from the Command Line

Section 3.12: Summary

Chapter 4: Getting Help in Red Hat Enterprise Linux

Section 4.1: Reading Manual Pages

Section 4.2: Guided Exercise: Reading Manual Pages

Section 4.3: Reading Info Documentation

Section 4.4: Guided Exercise: Reading Info Documentation

Section 4.5: Lab: Getting Help in Red Hat Enterprise Linux

Section 4.6: Summary

Chapter 5: Creating, Viewing, and Editing Text Files

Section 5.1: Redirecting Output to a File or Program

Section 5.2: Quiz: Redirecting Output to a File or Program

Section 5.3: Editing Text Files from the Shell Prompt

Section 5.4: Guided Exercise: Editing Text Files from the Shell Prompt

Section 5.5: Changing the Shell Environment

Section 5.6: Guided Exercise: Changing the Shell Environment

Section 5.7: Lab: Creating, Viewing, and Editing Text Files

Section 5.8: Summary

Chapter 6: Managing Local Users and Groups

Section 6.1: Describing User and Group Concepts

Section 6.2: Quiz: Describing User and Group Concepts

Section 6.3: Gaining Superuser Access

Section 6.4: Guided Exercise: Gaining Superuser Access

Section 6.5: Managing Local User Accounts

Section 6.6: Guided Exercise: Managing Local User Accounts

Section 6.7: Managing Local Group Accounts

Section 6.8: Guided Exercise: Managing Local Group Accounts

Section 6.9: Managing User Passwords

Section 6.10: Guided Exercise: Managing User Passwords

Section 6.11: Lab: Managing Local Users and Groups

Section 6.12: Summary

Chapter 7: Controlling Access to Files

Section 7.1: Interpreting Linux File System Permissions

Section 7.2: Quiz: Interpreting Linux File System Permissions

Section 7.3: Managing File System Permissions from the Command Line

Section 7.4: Guided Exercise: Managing File System Permissions from the Command Line

Section 7.5: Managing Default Permissions and File Access

Section 7.6: Guided Exercise: Managing Default Permissions and File Access

Section 7.7: Lab: Controlling Access to Files

Section 7.8: Summary

Chapter 8: Monitoring and Managing Linux Processes

Section 8.1: Listing Processes

Section 8.2: Quiz: Listing Processes

Section 8.3: Controlling Jobs

Section 8.4: Guided Exercise: Controlling Jobs

Section 8.5: Killing Processes

Section 8.6: Guided Exercise: Killing Processes

Section 8.7: Monitoring Process Activity

Section 8.8: Guided Exercise: Monitoring Process Activity

Section 8.9: Lab: Monitoring and Managing Linux Processes

Section 8.10: Summary

Chapter 9: Controlling Services and Daemons

Section 9.1: Identifying Automatically Started System Processes

Section 9.2: Guided Exercise: Identifying Automatically Started System Processes

Section 9.3: Controlling System Services

Section 9.4: Guided Exercise: Controlling System Services

Section 9.5: Lab: Controlling Services and Daemons

Section 9.6: Summary

Chapter 10: Configuring and Securing SSH

Section 10.1: Accessing the Remote Command Line with SSH

Section 10.2: Guided Exercise: Accessing the Remote Command Line

Section 10.3: Configuring SSH Key-based Authentication

SectionSection 10.4: Guided Exercise: Configuring SSH Key-based Authentication

Section 10.5: Customizing OpenSSH Service Configuration

Section 10.6: Guided Exercise: Customizing OpenSSH Service Configuration

Section 10.7: Lab: Configuring and Securing SSH

Section 10.8: Summary

Chapter 11: Analyzing and Storing Logs

Section 11.1: Describing System Log Architecture

Section 11.2: Quiz: Describing System Log Architecture

Section 11.3: Reviewing Syslog Files

Section 11.4: Guided Exercise: Reviewing Syslog Files

Section 11.5: Reviewing System Journal Entries

Section 11.6: Guided Exercise: Reviewing System Journal Entries

Section 11.7: Preserving the System Journal

Section 11.8: Guided Exercise: Preserving the System Journal

Section 11.9: Maintaining Accurate Time

Section 11.10: Guided Exercise: Maintaining Accurate Time

Section 11.11: Lab: Analyzing and Storing Logs

Section 11.12: Summary

Chapter 12: Managing Networking

Section 12.1: Describing Networking Concepts

Section 12.2: Quiz: Describing Networking Concepts

Section 12.3: Validating Network Configuration

Section 12.4: Guided Exercise: Validating Network Configuration

Section 12.5: Configuring Networking from the Command Line

Section 12.6: Guided Exercise: Configuring Networking from the Command Line

Section 12.7: Editing Network Configuration Files

Section 12.8: Guided Exercise: Editing Network Configuration Files

Section 12.9: Configuring Host Names and Name Resolution

Section 12.10: Guided Exercise: Configuring Host Names and Name Resolution

Section 12.11: Lab: Managing Networking

Section 12.12: Summary

Chapter 13: Archiving and Transferring Files

Section 13.1: Managing Compressed tar Archives

Section 13.2: Guided Exercise: Managing Compressed Tar Archives

Section 13.3: Transferring Files Between Systems Securely

Section 13.4: Guided Exercise: Transferring Files Between Systems Securely

Section 13.5: Synchronizing Files Between Systems Securely

Section 13.6: Guided Exercise: Synchronizing Files Between Systems Securely

Section 13.7: Lab: Archiving and Transferring Files

Section 13.8: Summary

Chapter 14: Installing and Updating Software Packages

Section 14.1: Registering Systems for Red Hat Support

Section 14.2: Quiz: Registering Systems for Red Hat Support

Section 14.3: Explaining and Investigating RPM Software Packages

Section 14.4: Guided Exercise: Explaining and Investigating RPM Software Packages

Section 14.5: Installing and Updating Software Packages with Yum

Section 14.6: Guided Exercise: Installing and Updating Software Packages with Yum

Section 14.7: Enabling Yum Software Repositories

Section 14.8: Guided Exercise: Enabling Yum Software Repositories

Section 14.9: Managing Package Module Streams

Section 14.10: Guided Exercise: Managing Package Module Streams

Section 14.11: Lab: Installing and Updating Software Packages

Section 14.12: Summary

Chapter 15: Accessing Linux File Systems

Section 15.1: Identifying File Systems and Devices

Section 15.2: Quiz: Identifying File Systems and Devices

Section 15.3: Mounting and Unmounting File Systems

Section 15.4: Guided Exercise: Mounting and Unmounting File Systems

Section 15.5: Locating Files on the System

Section 15.6: Guided Exercise: Locating Files on the System

Section 15.7: Lab: Accessing Linux File Systems

Section 15.8: Summary

Chapter 16: Analyzing Servers and Getting Support

Section 16.1: Analyzing and Managing Remote Servers

Section 16.2: Guided Exercise: Analyzing and Managing Remote Servers

Section 16.3: Getting Help From Red Hat Customer Portal

Section 16.4: Guided Exercise: Getting Help from Red Hat Customer Portal

Section 16.5: Detecting and Resolving Issues with Red Hat Insights

Section 16.6: Quiz: Detecting and Resolving Issues with Red Hat Insights

Section 16.7: Summary

Chapter 17: Comprehensive Review

Section 17.1: Comprehensive Review

Section 17.2: Lab: Managing Files from the Command Line

Section 17.3: Lab: Managing Users and Groups, Permissions and Processes

Section 17.4: Lab: Configuring and Managing a Server

Section 17.5: Lab: Managing Networks

Section 17.6: Lab: Mounting Filesystems and Finding Files

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Guided Exercise: Configuring SSH Key-based Authentication

In this exercise, you will configure a user to use key-based authentication for SSH.

Outcomes

You should be able to:

Generate an SSH key pair without passphrase protection.
Generate an SSH key pair with passphrase protection.
Authenticate using both passphrase-less and passphrase-protected SSH keys.

On workstation, run lab ssh-configure start to start the exercise. This script creates the necessary user accounts.

[student@workstation ~]$ lab ssh-configure start

From workstation, open an SSH session to serverb as student.

[student@workstation ~]$ ssh student@serverb
...output omitted...
[student@serverb ~]$

Use the su command to switch to the operator1 user on serverb. Use redhat as the password of operator1.
```
[student@serverb ~]$ su - operator1
Password: redhat
[operator1@serverb ~]$ 
```

Use the ssh-keygen command to generate SSH keys. Do not enter a passphrase.

[operator1@serverb ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/operator1/.ssh/id_rsa): Enter
Created directory '/home/operator1/.ssh'.
Enter passphrase (empty for no passphrase): Enter
Enter same passphrase again: Enter
Your identification has been saved in /home/operator1/.ssh/id_rsa.
Your public key has been saved in /home/operator1/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:JainiQdnRosC+xXhOqsJQQLzBNUldb+jJbyrCZQBERI operator1@serverb.lab.example.com
The key's randomart image is:
+---[RSA 2048]----+
|E+*+ooo .        |
|.= o.o o .       |
|o.. = . . o      |
|+. + * . o .     |
|+ = X . S +      |
| + @ +   = .     |
|. + =   o        |
|.o . . . .       |
|o     o..        |
+----[SHA256]-----+

Use the ssh-copy-id command to send the public key of the SSH key pair to operator1 on servera. Use redhat as the password of operator1 on servera.

[operator1@serverb ~]$ ssh-copy-id operator1@servera
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/operator1/.ssh/id_rsa.pub"
The authenticity of host 'servera (172.25.250.10)' can't be established.
ECDSA key fingerprint is SHA256:ERTdjooOIrIwVSZQnqD5or+JbXfidg0udb3DXBuHWzA.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
operator1@servera's password: redhat
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'operator1@servera'"
and check to make sure that only the key(s) you wanted were added.

Execute the hostname command on servera remotely using SSH without accessing the remote interactive shell.
```
[operator1@serverb ~]$ ssh operator1@servera hostname
servera.lab.example.com
```
Notice that the preceding ssh command did not prompt you for a password because it used the passphrase-less private key against the exported public key to authenticate as operator1 on servera. This approach is not secure, because anyone who has access to the private key file can log in to servera as operator1. The secure alternative is to protect the private key with a passphrase, which is the next step.

Use the ssh-keygen command to generate another set of SSH keys with passphrase-protection. Save the key as /home/operator1/.ssh/key2. Use redhatpass as the passphrase of the private key.

Warning

If you do not specify the file where the key gets saved, the default file (/home/user/.ssh/id_rsa) is used. You have already used the default file name when generating SSH keys in the preceding step, so it is vital that you specify a non-default file, otherwise the existing SSH keys will be overwritten.

[operator1@serverb ~]$ ssh-keygen -f .ssh/key2
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): redhatpass
Enter same passphrase again: redhatpass
Your identification has been saved in .ssh/key2.
Your public key has been saved in .ssh/key2.pub.
The key fingerprint is:
SHA256:OCtCjfPm5QrbPBgqbEIWCcw5AI4oSlMEbgLrBQ1HWKI operator1@serverb.lab.example.com
The key's randomart image is:
+---[RSA 2048]----+
|O=X*             |
|OB=.             |
|E*o.             |
|Booo   .         |
|..= . o S        |
| +.o   o         |
|+.oo+ o          |
|+o.O.+           |
|+ . =o.          |
+----[SHA256]-----+

Use the ssh-copy-id command to send the public key of the passphrase-protected key pair to operator1 on servera.

[operator1@serverb ~]$ ssh-copy-id -i .ssh/key2.pub operator1@servera
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/key2.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'operator1@servera'"
and check to make sure that only the key(s) you wanted were added.

Notice that the preceding ssh-copy-id command did not prompt you for a password because it used the public key of the passphrase-less private key that you exported to servera in the preceding step.

Execute the hostname command on servera remotely with SSH without accessing the remote interactive shell. Use /home/operator1/.ssh/key2 as the identity file. Specify redhatpass as the passphrase, which you set for the private key in the preceding step.
```
[operator1@serverb ~]$ ssh -i .ssh/key2 operator1@servera hostname
Enter passphrase for key '.ssh/key2': redhatpass
servera.lab.example.com
```
Notice that the preceding ssh command prompted you for the passphrase you used to protect the private key of the SSH key pair. This passphrase protects the private key. Should an attacker gain access to the private key, the attacker cannot use it to access other systems because the private key itself is protected with a passphrase. The ssh command uses a different passphrase than the one for operator1 on servera, requiring users to know both.
You can use ssh-agent, as in the following step, to avoid interactively typing in the passphrase while logging in with SSH. Using ssh-agent is both more convenient and more secure in situations where the administrators log in to remote systems regularly.
Run ssh-agent in your Bash shell and add the passphrase-protected private key (/home/operator1/.ssh/key2) of the SSH key pair to the shell session.
```
[operator1@serverb ~]$ eval $(ssh-agent)
Agent pid 21032
[operator1@serverb ~]$ ssh-add .ssh/key2
Enter passphrase for .ssh/key2: redhatpass
Identity added: .ssh/key2 (operator1@serverb.lab.example.com)
```
The preceding eval command started ssh-agent and configured this shell session to use it. You then used ssh-add to provide the unlocked private key to ssh-agent.
Execute the hostname command on servera remotely without accessing a remote interactive shell. Use /home/operator1/.ssh/key2 as the identity file.
```
[operator1@serverb ~]$ ssh -i .ssh/key2 operator1@servera hostname
servera.lab.example.com
```
Notice that the preceding ssh command did not prompt you to enter the passphrase interactively.

Open another terminal on workstation and open an SSH session to serverb as student.

[student@workstation ~]$ ssh student@serverb
...output omitted...
[student@serverb ~]$

On serverb, use the su command to switch to operator1 and invoke an SSH connection to servera. Use /home/operator1/.ssh/key2 as the identity file to authenticate using the SSH keys.
1. Use the su command to switch to operator1. Use redhat as the password of operator1.
```
[student@serverb ~]$ su - operator1
Password: redhat
[operator1@serverb ~]$ 
```
2. Open an SSH session to servera as operator1.
```
[operator1@serverb ~]$ ssh -i .ssh/key2 operator1@servera
Enter passphrase for key '.ssh/key2': redhatpass
...output omitted...
[operator1@servera ~]$ 
```
  Notice that the preceding ssh command prompted you to enter the passphrase interactively because you did not invoke the SSH connection from the shell that you used to start ssh-agent.

Exit all the shells you are using in the second terminal.

Log out of servera.

[operator1@servera ~]$ exit
logout
Connection to servera closed.
[operator1@serverb ~]$

Exit the operator1 and student shells on serverb to return to the student user's shell on workstation.

[operator1@serverb ~]$ exit
logout
[student@serverb ~]$ exit
logout
Connection to serverb closed.
[student@workstation ~]$

Close the second terminal on workstation.
```
[student@workstation ~]$ exit
```

Log out of serverb on the first terminal and conclude this exercise.
1. From the first terminal, exit the operator1 user's shell on serverb.
```
[operator1@serverb ~]$ exit
logout
[student@serverb ~]$ 
```
  The exit command caused you to exit the operator1 user's shell, terminating the shell session where ssh-agent was active, and return to the student user's shell on serverb.
2. Exit the student user's shell on serverb to return to the student user's shell on workstation.
```
[student@serverb ~]$ exit
logout
Connection to serverb closed.
[student@workstation ~]$ 
```

Finish

On workstation, run lab ssh-configure finish to complete this exercise.

[student@workstation ~]$ lab ssh-configure finish

This concludes the guided exercise.

Discuss Red Hat System Administration I

Go to community

RH124 Chapter 15 Lab 3: Install zsh Package

VictoriaB97

16 sty 2024

Hello,I am trying to finish up Lab 3 of the Chapter 15 Comprehensive Review Labs in RH124, and when I type in sudo dnf install zsh for the 6th specification of the lab, I get an error message basically saying that it failed to download metadata for the repo 'ansible-2.9-for-rhel-9-x86_64-rpms', and that they could not download repomd.xml. It provided a 404 status code.Can someone please let me know what the problem is, and if there is a current workaround? Thanks.

378

Red Hat System Administration I | Guided Exercise: Explain and Investigate RPM Software Pack

AbeHiero

10 lis 2023

I cannot start the lab with command: lab start software-rpm. I get this error:ModuleNotFoundError: No module named 'rhcsa-classroom'Script software-rpm not in course library rhcsa-classroom Anyone else see this?

172

Red Hat System Administration I (RH124)

Haley_Ruccio

19 lip 2023

The first of two courses covering the core system administration tasks needed to manage Red Hat Enterprise Linux serversRed Hat System Administration I (RH124) is designed for IT professionals without previous Linux system administration experience. The course provides students with Linux administration competence by focusing on core administration tasks. This course also provides a foundation for students who plan to become full-time Linux system administrators by introducing key command-line concepts and enterprise-level tools. This course is the first of a two-course series that takes a computer professional without Linux system administration knowledge to become a fully capable Linux administrator. These concepts are further developed in the follow-on course, Red Hat System Administration II (RH134).This course is based on Red Hat® Enterprise Linux 9.0.Course content summaryIntroduce Linux and the Red Hat Enterprise Linux ecosystem.Run commands and view shell environments.Manage, organize, and secure files.Manage users, groups and user security policies.Control and monitor systemd services.Configure remote access using the web console and SSH.Configure network interfaces and settings.Manage software using DNFAudience for this courseThe primary persona is a technical professional with current or pending responsibilities as a Linux enterprise or cloud system administrator.This course is popular in Red Hat Academy, and is targeted at the student who is planning to become a technical professional using Linux.Prerequisites for this courseBasic technical user skills with computer applications on some operating systems are expected.Take our free assessment to gauge whether this offering is the best fit for your skills.Technology considerationsThere are no special technical requirements for this course.This course is not designed for bring your own device (BYOD).Internet access is not required but is recommended so that students can research and browse Red Hat online resources.

336

Revision: rh124-8.2-df5a585