RH124 - ch10s06

Preface A: Introduction

Section A.1: Red Hat System Administration I

Section A.2: Orientation to the Classroom Environment

Chapter 1: Getting Started with Red Hat Enterprise Linux

Section 1.1: What is Linux?

Section 1.2: Quiz: Getting Started with Red Hat Enterprise Linux

Section 1.3: Summary

Chapter 2: Accessing the Command Line

Section 2.1: Accessing the Command Line

Section 2.2: Quiz: Accessing the Command Line

Section 2.3: Accessing the Command Line Using the Desktop

Section 2.4: Guided Exercise: Accessing the Command Line Using the Desktop

Section 2.5: Executing Commands Using the Bash Shell

Section 2.6: Quiz: Executing Commands Using the Bash Shell

Section 2.7: Lab: Accessing the Command Line

Section 2.8: Summary

Chapter 3: Managing Files From the Command Line

Section 3.1: Describing Linux File System Hierarchy Concepts

Section 3.2: Quiz: Describing Linux File System Hierarchy Concepts

Section 3.3: Specifying Files by Name

Section 3.4: Quiz: Specifying Files by Name

Section 3.5: Managing Files Using Command-line Tools

Section 3.6: Guided Exercise: Managing Files Using Command-line Tools

Section 3.7: Making Links Between Files

Section 3.8: Guided Exercise: Making Links Between Files

Section 3.9: Matching File Names with Shell Expansions

Section 3.10: Quiz: Matching File Names with Shell Expansions

Section 3.11: Lab: Managing Files from the Command Line

Section 3.12: Summary

Chapter 4: Getting Help in Red Hat Enterprise Linux

Section 4.1: Reading Manual Pages

Section 4.2: Guided Exercise: Reading Manual Pages

Section 4.3: Reading Info Documentation

Section 4.4: Guided Exercise: Reading Info Documentation

Section 4.5: Lab: Getting Help in Red Hat Enterprise Linux

Section 4.6: Summary

Chapter 5: Creating, Viewing, and Editing Text Files

Section 5.1: Redirecting Output to a File or Program

Section 5.2: Quiz: Redirecting Output to a File or Program

Section 5.3: Editing Text Files from the Shell Prompt

Section 5.4: Guided Exercise: Editing Text Files from the Shell Prompt

Section 5.5: Changing the Shell Environment

Section 5.6: Guided Exercise: Changing the Shell Environment

Section 5.7: Lab: Creating, Viewing, and Editing Text Files

Section 5.8: Summary

Chapter 6: Managing Local Users and Groups

Section 6.1: Describing User and Group Concepts

Section 6.2: Quiz: Describing User and Group Concepts

Section 6.3: Gaining Superuser Access

Section 6.4: Guided Exercise: Gaining Superuser Access

Section 6.5: Managing Local User Accounts

Section 6.6: Guided Exercise: Managing Local User Accounts

Section 6.7: Managing Local Group Accounts

Section 6.8: Guided Exercise: Managing Local Group Accounts

Section 6.9: Managing User Passwords

Section 6.10: Guided Exercise: Managing User Passwords

Section 6.11: Lab: Managing Local Users and Groups

Section 6.12: Summary

Chapter 7: Controlling Access to Files

Section 7.1: Interpreting Linux File System Permissions

Section 7.2: Quiz: Interpreting Linux File System Permissions

Section 7.3: Managing File System Permissions from the Command Line

Section 7.4: Guided Exercise: Managing File System Permissions from the Command Line

Section 7.5: Managing Default Permissions and File Access

Section 7.6: Guided Exercise: Managing Default Permissions and File Access

Section 7.7: Lab: Controlling Access to Files

Section 7.8: Summary

Chapter 8: Monitoring and Managing Linux Processes

Section 8.1: Listing Processes

Section 8.2: Quiz: Listing Processes

Section 8.3: Controlling Jobs

Section 8.4: Guided Exercise: Controlling Jobs

Section 8.5: Killing Processes

Section 8.6: Guided Exercise: Killing Processes

Section 8.7: Monitoring Process Activity

Section 8.8: Guided Exercise: Monitoring Process Activity

Section 8.9: Lab: Monitoring and Managing Linux Processes

Section 8.10: Summary

Chapter 9: Controlling Services and Daemons

Section 9.1: Identifying Automatically Started System Processes

Section 9.2: Guided Exercise: Identifying Automatically Started System Processes

Section 9.3: Controlling System Services

Section 9.4: Guided Exercise: Controlling System Services

Section 9.5: Lab: Controlling Services and Daemons

Section 9.6: Summary

Chapter 10: Configuring and Securing SSH

Section 10.1: Accessing the Remote Command Line with SSH

Section 10.2: Guided Exercise: Accessing the Remote Command Line

Section 10.3: Configuring SSH Key-based Authentication

Section 10.4: Guided Exercise: Configuring SSH Key-based Authentication

Section 10.5: Customizing OpenSSH Service Configuration

SectionSection 10.6: Guided Exercise: Customizing OpenSSH Service Configuration

Section 10.7: Lab: Configuring and Securing SSH

Section 10.8: Summary

Chapter 11: Analyzing and Storing Logs

Section 11.1: Describing System Log Architecture

Section 11.2: Quiz: Describing System Log Architecture

Section 11.3: Reviewing Syslog Files

Section 11.4: Guided Exercise: Reviewing Syslog Files

Section 11.5: Reviewing System Journal Entries

Section 11.6: Guided Exercise: Reviewing System Journal Entries

Section 11.7: Preserving the System Journal

Section 11.8: Guided Exercise: Preserving the System Journal

Section 11.9: Maintaining Accurate Time

Section 11.10: Guided Exercise: Maintaining Accurate Time

Section 11.11: Lab: Analyzing and Storing Logs

Section 11.12: Summary

Chapter 12: Managing Networking

Section 12.1: Describing Networking Concepts

Section 12.2: Quiz: Describing Networking Concepts

Section 12.3: Validating Network Configuration

Section 12.4: Guided Exercise: Validating Network Configuration

Section 12.5: Configuring Networking from the Command Line

Section 12.6: Guided Exercise: Configuring Networking from the Command Line

Section 12.7: Editing Network Configuration Files

Section 12.8: Guided Exercise: Editing Network Configuration Files

Section 12.9: Configuring Host Names and Name Resolution

Section 12.10: Guided Exercise: Configuring Host Names and Name Resolution

Section 12.11: Lab: Managing Networking

Section 12.12: Summary

Chapter 13: Archiving and Transferring Files

Section 13.1: Managing Compressed tar Archives

Section 13.2: Guided Exercise: Managing Compressed Tar Archives

Section 13.3: Transferring Files Between Systems Securely

Section 13.4: Guided Exercise: Transferring Files Between Systems Securely

Section 13.5: Synchronizing Files Between Systems Securely

Section 13.6: Guided Exercise: Synchronizing Files Between Systems Securely

Section 13.7: Lab: Archiving and Transferring Files

Section 13.8: Summary

Chapter 14: Installing and Updating Software Packages

Section 14.1: Registering Systems for Red Hat Support

Section 14.2: Quiz: Registering Systems for Red Hat Support

Section 14.3: Explaining and Investigating RPM Software Packages

Section 14.4: Guided Exercise: Explaining and Investigating RPM Software Packages

Section 14.5: Installing and Updating Software Packages with Yum

Section 14.6: Guided Exercise: Installing and Updating Software Packages with Yum

Section 14.7: Enabling Yum Software Repositories

Section 14.8: Guided Exercise: Enabling Yum Software Repositories

Section 14.9: Managing Package Module Streams

Section 14.10: Guided Exercise: Managing Package Module Streams

Section 14.11: Lab: Installing and Updating Software Packages

Section 14.12: Summary

Chapter 15: Accessing Linux File Systems

Section 15.1: Identifying File Systems and Devices

Section 15.2: Quiz: Identifying File Systems and Devices

Section 15.3: Mounting and Unmounting File Systems

Section 15.4: Guided Exercise: Mounting and Unmounting File Systems

Section 15.5: Locating Files on the System

Section 15.6: Guided Exercise: Locating Files on the System

Section 15.7: Lab: Accessing Linux File Systems

Section 15.8: Summary

Chapter 16: Analyzing Servers and Getting Support

Section 16.1: Analyzing and Managing Remote Servers

Section 16.2: Guided Exercise: Analyzing and Managing Remote Servers

Section 16.3: Getting Help From Red Hat Customer Portal

Section 16.4: Guided Exercise: Getting Help from Red Hat Customer Portal

Section 16.5: Detecting and Resolving Issues with Red Hat Insights

Section 16.6: Quiz: Detecting and Resolving Issues with Red Hat Insights

Section 16.7: Summary

Chapter 17: Comprehensive Review

Section 17.1: Comprehensive Review

Section 17.2: Lab: Managing Files from the Command Line

Section 17.3: Lab: Managing Users and Groups, Permissions and Processes

Section 17.4: Lab: Configuring and Managing a Server

Section 17.5: Lab: Managing Networks

Section 17.6: Lab: Mounting Filesystems and Finding Files

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Guided Exercise: Customizing OpenSSH Service Configuration

In this exercise, you will disable direct logins as root and password-based authentication for the OpenSSH service on one of your servers.

Outcomes

You should be able to:

Disable direct logins as root over ssh.
Disable password-based authentication for remote users to connect over SSH.

On workstation, run lab ssh-customize start to start the exercise. This script creates the necessary user accounts and files.

[student@workstation ~]$ lab ssh-customize start

From workstation, open an SSH session to serverb as student.

[student@workstation ~]$ ssh student@serverb
...output omitted...
[student@serverb ~]$

Use the su command to switch to operator2 on serverb. Use redhat as the password of operator2.
```
[student@serverb ~]$ su - operator2
Password: redhat
[operator2@serverb ~]$ 
```

Use the ssh-keygen command to generate SSH keys. Do not enter any passphrase for the keys.

[operator2@serverb ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/operator2/.ssh/id_rsa): Enter
Created directory '/home/operator2/.ssh'.
Enter passphrase (empty for no passphrase): Enter
Enter same passphrase again: Enter
Your identification has been saved in /home/operator2/.ssh/id_rsa.
Your public key has been saved in /home/operator2/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:JainiQdnRosC+xXhOqsJQQLzBNUldb+jJbyrCZQBERI operator1@serverb.lab.example.com
The key's randomart image is:
+---[RSA 2048]----+
|E+*+ooo .        |
|.= o.o o .       |
|o.. = . . o      |
|+. + * . o .     |
|+ = X . S +      |
| + @ +   = .     |
|. + =   o        |
|.o . . . .       |
|o     o..        |
+----[SHA256]-----+

Use the ssh-copy-id command to send the public key of the SSH key pair to operator2 on servera. Use redhat as the password of operator2 on servera.

[operator2@serverb ~]$ ssh-copy-id operator2@servera
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/operator1/.ssh/id_rsa.pub"
The authenticity of host 'servera (172.25.250.10)' can't be established.
ECDSA key fingerprint is SHA256:ERTdjooOIrIwVSZQnqD5or+JbXfidg0udb3DXBuHWzA.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
operator2@servera's password: redhat
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'operator2@servera'"
and check to make sure that only the key(s) you wanted were added.

Confirm that you can successfully log in to servera as operator2 using the SSH keys.
1. Open an SSH session to servera as operator2.
```
[operator2@serverb ~]$ ssh operator2@servera
...output omitted...
[operator2@servera ~]$ 
```
  Notice that the preceding ssh command used SSH keys for authentication.
2. Log out of servera.
```
[operator2@servera ~]$ exit
logout
Connection to servera closed.
```
Confirm that you can successfully log in to servera as root using redhat as the password.
1. Open an SSH session to servera as root using redhat as the password.
```
[operator2@serverb ~]$ ssh root@servera
root@servera's password: redhat
...output omitted...
[root@servera ~]# 
```
  Notice that the preceding ssh command used the password of the superuser for authentication because SSH keys do not exist for the superuser.
2. Log out of servera.
```
[root@servera ~]# exit
logout
Connection to servera closed.
[operator2@serverb ~]$ 
```
Confirm that you can successfully log in to servera as operator3 using redhat as the password.
1. Open an SSH session to servera as operator3 using redhat as the password.
```
[operator2@serverb ~]$ ssh operator3@servera
operator3@servera's password: redhat
...output omitted...
[operator3@servera ~]$ 
```
  Notice that the preceding ssh command used the password of operator3 for authentication because SSH keys do not exist for operator3.
2. Log out of servera.
```
[operator3@servera ~]$ exit
logout
Connection to servera closed.
[operator2@serverb ~]$ 
```
Configure sshd on servera to prevent users logging in as root. Use redhat as the password of the superuser when required.
1. Open an SSH session to servera as operator2 using the SSH keys.
```
[operator2@serverb ~]$ ssh operator2@servera
...output omitted...
[operator2@servera ~]$ 
```
2. On servera, switch to root. Use redhat as the password of the root user.
```
[operator2@servera ~]$ su -
Password: redhat
[root@servera ~]# 
```
3. Set PermitRootLogin to no in /etc/ssh/sshd_config and reload sshd. You may use vim /etc/ssh/sshd_config to edit the configuration file of sshd.
```
...output omitted...
PermitRootLogin no
...output omitted...
[root@servera ~]# systemctl reload sshd
```
4. Open another terminal on workstation and open an SSH session to serverb as operator2. From serverb, try logging in to servera as root. This should fail because you disabled root user login over SSH in the preceding step.
  Note
  For your convenience, password-less login is already configured between workstation and serverb in the classroom environment.
```
[student@workstation ~]$ ssh operator2@serverb
...output omitted...
[operator2@serverb ~]$ ssh root@servera
root@servera's password: redhat
Permission denied, please try again.
root@servera's password: redhat
Permission denied, please try again.
root@servera's password: redhat
root@servera: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
```
  By default, the ssh command attempts to authenticate using key-based authentication first and then, if that fails, password-based authentication.
Configure sshd on servera to allow users to authenticate using SSH keys only, rather than their passwords.
1. Return to the first terminal that has the root user's shell active on servera. Set PasswordAuthentication to no in /etc/ssh/sshd_config and reload sshd. You may use vim /etc/ssh/sshd_config to edit the configuration file of sshd.
```
...output omitted...
PasswordAuthentication no
...output omitted...
[root@servera ~]# systemctl reload sshd
```
2. Go to the second terminal that has operator2 user's shell active on serverb and try logging in to servera as operator3. This should fail because SSH keys are not configured for operator3, and the sshd service on servera does not allow the use of passwords for authentication.
```
[operator2@serverb ~]$ ssh operator3@servera
operator3@servera: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
```
  Note
  For more granularity, you may use the explicit -o PubkeyAuthentication=no and -o PasswordAuthentication=yes options with the ssh command. This allows you to override the ssh command's defaults and confidently determine that the preceding command fails based on the settings you adjusted in /etc/ssh/sshd_config in the preceding step.
3. Return to the first terminal that has the root user's shell active on servera. Verify that PubkeyAuthentication is enabled in /etc/ssh/sshd_config. You may use vim /etc/ssh/sshd_config to view the configuration file of sshd.
```
...output omitted...
#PubkeyAuthentication yes
...output omitted...
```
  Notice that the PubkeyAuthentication line is commented. Any commented line in this file uses the default value. Commented lines indicate the default values of a parameter. The public key authentication of SSH is active by default, as the commented line indicates.
4. Return to the second terminal that has operator2 user's shell active on serverb and try logging in to servera as operator2. This should succeed because the SSH keys are configured for operator2 to log in to servera from serverb.
```
[operator2@serverb ~]$ ssh operator2@servera
...output omitted...
[operator2@servera ~]$ 
```
5. From the second terminal, exit the operator2 user's shell on both servera and serverb.
```
[operator2@servera ~]$ exit
logout
Connection to servera closed.
[operator2@serverb ~]$ exit
logout
Connection to serverb closed.
[student@workstation ~]$ 
```
6. Close the second terminal on workstation.
```
[student@workstation ~]$ exit
```
7. From the first terminal, exit the root user's shell on servera.
```
[root@servera ~]# exit
logout
```
8. From the first terminal, exit the operator2 user's shell on both servera and serverb.
```
[operator2@servera ~]$ exit
logout
Connection to servera closed.
[operator2@serverb ~]$ exit
logout
[student@serverb ~]$ 
```
9. Log out of serverb and return to the student user's shell on workstation.
```
[student@serverb ~]$ exit
logout
Connection to serverb closed.
[student@workstation ~]$ 
```

Finish

On workstation, run lab ssh-customize finish to complete this exercise.

[student@workstation ~]$ lab ssh-customize finish

This concludes the guided exercise.

Discuss Red Hat System Administration I

Go to community

RH124 Chapter 15 Lab 3: Install zsh Package

VictoriaB97

16 sty 2024

Hello,I am trying to finish up Lab 3 of the Chapter 15 Comprehensive Review Labs in RH124, and when I type in sudo dnf install zsh for the 6th specification of the lab, I get an error message basically saying that it failed to download metadata for the repo 'ansible-2.9-for-rhel-9-x86_64-rpms', and that they could not download repomd.xml. It provided a 404 status code.Can someone please let me know what the problem is, and if there is a current workaround? Thanks.

378

Red Hat System Administration I | Guided Exercise: Explain and Investigate RPM Software Pack

AbeHiero

10 lis 2023

I cannot start the lab with command: lab start software-rpm. I get this error:ModuleNotFoundError: No module named 'rhcsa-classroom'Script software-rpm not in course library rhcsa-classroom Anyone else see this?

172

Red Hat System Administration I (RH124)

Haley_Ruccio

19 lip 2023

The first of two courses covering the core system administration tasks needed to manage Red Hat Enterprise Linux serversRed Hat System Administration I (RH124) is designed for IT professionals without previous Linux system administration experience. The course provides students with Linux administration competence by focusing on core administration tasks. This course also provides a foundation for students who plan to become full-time Linux system administrators by introducing key command-line concepts and enterprise-level tools. This course is the first of a two-course series that takes a computer professional without Linux system administration knowledge to become a fully capable Linux administrator. These concepts are further developed in the follow-on course, Red Hat System Administration II (RH134).This course is based on Red Hat® Enterprise Linux 9.0.Course content summaryIntroduce Linux and the Red Hat Enterprise Linux ecosystem.Run commands and view shell environments.Manage, organize, and secure files.Manage users, groups and user security policies.Control and monitor systemd services.Configure remote access using the web console and SSH.Configure network interfaces and settings.Manage software using DNFAudience for this courseThe primary persona is a technical professional with current or pending responsibilities as a Linux enterprise or cloud system administrator.This course is popular in Red Hat Academy, and is targeted at the student who is planning to become a technical professional using Linux.Prerequisites for this courseBasic technical user skills with computer applications on some operating systems are expected.Take our free assessment to gauge whether this offering is the best fit for your skills.Technology considerationsThere are no special technical requirements for this course.This course is not designed for bring your own device (BYOD).Internet access is not required but is recommended so that students can research and browse Red Hat online resources.

336

Revision: rh124-8.2-df5a585

Red Hat System Administration I

Guided Exercise: Customizing OpenSSH Service Configuration

Note

Note