RH124 - ch17s04

In this review, you will configure, secure, and use SSH service to access remote machine, configure rsyslog service, archive local files, transfer local files to remote machine, and manage packages using yum.

Outcomes

You should be able to:

Create a new SSH key pair.
Disable SSH logins as root user.
Disable SSH logins using password.
Update the time zone of a server.
Install packages and package modules using yum.
Archive local files for backup.
Transfer local files to remote machine.

On workstation, run lab rhcsa-rh124-review3 start to start the comprehensive review. This script creates the necessary files to set up the environment correctly.

[student@workstation ~]$ lab rhcsa-rh124-review3 start

Instructions

Accomplish the following tasks on serverb to complete the exercise.

Generate SSH keys for the user student on serverb. Do not protect the private key with a passphrase. The private and public key files should be named /home/student/.ssh/review3_key and /home/student/.ssh/review3_key.pub respectively.
On servera, configure the user student to accept logins authenticated by the SSH key pair you created for the user student on serverb. The user student on serverb should be able to log in to servera using SSH without entering a password.
On serverb, configure the sshd service to prevent users from logging in as root via SSH.
On serverb, configure the sshd service to prevent users from using their passwords to log in. Users should still be able to authenticate logins using an SSH key pair.
Create a tar archive named /tmp/log.tar containing the contents of /var/log on serverb. Remotely transfer the tar archive to /tmp directory on servera, authenticating as student using the student user’s private key of the SSH key pair.
Configure the rsyslog service on serverb to log all messages it receives that have the priority level of debug or higher to the file /var/log/grading-debug. This configuration should be set in an /etc/rsyslog.d/grading-debug.conf file, which you need to create.
Install the zsh package, available in the BaseOS repository, on serverb.
Enable the default module stream for the module python36 and install all provided packages from that stream on serverb.
Set the time zone of serverb to Asia/Kolkata.

Generate SSH keys for the user student on serverb. Do not protect the private key with a passphrase. The private and public key files should be named /home/student/.ssh/review3_key and /home/student/.ssh/review3_key.pub respectively.

From workstation, open an SSH session to serverb as student.

[student@workstation ~]$ ssh student@serverb
...output omitted...
[student@serverb ~]$

Use the ssh-keygen command to generate the SSH keys for the user student.

[student@serverb ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/id_rsa): /home/student/.ssh/review3_key
Enter passphrase (empty for no passphrase): Enter
Enter same passphrase again: Enter
Your identification has been saved in /home/student/.ssh/review3_key.
Your public key has been saved in /home/student/.ssh/review3_key.pub.
The key fingerprint is:
SHA256:Uqefehw+vRfm94fQZDoz/6IfNYSLK/OpiQ4n6lrKIbY student@serverb.lab.example.com
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|              .  |
|        . .  . . |
|       . o  . =  |
|      . S  . * ..|
|       . ...B +..|
|.o . o . =o+ O.o |
|+ = . + ..X o *.o|
| Eoo  .o.+.+o=.+=|
+----[SHA256]-----+

On servera, configure the user student to accept logins authenticated by the SSH key pair you created for the user student on serverb. The user student on serverb should be able to log in to servera using SSH without entering a password.

Use the ssh-copy-id command to export the public key /home/student/.ssh/review3_key.pub from servera to serverb.

[student@serverb ~]$ ssh-copy-id -i .ssh/review3_key.pub student@servera
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/review3.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
student@servera's password: student

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'student@servera'"
and check to make sure that only the key(s) you wanted were added.

Use the ssh command to confirm that you can log in to servera from serverb as student using the SSH private key /home/student/.ssh/review3_key without being prompted for the password.
```
[student@serverb ~]$ ssh -i .ssh/review3_key student@servera
...output omitted...
[student@servera ~]$ 
```

Log out of servera.

[student@servera ~]$ exit
logout
Connection to servera closed.
[student@serverb ~]$

On serverb, configure the sshd service to prevent users from logging in as root with SSH.
Set the parameter PermitRootLogin to no in the /etc/ssh/sshd_config. You may use the command sudo vim /etc/ssh/sshd_config to edit the configuration file.
Reload the sshd service.
[student@serverb ~]$ sudo systemctl reload sshd.service
On serverb, configure the sshd service to prevent users from using their passwords to log in. Users should still be able to authenticate logins using their private key of the SSH key pair.
Set the parameter PasswordAuthentication to no in the /etc/ssh/sshd_config. You may use the command sudo vim /etc/ssh/sshd_config to edit the configuration file.
Use the sudo systemctl command to reload the sshd service.
[student@serverb ~]$ sudo systemctl reload sshd.service
Create a tar archive named /tmp/log.tar containing the contents of /var/log on serverb. Remotely transfer the tar archive to the directory /tmp on servera, authenticating as student using /home/student/.ssh/review3_key as the student user’s private key of the SSH key pair for authentication.
Use the sudo tar command to create an archive named /tmp/log.tar as the superuser containing the contents of /var/log.
[student@serverb ~]$ sudo tar -cvf /tmp/log.tar /var/log [sudo] password for student: student ...output omitted...
Use the scp command to remotely transfer the archive file /tmp/log.tar to the directory /tmp on servera. Specify /home/student/.ssh/review3_key as the private key of the SSH key pair.
[student@serverb ~]$ scp -i .ssh/review3_key /tmp/log.tar student@servera:/tmp log.tar 100% 14MB 57.4MB/s 00:00
Configure the rsyslog service on serverb to log all messages it receives that have the priority level of debug or higher to the file /var/log/grading-debug. This configuration should be set in an /etc/rsyslog.d/grading-debug.conf file which you should create.
Create the file /etc/rsyslog.d/grading-debug.conf with the following content. You may use the sudo vim /etc/rsyslog.d/grading-debug.conf to create the file.
*.debug /var/log/grading-debug
Use the sudo systemctl command to restart the rsyslog service.
[student@serverb ~]$ sudo systemctl restart rsyslog.service
Use the logger command to generate the log message Debug Testing having priority debug.
[student@serverb ~]$ logger -p debug Debug Testing
Confirm that the log message Debug Testing is saved in the /var/log/grading-debug file.
[student@serverb ~]$ sudo tail /var/log/grading-debug ...output omitted... Mar 12 09:55:23 serverb student[32383]: Debug Testing

Use the sudo yum command to install the zsh package, available in the BaseOS repository, on serverb.

[student@serverb ~]$ sudo yum install zsh
...output omitted...
Is this ok [y/N]: y
...output omitted...
Installed:
  zsh-5.5.1-6.el8.x86_64
Complete!

Use the yum command to enable the default module stream for the module python36 and install all the provided packages from that stream, on serverb.

[student@serverb ~]$ sudo yum module install python36
...output omitted...
Is this ok [y/N]: y
...output omitted...
Installed:
  python36-3.6.6-18.module+el8+2339+1a6691f8.x86_64           python3-pip-9.0.3-13.el8.noarch

Complete!

Set the timezone of serverb to Asia/Kolkata.

Use the sudo timedatectl command to set the timezone of serverb to Asia/Kolkata.
```
[student@serverb ~]$ sudo timedatectl set-timezone Asia/Kolkata
```

Log out of serverb.

[student@serverb ~]$ exit
logout
Connection to serverb closed.
[student@workstation ~]$

Evaluation

On workstation, run the lab rhcsa-rh124-review3 grade command to confirm success of this exercise.

[student@workstation ~]$ lab rhcsa-rh124-review3 grade

Finish

On workstation, run lab rhcsa-rh124-review3 finish to complete the comprehensive review. This script deletes the files and directories created during the start of the comprehensive review and ensures that the environment on serverb is clean.

[student@workstation ~]$ lab rhcsa-rh124-review3 finish

This concludes the comprehensive review.

Discuss Red Hat System Administration I

Go to community

RH124 Chapter 15 Lab 3: Install zsh Package

VictoriaB97

16 sty 2024

Hello,I am trying to finish up Lab 3 of the Chapter 15 Comprehensive Review Labs in RH124, and when I type in sudo dnf install zsh for the 6th specification of the lab, I get an error message basically saying that it failed to download metadata for the repo 'ansible-2.9-for-rhel-9-x86_64-rpms', and that they could not download repomd.xml. It provided a 404 status code.Can someone please let me know what the problem is, and if there is a current workaround? Thanks.

378

Red Hat System Administration I | Guided Exercise: Explain and Investigate RPM Software Pack

AbeHiero

10 lis 2023

I cannot start the lab with command: lab start software-rpm. I get this error:ModuleNotFoundError: No module named 'rhcsa-classroom'Script software-rpm not in course library rhcsa-classroom Anyone else see this?

172

Red Hat System Administration I (RH124)

Haley_Ruccio

19 lip 2023

The first of two courses covering the core system administration tasks needed to manage Red Hat Enterprise Linux serversRed Hat System Administration I (RH124) is designed for IT professionals without previous Linux system administration experience. The course provides students with Linux administration competence by focusing on core administration tasks. This course also provides a foundation for students who plan to become full-time Linux system administrators by introducing key command-line concepts and enterprise-level tools. This course is the first of a two-course series that takes a computer professional without Linux system administration knowledge to become a fully capable Linux administrator. These concepts are further developed in the follow-on course, Red Hat System Administration II (RH134).This course is based on Red Hat® Enterprise Linux 9.0.Course content summaryIntroduce Linux and the Red Hat Enterprise Linux ecosystem.Run commands and view shell environments.Manage, organize, and secure files.Manage users, groups and user security policies.Control and monitor systemd services.Configure remote access using the web console and SSH.Configure network interfaces and settings.Manage software using DNFAudience for this courseThe primary persona is a technical professional with current or pending responsibilities as a Linux enterprise or cloud system administrator.This course is popular in Red Hat Academy, and is targeted at the student who is planning to become a technical professional using Linux.Prerequisites for this courseBasic technical user skills with computer applications on some operating systems are expected.Take our free assessment to gauge whether this offering is the best fit for your skills.Technology considerationsThere are no special technical requirements for this course.This course is not designed for bring your own device (BYOD).Internet access is not required but is recommended so that students can research and browse Red Hat online resources.

336

Revision: rh124-8.2-df5a585