RH199 - ch01s04

Preface A: Introduction

Section A.1: RHCSA Rapid Track

Section A.2: Orientation to the Classroom Environment

Chapter 1: Accessing Systems and Obtaining Support

Section 1.1: Accessing the Command Line

Section 1.2: Quiz: Accessing the Command Line

Section 1.3: Configuring SSH Key-based Authentication

SectionSection 1.4: Guided Exercise: Configuring SSH Key-based Authentication

Section 1.5: Getting Help From Red Hat Customer Portal

Section 1.6: Guided Exercise: Getting Help from Red Hat Customer Portal

Section 1.7: Detecting and Resolving Issues with Red Hat Insights

Section 1.8: Quiz: Detecting and Resolving Issues with Red Hat Insights

Section 1.9: Summary

Chapter 2: Navigating File Systems

Section 2.1: Describing Linux File System Hierarchy Concepts

Section 2.2: Quiz: Describing Linux File System Hierarchy Concepts

Section 2.3: Managing Files Using Command-line Tools

Section 2.4: Guided Exercise: Managing Files Using Command-line Tools

Section 2.5: Making Links Between Files

Section 2.6: Guided Exercise: Making Links Between Files

Section 2.7: Summary

Chapter 3: Managing Local Users and Groups

Section 3.1: Describing User and Group Concepts

Section 3.2: Quiz: Describing User and Group Concepts

Section 3.3: Gaining Superuser Access

Section 3.4: Guided Exercise: Gaining Superuser Access

Section 3.5: Managing Local User Accounts

Section 3.6: Guided Exercise: Managing Local User Accounts

Section 3.7: Managing Local Group Accounts

Section 3.8: Guided Exercise: Managing Local Group Accounts

Section 3.9: Managing User Passwords

Section 3.10: Guided Exercise: Managing User Passwords

Section 3.11: Lab: Managing Local Users and Groups

Section 3.12: Summary

Chapter 4: Controlling Access to Files

Section 4.1: Managing File System Permissions from the Command Line

Section 4.2: Guided Exercise: Managing File System Permissions from the Command Line

Section 4.3: Managing Default Permissions and File Access

Section 4.4: Guided Exercise: Managing Default Permissions and File Access

Section 4.5: Lab: Controlling Access to Files

Section 4.6: Summary

Chapter 5: Managing SELinux Security

Section 5.1: Changing the SELinux Enforcement Mode

Section 5.2: Guided Exercise: Changing the SELinux Enforcement Mode

Section 5.3: Controlling SELinux File Contexts

Section 5.4: Guided Exercise: Controlling SELinux File Contexts

Section 5.5: Adjusting SELinux Policy with Booleans

Section 5.6: Guided Exercise: Adjusting SELinux Policy with Booleans

Section 5.7: Investigating and Resolving SELinux Issues

Section 5.8: Guided Exercise: Investigating and Resolving SELinux Issues

Section 5.9: Lab: Managing SELinux Security

Section 5.10: Summary

Chapter 6: Tuning System Performance

Section 6.1: Killing Processes

Section 6.2: Guided Exercise: Killing Processes

Section 6.3: Monitoring Process Activity

Section 6.4: Guided Exercise: Monitoring Process Activity

Section 6.5: Adjusting Tuning Profiles

Section 6.6: Guided Exercise: Adjusting Tuning Profiles

Section 6.7: Influencing Process Scheduling

Section 6.8: Guided Exercise: Influencing Process Scheduling

Section 6.9: Lab: Tuning System Performance

Section 6.10: Summary

Chapter 7: Installing and Updating Software Packages

Section 7.1: Registering Systems for Red Hat Support

Section 7.2: Quiz: Registering Systems for Red Hat Support

Section 7.3: Installing and Updating Software Packages with Yum

Section 7.4: Guided Exercise: Installing and Updating Software Packages with Yum

Section 7.5: Enabling Yum Software Repositories

Section 7.6: Guided Exercise: Enabling Yum Software Repositories

Section 7.7: Managing Package Module Streams

Section 7.8: Guided Exercise: Managing Package Module Streams

Section 7.9: Lab: Installing and Updating Software Packages

Section 7.10: Summary

Chapter 8: Managing Basic Storage

Section 8.1: Mounting and Unmounting File Systems

Section 8.2: Guided Exercise: Mounting and Unmounting File Systems

Section 8.3: Adding Partitions, File Systems, and Persistent Mounts

Section 8.4: Guided Exercise: Adding Partitions, File Systems, and Persistent Mounts

Section 8.5: Managing Swap Space

Section 8.6: Guided Exercise: Managing Swap Space

Section 8.7: Lab: Managing Basic Storage

Section 8.8: Summary

Chapter 9: Controlling Services and the Boot Process

Section 9.1: Identifying Automatically Started System Processes

Section 9.2: Guided Exercise: Identifying Automatically Started System Processes

Section 9.3: Controlling System Services

Section 9.4: Guided Exercise: Controlling System Services

Section 9.5: Selecting the Boot Target

Section 9.6: Guided Exercise: Selecting the Boot Target

Section 9.7: Resetting the Root Password

Section 9.8: Guided Exercise: Resetting the Root Password

Section 9.9: Repairing File System Issues at Boot

Section 9.10: Guided Exercise: Repairing File System Issues at Boot

Section 9.11: Lab: Controlling Services and Daemons

Section 9.12: Summary

Chapter 10: Managing Networking

Section 10.1: Validating Network Configuration

Section 10.2: Guided Exercise: Validating Network Configuration

Section 10.3: Configuring Networking from the Command Line

Section 10.4: Guided Exercise: Configuring Networking from the Command Line

Section 10.5: Editing Network Configuration Files

Section 10.6: Guided Exercise: Editing Network Configuration Files

Section 10.7: Configuring Host Names and Name Resolution

Section 10.8: Guided Exercise: Configuring Host Names and Name Resolution

Section 10.9: Lab: Managing Networking

Section 10.10: Summary

Chapter 11: Analyzing and Storing Logs

Section 11.1: Describing System Log Architecture

Section 11.2: Quiz: Describing System Log Architecture

Section 11.3: Reviewing Syslog Files

Section 11.4: Guided Exercise: Reviewing Syslog Files

Section 11.5: Reviewing System Journal Entries

Section 11.6: Guided Exercise: Reviewing System Journal Entries

Section 11.7: Preserving the System Journal

Section 11.8: Guided Exercise: Preserving the System Journal

Section 11.9: Maintaining Accurate Time

Section 11.10: Guided Exercise: Maintaining Accurate Time

Section 11.11: Lab: Analyzing and Storing Logs

Section 11.12: Summary

Chapter 12: Implementing Advanced Storage Features

Section 12.1: Creating Logical Volumes

Section 12.2: Guided Exercise: Creating Logical Volumes

Section 12.3: Extending Logical Volumes

Section 12.4: Guided Exercise: Extending Logical Volumes

Section 12.5: Managing Layered Storage with Stratis

Section 12.6: Guided Exercise: Managing Layered Storage with Stratis

Section 12.7: Compressing and Deduplicating Storage with VDO

Section 12.8: Guided Exercise: Compressing and Deduplicating Storage with VDO

Section 12.9: Lab: Implementing Advanced Storage Features

Section 12.10: Summary

Chapter 13: Scheduling Future Tasks

Section 13.1: Scheduling Recurring System Jobs

Section 13.2: Guided Exercise: Scheduling Recurring System Jobs

Section 13.3: Managing Temporary Files

Section 13.4: Guided Exercise: Managing Temporary Files

Section 13.5: Quiz: Scheduling Future Tasks

Section 13.6: Summary

Chapter 14: Accessing Network-Attached Storage

Section 14.1: Mounting Network-Attached Storage with NFS

Section 14.2: Guided Exercise: Managing Network-Attached Storage with NFS

Section 14.3: Automounting Network-Attached Storage

Section 14.4: Guided Exercise: Automounting Network-Attached Storage

Section 14.5: Lab: Accessing Network-Attached Storage

Section 14.6: Summary

Chapter 15: Managing Network Security

Section 15.1: Managing Server Firewalls

Section 15.2: Guided Exercise: Managing Server Firewalls

Section 15.3: Lab: Managing Network Security

Section 15.4: Summary

Chapter 16: Running Containers

Section 16.1: Introducing Containers

Section 16.2: Quiz: Introducing Containers

Section 16.3: Running a Basic Container

Section 16.4: Guided Exercise: Running a Basic Container

Section 16.5: Finding and Managing Container Images

Section 16.6: Guided Exercise: Finding and Managing Container Images

Section 16.7: Performing Advanced Container Management

Section 16.8: Guided Exercise: Performing Advanced Container Management

Section 16.9: Attaching Persistent Storage to a Container

Section 16.10: Guided Exercise: Attaching Persistent Storage to a Container

Section 16.11: Managing Containers as Services

Section 16.12: Guided Exercise: Managing Containers as Services

Section 16.13: Lab: Running Containers

Section 16.14: Summary

Chapter 17: Comprehensive Review

Section 17.1: Comprehensive Review

Section 17.2: Lab: Fixing Boot Issues and Maintaining Servers

Section 17.3: Lab: Configuring and Managing File Systems and Storage

Section 17.4: Lab: Configuring and Managing Server Security

Section 17.5: Lab: Running Containers

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Guided Exercise: Configuring SSH Key-based Authentication

In this exercise, you will configure a user to use key-based authentication for SSH.

Outcomes

You should be able to:

Generate an SSH key pair without passphrase protection.
Generate an SSH key pair with passphrase protection.
Authenticate using both passphrase-less and passphrase-protected SSH keys.

On workstation, run lab ssh-configure start to start the exercise. This script creates the necessary user accounts.

[student@workstation ~]$ lab ssh-configure start

From workstation, open an SSH session to serverb as student.

[student@workstation ~]$ ssh student@serverb
...output omitted...
[student@serverb ~]$

Use the su command to switch to the operator1 user on serverb. Use redhat as the password of operator1.
```
[student@serverb ~]$ su - operator1
Password: redhat
[operator1@serverb ~]$ 
```

Use the ssh-keygen command to generate SSH keys. Do not enter a passphrase.

[operator1@serverb ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/operator1/.ssh/id_rsa): Enter
Created directory '/home/operator1/.ssh'.
Enter passphrase (empty for no passphrase): Enter
Enter same passphrase again: Enter
Your identification has been saved in /home/operator1/.ssh/id_rsa.
Your public key has been saved in /home/operator1/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:JainiQdnRosC+xXhOqsJQQLzBNUldb+jJbyrCZQBERI operator1@serverb.lab.example.com
The key's randomart image is:
+---[RSA 2048]----+
|E+*+ooo .        |
|.= o.o o .       |
|o.. = . . o      |
|+. + * . o .     |
|+ = X . S +      |
| + @ +   = .     |
|. + =   o        |
|.o . . . .       |
|o     o..        |
+----[SHA256]-----+

Use the ssh-copy-id command to send the public key of the SSH key pair to operator1 on servera. Use redhat as the password of operator1 on servera.

[operator1@serverb ~]$ ssh-copy-id operator1@servera
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/operator1/.ssh/id_rsa.pub"
The authenticity of host 'servera (172.25.250.10)' can't be established.
ECDSA key fingerprint is SHA256:ERTdjooOIrIwVSZQnqD5or+JbXfidg0udb3DXBuHWzA.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
operator1@servera's password: redhat
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'operator1@servera'"
and check to make sure that only the key(s) you wanted were added.

Execute the hostname command on servera remotely using SSH without accessing the remote interactive shell.
```
[operator1@serverb ~]$ ssh operator1@servera hostname
servera.lab.example.com
```
Notice that the preceding ssh command did not prompt you for a password because it used the passphrase-less private key against the exported public key to authenticate as operator1 on servera. This approach is not secure, because anyone who has access to the private key file can log in to servera as operator1. The secure alternative is to protect the private key with a passphrase, which is the next step.

Use the ssh-keygen command to generate another set of SSH keys with passphrase-protection. Save the key as /home/operator1/.ssh/key2. Use redhatpass as the passphrase of the private key.

Warning

If you do not specify the file where the key gets saved, the default file (/home/user/.ssh/id_rsa) is used. You have already used the default file name when generating SSH keys in the preceding step, so it is vital that you specify a non-default file, otherwise the existing SSH keys will be overwritten.

[operator1@serverb ~]$ ssh-keygen -f .ssh/key2
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): redhatpass
Enter same passphrase again: redhatpass
Your identification has been saved in .ssh/key2.
Your public key has been saved in .ssh/key2.pub.
The key fingerprint is:
SHA256:OCtCjfPm5QrbPBgqbEIWCcw5AI4oSlMEbgLrBQ1HWKI operator1@serverb.lab.example.com
The key's randomart image is:
+---[RSA 2048]----+
|O=X*             |
|OB=.             |
|E*o.             |
|Booo   .         |
|..= . o S        |
| +.o   o         |
|+.oo+ o          |
|+o.O.+           |
|+ . =o.          |
+----[SHA256]-----+

Use the ssh-copy-id command to send the public key of the passphrase-protected key pair to operator1 on servera.

[operator1@serverb ~]$ ssh-copy-id -i .ssh/key2.pub operator1@servera
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/key2.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'operator1@servera'"
and check to make sure that only the key(s) you wanted were added.

Notice that the preceding ssh-copy-id command did not prompt you for a password because it used the public key of the passphrase-less private key that you exported to servera in the preceding step.

Execute the hostname command on servera remotely with SSH without accessing the remote interactive shell. Use /home/operator1/.ssh/key2 as the identity file. Specify redhatpass as the passphrase, which you set for the private key in the preceding step.
```
[operator1@serverb ~]$ ssh -i .ssh/key2 operator1@servera hostname
Enter passphrase for key '.ssh/key2': redhatpass
servera.lab.example.com
```
Notice that the preceding ssh command prompted you for the passphrase you used to protect the private key of the SSH key pair. This passphrase protects the private key. Should an attacker gain access to the private key, the attacker cannot use it to access other systems because the private key itself is protected with a passphrase. The ssh command uses a different passphrase than the one for operator1 on servera, requiring users to know both.
You can use ssh-agent, as in the following step, to avoid interactively typing in the passphrase while logging in with SSH. Using ssh-agent is both more convenient and more secure in situations where the administrators log in to remote systems regularly.
Run ssh-agent in your Bash shell and add the passphrase-protected private key (/home/operator1/.ssh/key2) of the SSH key pair to the shell session.
```
[operator1@serverb ~]$ eval $(ssh-agent)
Agent pid 21032
[operator1@serverb ~]$ ssh-add .ssh/key2
Enter passphrase for .ssh/key2: redhatpass
Identity added: .ssh/key2 (operator1@serverb.lab.example.com)
```
The preceding eval command started ssh-agent and configured this shell session to use it. You then used ssh-add to provide the unlocked private key to ssh-agent.
Execute the hostname command on servera remotely without accessing a remote interactive shell. Use /home/operator1/.ssh/key2 as the identity file.
```
[operator1@serverb ~]$ ssh -i .ssh/key2 operator1@servera hostname
servera.lab.example.com
```
Notice that the preceding ssh command did not prompt you to enter the passphrase interactively.

Open another terminal on workstation and open an SSH session to serverb as student.

[student@workstation ~]$ ssh student@serverb
...output omitted...
[student@serverb ~]$

On serverb, use the su command to switch to operator1 and invoke an SSH connection to servera. Use /home/operator1/.ssh/key2 as the identity file to authenticate using the SSH keys.
1. Use the su command to switch to operator1. Use redhat as the password of operator1.
```
[student@serverb ~]$ su - operator1
Password: redhat
[operator1@serverb ~]$ 
```
2. Open an SSH session to servera as operator1.
```
[operator1@serverb ~]$ ssh -i .ssh/key2 operator1@servera
Enter passphrase for key '.ssh/key2': redhatpass
...output omitted...
[operator1@servera ~]$ 
```
  Notice that the preceding ssh command prompted you to enter the passphrase interactively because you did not invoke the SSH connection from the shell that you used to start ssh-agent.

Exit all the shells you are using in the second terminal.

Log out of servera.

[operator1@servera ~]$ exit
logout
Connection to servera closed.
[operator1@serverb ~]$

Exit the operator1 and student shells on serverb to return to the student user's shell on workstation.

[operator1@serverb ~]$ exit
logout
[student@serverb ~]$ exit
logout
Connection to serverb closed.
[student@workstation ~]$

Close the second terminal on workstation.
```
[student@workstation ~]$ exit
```

Log out of serverb on the first terminal and conclude this exercise.
1. From the first terminal, exit the operator1 user's shell on serverb.
```
[operator1@serverb ~]$ exit
logout
[student@serverb ~]$ 
```
  The exit command caused you to exit the operator1 user's shell, terminating the shell session where ssh-agent was active, and return to the student user's shell on serverb.
2. Exit the student user's shell on serverb to return to the student user's shell on workstation.
```
[student@serverb ~]$ exit
logout
Connection to serverb closed.
[student@workstation ~]$ 
```

Finish

On workstation, run lab ssh-configure finish to complete this exercise.

[student@workstation ~]$ lab ssh-configure finish

This concludes the guided exercise.

Revision: rh199-8.2-3beeb12