Lesson 5

Dates: 2/20/2019
Linux networking
Linux System Administration


Practical Exercises with network services
  • Start virtual machine kvm3
    virsh start kvm3
    
  • Figure out the IP address of kvm3:
    virsh domifaddr kvm3
    

    Place the IP address and kvm3 host name into file /etc/hosts on your desktop. For example, if IP address of kvm3 is 192.168.122.114:
    echo '192.168.122.114  kvm3' >> /etc/hosts
    
    ssh to kvm3 as user hostadm:
    ssh hostadm@kvm3
    


  • Install FTP server on the VM.
    apt-get install net-tools 
    apt-get install ftpd
    
    Command netstat shows open tcp/21 port by inetd service:
    netstat -nalp | grep inetd 
    
    tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      1254/inetd
    
    From the desktop, ftp to kvm3.
    ftp  kvm3
    
    Use hostadm user credentials (login name and password).

  • Configure SSH.
    For SSH authentication, you can use either RSA or DSA public/private keys besides password. We'll be using RSA in the exercises below.
    To generate an RSA key pair, type the following command at a shell prompt on your desktop:
    ssh-keygen -t rsa
    
    Accept the default file location of ~/.ssh/id_rsa. Enter a passphrase different from your account password and confirm it by entering it again.
    The public key is written to ~/.ssh/id_rsa.pub. The private key is written to ~/.ssh/id_rsa.
    Never distribute your private key to anyone.
    The contents of ~/.ssh/id_rsa.pub needs to be delivered onto the remote machine to which you want to connect, specifically kvm3, into file ~/.ssh/authorized_keys
    To accomplish the transfer task, here you can use ftp service installed in the previous exercise.
    ftp  kvm3
    Name (kvm3:hostadm): hostadm
    ftp> cd .ssh
    ftp> lcd .ssh
    ftp> put id_rsa.pub authorized_keys
    ftp>  quit
    
    Command cd in the ftp> shell above is for stepping into the directory, .ssh, on the remote host, kvm3.
    Command lcd is for stepping into the directory, .ssh, on the local desktop.

    Now try to ssh to kvm3. You should be prompted to enter your passphrase.

    The ssh-agent can be used to store your passphrase so that you do not have to enter it each time you make a ssh or scp connection.
    At a shell prompt on the desktop, type the following command:
    exec /usr/bin/ssh-agent $SHELL
    
    Then type the command:
    ssh-add
    
    and enter your passphrase(s). If you have more than one key pair configured, you will be prompted for each one. When you log out, your passphrase(s) will be forgotten. You must execute these two commands each time you log in to a virtual console or open a terminal window.

  • Run a remote command over ssh, for example:
    ssh kvm3 "uname -a"
    
    Copy files from your desktop to kvm3 and vise versa using scp command:
    scp kvm3:/etc/hosts .
    touch somef.txt
    scp somef.txt kvm3:/home/$USER
    


  • Syncronizing directories between remote hosts by using rsync.
    This tool lets you copy files and directories between a local host and a remote host.
    Install rsync on both your desktop and kvm3:
    apt-get install rsync
    
    Creat a directory tree and copy it over to kvm3 with rsync command.
    mkdir -p dir1/dir2/dir3
    rsync  -avz dir1 kvm3:/home/$USER
    
    Option a stands for archive (preserve links and timestamps); v is for verbose and z is for data compression when sending-receiving.


  • Disable ftp
    Since you have fully functioning SSH on kvm3, you can get rid of ftp servers. The easiest way to accomplish it is by stopping and disabling the master service, inetd:
    systemctl stop inetd
    systemctl disable inetd
    
    Make sure port tcp/21 is not open by running
    netstat -na
    
    Never run rsh, rlogin, telnet and ftp servers on the open Internet. They are very unsecure due to clear text authentication and data transfer.




  • Take me to the Course Website