Skip to main content

Working with Essential Red Hat Linux System Administration Tools

Hands-On Lab

 

Photo of Rob Marti

Rob Marti

Linux Training Architect I in Content

Length

00:15:00

Difficulty

Beginner

In this lab we are going to make sure we have the minimum knowledge required to successfully pass the RHCE on RHEL8. We're going to present a scenario that will test an exam candidate's knowledge of how to use grep and configure ssh to help students succeed at this exam.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Working with Essential Red Hat Linux System Administration Tools

Introduction

In this lab we are going to make sure we have the minimum knowledge required to successfully pass the RHCE on RHEL8. We're going to present a scenario that will test an exam candidate's knowledge of how to use some tools, and ensure a passing grade at this exam. In this lab we'll be looking at basic essential tools knowledge.

The Scenario

One of the junior admins has left the company and we've been tasked with cleaning up some of his mess. He was setting up a server (Server2) for the developers to use. The developers should only ever connect to it from Server1, using an SSH key (no passwords).

There is a user already created on that server, but no one is sure what the username is. The log file, /tmp/logfile, on Server1 contains the username, but we'll have to search for it. It should be labeled "username" or "user-name" or something like that. We can do this with grep.

Once we've found the username and created SSH keys to access the server (using ssh-keygen), we need to copy them across and set the server up so that it doesn't allow password connections at all. The ssh-copy-id command will do this for us.

Then, we'll need to edit /etc/ssh/sshd_config on Server2, to disable password authentication.

Logging In

Use the credentials provided on the hands-on lab page to get into Server1 to begin with.

Find the Username That the Other Admin Created

There's over 25,000 lines in /tmp/logfile so we don't want to do it by hand. While we don't know the exact format we're searching for, we're fairly confident that it's some form of the word "username".

[cloud_user@Server1 ]# grep -e 'user.*name' -i /tmp/logfile

That will match any iteration of 'user', followed by any character (or no character), followed by 'name'.

Create an SSH Key

Use the command ssh-keygen to generate a key that we can use to copy to the other server to allow passwordless connections.

Copy the SSH Key to Both cloud_user and the User Whose Name You Discovered in the First Task

Use the ssh-copy-id command to copy the SSH key to both the cloud_user and the new user name:

[cloud_user@Server1 ]# ssh-copy-id cloud_user@&ltServer2_INTERNAL_IP_ADDRESS>
[cloud_user@Server1 ]# ssh-copy-id &ltUSERNAME>@&ltServer2_INTERNAL_IP_ADDRESS>

Now we can test with two ssh commands:

ssh cloud_user@&ltServer2_INTERNAL_IP_ADDRESS&gt

Back out of that login, and try it for the other user:

ssh &ltUSERNAME&gt@&ltServer2_INTERNAL_IP_ADDRESS&gt

Just be sure you've substituted the correct Server2_INTERNAL_IP_ADDRESS and USERNAME in the commands. We should now be able to perform passwordless ssh logins.

Ensure That No One Can Use a Password to Log into Server2

Now get out of that shell and come back in as cloud_user. Once we've logged in, we need to edit /etc/ssh/sshd_config and, with whichever text editor we like best, change the PasswordAuthentication variable to no. We're using vi as an example here:

[cloud_user@Server2 ]# sudo vi /etc/ssh/sshd_config

Once we've done that, restart the SSH daemon using sudo systemctl restart sshd.

To test, try to log in with a password:

[cloud_user@Server2 ]# ssh -o PreferredAuthenticaions=password cloud_user@localhost

When it fails, we know we succeeded. Congratulations!