| |
Practical Exercises with network services
Start virtual machine kvm2
Figure out the IP address of kvm2: check out the content of
file
/var/lib/libvirt/dnsmasq/virbr0.status
specifically the
line containing kvm2. It has both the MAC address and the IP address of kvm2:
Place the IP address and kvm2 host name into file /etc/hosts
on your desktop. For example, if IP address of kvm2 is
192.168.122.114:
ssh to kvm2 as user hostadm:
Install telnet server on the VM.
Check /etc/inetd.conf and make sure you see the following entry:
Command netstat -na should show open tcp/23 port:
Telnet to kvm2 from your desktop machine, for example:
Install FTP server on the VM.
Check out /etc/inetd.conf and notice the entry for FTP:
Command netstat -na shows open tcp/21 port:
From the desktop, ftp to kvm2.
Use hostadm user credentials (login name and password).
Configure SSH.
For SSH authentication, you can use either RSA or DSA public/private keys besides password.
We'll be using RSA in the exercises below.
To generate an RSA key pair,
type the following command at a shell prompt on your desktop:
Accept the default file location of ~/.ssh/id_rsa. Enter a passphrase
different from your account password and confirm it by entering it again.
The public key is written to ~/.ssh/id_rsa.pub. The private key is
written to ~/.ssh/id_rsa.
Never distribute your private key to anyone.
The contents of ~/.ssh/id_rsa.pub needs to be delivered onto the remote machine to which you want to connect, specifically kvm2, into file
~/.ssh/authorized_keys
To accomplish the transfer task, here you can use ftp service installed in the previous exercise.
Command cd in the ftp> shell above is for stepping into
the directory, .ssh, on the remote host, kvm2.
Command lcd is for stepping into the directory, .ssh, on the local desktop.
Now try to ssh to kvm2. You should be prompted to enter your passphrase.
The ssh-agent can be used to store your passphrase so that you do
not have to enter it each time you make a ssh or scp connection.
At a shell prompt on the desktop, type the following command:
Then type the command:
and enter your passphrase(s). If you have more than one key pair
configured, you will be prompted for each one.
When you log out, your passphrase(s) will be forgotten. You must
execute these two commands each time you log in to a virtual console
or open a terminal window.
Run a remote command over ssh, for example:
Copy files from your desktop to kvm2 and vise versa using scp command:
Syncronizing directories between remote hosts by using rsync.
This tool lets you copy files
and directories between a local host and a remote host.
Install rsync on both your desktop and kvm2:
Creat a directory tree and copy it over to kvm2 with rsync command.
Option a stands for archive (preserve links and timestamps);
v is for verbose and z is for data compression when sending-receiving.
Disable telnet, and ftp
Since you have fully functioning SSH on kvm2, you can get rid of
telnet and ftp servers.
In file /etc/inetd.conf comment-out the lines for
telnet and ftp.
Make inetd daemon to re-read the modified /etc/inetd.conf
by executing the following command:
where the process ID, inetd_PID, for inetd can be found from
Alternatively, you can simply run
Make sure ports tcp/21, tcp/23 are not open by running
Never run rsh, rlogin, telnet and ftp servers on the open Internet. They are very unsecure due to clear text authentication and data transfer.
|
|