Exercises

Using SSH to Admin your Box
1. Copy Your inst Account Public Key to the root Account
2. Update /etc/ssh/sshd_config

Notes (CRITICAL)

1. The "#" and "$" characters before commands represents your system prompt and is not part of the command itself. "#" indicates a command issued as root while "$" indicates a command issued as a normal user.

1.) Copy Your inst Account Public Key to the root Account [Top]

For this exercise we want you to copy /home/inst/.ssh/id_rsa.pub over to your neighbor's machine and place the file in /root/.ssh/authorized_keys on your neighbor's machine (not your machine).

Note, you cannot log in directly to your neighbor's machine as root, so you must take advantage of the fact that you can get in as the userid inst and then you can become root once you are logged in.

First you need to create your own ssh keypair (public and private) for your inst account. To do this do:

$ ssh-keygen

inst@pcNN:~$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/inst/.ssh/id_rsa):        ==> PRESS 
Enter passphrase (empty for no passphrase):                          ==> USE WORKSHOP PASSWORD
Enter same passphrase again:                                         ==> USE WORKSHOP PASSWORD
Your identification has been saved in /home/inst/.ssh/id_rsa.
Your public key has been saved in /home/inst/.ssh/id_rsa.pub.
The key fingerprint is:
54:a1:bf:d6:95:1e:b7:72:83:65:ef:5c:ae:79:ad:0e inst@pcNN.t1.workshop.pacnog.org
The key's randomart image is:
+--[ RSA 2048]----+
|          o.     |
|         o       |
|        o        |
|       . .     . |
|        S .   +o.|
|           o o+oo|
|          o Eo.++|
|         .   .o==|
|             .=++|
+-----------------+

Once you have a public and private key pair you are ready to copy your public key to your neighbor's machine.

It is critical that you do not overwrite keys as you do this. Find a neighbor with whom you will do this exercise and have them do this exercise on your machine. Make sure that you don't have two people accessing the same machine when doing this exercise or it may not work:

Again, to make thing easier open two terminal windows on your desktop. In one window make sure you are the inst user on your machine. We will call this your local window. In another window type:

$ ssh inst@pcX

You have already generated your public/private ssh key pair. In your local window do the following:

$ cd ~/.ssh
$ scp id_rsa.pub inst@pcX:/tmp/.

$ sudo bash
# mkdir /root/.ssh
# cd /root/.ssh
$ cat /tmp/id_rsa.pub >> authorized_keys
$ rm /tmp/id_rsa.pub

Log out of your neighbor's machine and try connecting to the machine as root:

# exit
$ exit


$ ssh root@pcNN

inst@pcNN:~$ ssh root@pcXX Enter passphrase for key '/home/inst/.ssh/id_rsa':

Now repeat this exercise and copy your inst user's public key (id_rsa.pub) to your neighbor's machine and place it in the /home/inst/authorized_keys file...

$ scp /home/inst/.ssh/id_rsa.pub inst@pcNN:/tmp/.
$ ssh inst@pcNN
$ cat /tmp/id_rsa.pub >> /home/inst/.ssh/authorized_keys
$ exit

2.) Update /etc/ssh/sshd_config [Top]

We have configured an sshd_config file on your server. This configuration file allows access to the root user, but only using public/private ssh keys. It still allows you to connect to other users with passwords. This is not ideal (why?).

For this exercise do the following:

$ cd /etc/ssh
$ sudo cp sshd_config sshd_config.bak

#ChallengeResponseAuthentication yes

to read:

>ChallengeResponseAuthentication no

And remember to restart the ssh server:

$ sudo vi /etc/ssh/sshd_config
$ sudo /etc/rc.d/sshd restart

Once you are done with this ask your neighbor if they have gotten to this step. Once they have, then try logging in on your neighbor's machine:

$ ssh inst@pcNN

Hervey Allen