Linux+ Objective 2.

4 Labs

Lab 1: SSH Con guration and Key-Based Authentication

Scenario: You are a system administrator managing multiple servers remotely. You want to
con gure SSH and enable key-based authentication to enhance security and ease the login
process.

1. Generate SSH key pair:

- On your local machine, open a terminal.
- Run the following command to generate an SSH key pair:
```
ssh-keygen
```
- Follow the prompts to choose the key type, specify the key le location, and set a
passphrase if desired.

2. Copy the public key to the remote server:

- Use the following command to copy the public key to the remote server:
```
ssh-copy-id username@remote_server_ip
```
- Replace `username` with your actual username and `remote_server_ip` with the IP address
or hostname of the remote server.
- Enter your password when prompted.

3. Verify key-based authentication:

- Attempt to SSH into the remote server:
```
ssh username@remote_server_ip
```
- If the key-based authentication is successful, you should be logged in without entering a
password.

Lab 2: SSH Tunneling - X11 Forwarding

Scenario: You need to securely access a remote server and run graphical applications on your
local machine using X11 forwarding. Con gure and execute remote connectivity for system
management (macOS to Ubuntu). You are a system administrator managing a remote Ubuntu
server from your local macOS machine. You need to establish a secure SSH connection with
X11 forwarding to access and manage graphical applications on the remote server.

***Install an Ubuntu VM on VMware Fusion on your laptop.***

Instructions:

1. Install XQuartz on your local macOS machine:

- Download XQuartz from the o cial website: https://www.xquartz.org/
- Open the downloaded .dmg le and follow the installation instructions to install XQuartz.

2. Open a terminal on your macOS machine and install the SSH client if it's not already
installed:
fi
fi
fi
ffi
fi
fi
 ```
sudo apt install openssh-client
```

3. Connect to the remote Ubuntu server using SSH with X11 forwarding:
```
ssh -X username@remote_server_ip
```
Replace `username` with your remote server username and `remote_server_ip` with the IP
address or hostname of the remote Ubuntu server.

4. When prompted, enter your password to authenticate the SSH connection.

5. Install the necessary X11 packages on the remote Ubuntu server:

```
sudo apt update
sudo apt install xauth x11-apps
```

6. Verify that X11 forwarding is enabled on the remote server by running the command:
```
echo $DISPLAY
```
You should see an output similar to `localhost:10.0`.

7. Test X11 forwarding by launching a graphical application from the remote server. For
example, you can run the `xclock` command:
```
xclock
```
This should open a clock application on your local macOS machine.

8. If the application successfully opens, X11 forwarding is working correctly.

9. To exit the SSH session, type `exit` and press Enter.

Congratulations! You have successfully con gured and executed remote connectivity with X11
forwarding from your local macOS machine to the remote Ubuntu server. You can now manage
and use graphical applications on the remote server from your macOS machine.
fi
Lab 3: SSH Tunneling - Port Forwarding

Scenario: You need to access a website running on a remote server's port that is not directly
accessible from your local machine. You must connect to a public facing AWS server via SSH
and that public facing AWS server will forward the http (port 80) tra c to the private IP of a
second AWS machine allowing you to see the website when you place 127.0.0.1:80 in your
web browser. YOU WILL NEED **TWO** AWS SERVERS FOR THIS LAB THE FIRST ONE IS
PUBLIC FACING AND A SECOND ONE THAT YOU WILL PLACE A BASIC WEBSITE ON.
THE SECOND SERVER WITH THE WEBSITE WILL ONLY BE ACCESSIBLE FROM THE IP
OF THE FIRST AWS SERVER.

Instructions:

1. Set up local port forwarding:

- Open a terminal on your local machine.
- Identify an available local port that will be used for port forwarding. For this lab, let's
assume you choose port 8888 on your local machine.
- Use the following command to set up port forwarding:
```
ssh -L 8888:AWS_private_IP_address:80 username@AWS_pubic_facing_public_IP
```
Replace ‘AWS_private_IP_address` with the IP address or hostname of the internal remote
server where the web application is running. Replace `username` with your username on the
public facing remote server. If you need to connect through an intermediate jump host, replace
`jump_host_ip` with the IP address or hostname of the jump host.
- Enter the necessary credentials when prompted.

2. Access the web application locally:

- Open a web browser on your local machine.
- In the address bar, enter `localhost:8888`.
ffi
 - Press Enter to access the web application running on the remote server.
- You should be able to interact with the web application as if it were running locally on your
machine.

Note: Make sure the web application on the remote server is listening on port 80 and
accessible within the network. Adjust the port numbers and addresses in the SSH command
accordingly if di erent in your scenario.

Additional Information:
- SSH port forwarding establishes an encrypted tunnel between your local machine and the
remote server, allowing you to securely access services running on the remote server.
- Local port forwarding forwards tra c from a port on your local machine to a port on the
remote server through the SSH tunnel.
- In this lab, the local port 8888 is being forwarded to port 80 on the remote server, where the
web application is listening.
- The SSH tunnel encrypts the tra c between your local machine and the remote server,
ensuring the security of your data.

Lab 4: SSH Tunneling - Dynamic Forwarding with SSH

Scenario:
You have an Amazon Linux server running on AWS, and you want to establish dynamic
forwarding using SSH to access the internet securely through the server. By using Dynamic
forwarding with SSH, you can establish a secure tunnel between your local Mac machine and
the remote AWS server. Any tra c that is sent through this tunnel, including requests to
blocked websites, will appear to originate from the remote AWS server. This allows you to
bypass network restrictions or access blocked websites by routing your local Internet tra c
through the SSH connection to the remote server.

Instructions:
1. Launch an Amazon EC2 instance with Amazon Linux on AWS.
2. Create a new security group for the EC2 instance and allow inbound SSH tra c (port 22)
from your IP address.
3. Connect to the Amazon Linux server using SSH:
```
ssh ec2-user@<public_ip_address>
```
Replace `<public_ip_address>` with the actual public IP address of your EC2 instance.

Connect to your Amazon Linux server using SSH:

Check rewall status:

sudo systemctl status firewalld

If rewalld is not running, start it with the following command:

sudo systemctl start firewalld

fi
fi
ff
ffi
ffi
ffi
ffi
ffi
 Allow incoming connections on port 8080 by adding a new rewall rule:

sudo firewall-cmd --add-port=8080/tcp --permanent

This command adds a permanent rule to allow incoming TCP connections on port 8080.

Reload the rewall to apply the changes:

sudo firewall-cmd --reload

Now, to open port 8080 on the AWS console:

a) Log in to the AWS Management Console.

b) Go to the EC2 service.

c) Select your Amazon Linux instance.

d) In the "Description" tab, click on the "Security groups" link.

e) Identify the security group associated with your Amazon Linux instance.

f) Click on the linked security group to open its details.

g) In the "Inbound rules" tab, click on the "Edit inbound rules" button.

h) Add a new rule to allow incoming TCP traf c on port 8080.

◦ Type: Custom TCP

◦ Port range: 8080
◦ Source: Anywhere (0.0.0.0/0, ::/0)
i) Click on the "Save rules" button to apply the changes.

Connect to the Amazon Linux server using SSH:

ssh ec2-user@<public_ip_address>
Replace <public_ip_address> with the actual public IP address of your EC2 instance.
Con gure the SSH server to allow dynamic forwarding by editing the SSH server con guration
le:

sudo nano /etc/ssh/sshd_config

fi
fi
fi
fi
fi
fi
 Uncomment or add the following line:

DynamicForward 8080
Save the le and exit the editor.
Restart the SSH server for the changes to take effect:

sudo systemctl restart sshd

On your Mac, open the Terminal application.

Edit the hosts le on your Mac to simulate a website being blocked:

sudo nano /etc/hosts

Add the following line to the le:

127.0.0.1 blocked-website.com

Save the le and exit the editor.

Establish a dynamic forwarding connection from your Mac to the Amazon Linux server:

1. ssh -D 8080 ec2-user@<public_ip_address>

2. Replace <public_ip_address> with the public IP address of your EC2 instance.
3. Enter your SSH password when prompted.
4. With the dynamic forwarding connection established, con gure your web browser on the
Mac to use a SOCKS proxy:
◦ For Safari: Go to Safari Preferences > Advanced > Proxies > Change Settings,
select "SOCKS Proxy," and enter "localhost" as the server and "8080" as the port.
◦ For Firefox: Go to Preferences > General > Network Settings, select "Manual
proxy con guration," enter "localhost" as the SOCKS Host, and enter "8080" as
the port.
5. Save the browser settings and close the Preferences window.
6. Open a new browser tab and try accessing the blocked website. Your internet traf c will
now be securely tunneled through the Amazon Linux server, bypassing the local
restriction on your Mac.
7. Verify that you can successfully access the blocked website despite the local restriction.

By following these steps, you will establish dynamic forwarding using SSH to bypass the local
restriction on your Mac and access the blocked website through the Amazon Linux server on
AWS.
fi
fi
fi
fi
fi
fi
fi
 Lab 5: Executing Commands as Another User - Using sudo

Scenario: You are a system administrator responsible for managing a Linux server. You need to
perform administrative tasks and execute commands with elevated privileges using the sudo
command.

1. Edit the sudoers le:

- Open a terminal on your Linux machine.
- Run the command `sudo visudo` to open the sudoers le for editing. This le controls the
sudo con guration.
- Locate the section that grants privileges to users. It typically starts with the line `%sudo
ALL=(ALL:ALL) ALL`.
- Add the following line below the mentioned section to grant your user administrative
privileges:
```
your_username ALL=(ALL:ALL) ALL
```
- Save the le and exit the editor.

2. Test sudo access:

- Open a new terminal window.
- Run the command `sudo <command>` to execute a command with administrative
privileges. Replace `<command>` with an actual command you want to execute.
- You will be prompted to enter your user password.
- After entering the password, the command will be executed with elevated privileges.
- Verify that the command is executed successfully and produces the desired outcome.

3. Additional sudo con gurations (optional):

- You can further customize the sudoers le to specify additional settings and restrictions for
your user or other users.
- Consult the sudo documentation or online resources for more information on advanced
sudo con gurations and best practices.

Lab 6: Executing Commands as Another User - Using su

Scenario: You are a system administrator working on a multi-user Linux system. You need to
temporarily switch to another user to perform speci c tasks or troubleshoot issues.

1. Switch to the desired user:

- Open a terminal on your Linux machine.
- Run the command `su - username` to switch to the desired user. Replace `username` with
the actual username of the target user.
- You will be prompted to enter the user's password.
- After entering the password, you will be logged in as the speci ed user.

2. Execute commands as the other user:

- Once you are logged in as the other user, you can execute any desired commands or
perform system administration tasks speci c to that user.
- For example, you can navigate to the user's home directory using `cd ~` and list the les
using `ls`.
- To execute commands that require administrative privileges, you can pre x them with `sudo`
and enter the user's password when prompted.
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
3. Return to your original user:
- To return to your original user, simply type `exit` or press `Ctrl+D`.
- You will be logged out of the other user's session and returned to your original user's
session.

Note: Exercise caution when executing commands with elevated privileges. Always ensure that
you have the necessary authorization and understand the potential consequences of the
commands you are executing.io: