GROUP WORK SSH AND CONFIGURING A CLOUD SERVER

1. Generate ssh-key pairs from your terminal, command prompt

OR your VM server.
Note: We will cover creating SSH keys using PuTTYgen and how to copy the
keys to your remote server in the next session.
For now, you can use PuTTY as an SSH tool to remotely connect to your VM
over a bridged network and to the cloud server as well.
2. During key generation do not use default paths for the SSH-key
pairs follow the naming convention described below:
e.g for group1
--$ ssh-keygen -b 4096
Follow the prompts
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): .ssh/grp_1dpass
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

3. Capture the generated keys as a screenshot.

4. The focus is to set up key-based authentication on remote
server: 20.164.19.57
5. Different users have been created for the different groups and
shared accordingly.
6. Use ssh-copy-id command to copy the public key to the
remote host 20.164.19.57 (eg group1)
$ ssh-copy-id -i .ssh/grp_1dpass.pub [email protected]
7. Test the SSH connection by logging in –>
e.g. $ ssh [email protected]
8. Discuss and decide on the cloud provider you’d like to use for
future installations (we are moving away from local VMs).
GROUP WORK SSH AND CONFIGURING A CLOUD SERVER

Note:- (Microsoft Azure offers free accounts using your Strathmore

account. –> [email protected])
9. Access the designated home directories per group and create a
file that:
• Describes the chosen cloud provider.
• Lists group members in the file with StudID and fullname.
• Save the file (e.g., Group1.txt) in your home directory.

PART2
10. Create a server in the cloud using your chosen provider; any
Linux-based server; Capture the public IP address.
11. Create user accounts in your new server of all the group
members, ensuring you capture the StudID and full name
12. Assign sudo privileges – add the users as sudoers.
Refer to the section below that describes how to Configure
sudo
13. Create SSH key pairs for different users to log in to the server.
14. Copy the public keys to the remote host
Note: Do not use the default location for the keys,
Use >> .ssh/<uniquefilename>
15. Capture screenshots of the users logging in via ssh
16. Prohibit root login via ssh ; capture the changed configuration
file
17. Prohibit password authentication via ssh and allow only key-
based authentication ; capture the changed configuration file
GROUP WORK SSH AND CONFIGURING A CLOUD SERVER

18. Document a step-by-step manual of the process, including

relevant screenshots and outputs indicated. Make sure each
step is accompanied with its command.
Upload the final doc.
GROUP WORK SSH AND CONFIGURING A CLOUD SERVER

Default changes of config files revisted:-

1. Set the passwords to expire 180 days from the current date for all users.
Set PASS_MAX_DAYS to 180 in /etc/login.defs.
-- > $ sudo vim /etc/login.defs.
2. Configuring Sudo
visudo .
One way is to add users to the wheel group.
Another option is to add or create a file and add it to the /etc/sudoers.d
directory to configure user access for users and groups.
◼ The ALL=(ALL) specifies that on any host that might have this file, wheel
can run any command.
◼ The final ALL specifies that wheel can run those commands as any user
on the system
• Create your users as sudoers by adding them to the sudoers.d
directory. Note that when adding groups you need to put the % at
the beginning of the group name as shown in th example below:-

E.g
To enable full sudo access for the user user01, one can create

sudo vim /etc/sudoers.d/user01 with the following content:

user01 ALL=(ALL) ALL

for group e.g group01 you could create :

sudo vim /etc/sudoers.d/group01

%group01 ALL=(ALL) ALL

Ensure you save the files and test your users.