As root on server2, generate a private/public key pair without a passphrase using the ssh- keygen...

 

Transcribed Image Text:

As root on server2, generate a private/public key pair without a passphrase using the ssh- keygen command. 2. Distribute the public key to server3 with the ssh-copy-id command. 3. Use SSH (ssh server 3 or server3's IP address) to log on to server3 and accept the fingerprints for the server if presented. 4. On subsequent log in attempts from server2 to server3, you should not be prompted for a password. If you are prompted or encounter an error, include that in your work product submission. Type date in the same shell(s) you used to complete the above steps and take a screenshot showing the output from steps along with the date command. 5. As root with sudo on server3, edit the /etc/ssh/sshd_config file and change the value of the directive PermitRootLogin to "no". 6. Use the systemctl command to activate the change. 7. As root on server2, run ssh server3 (or its IP address). a. Note: It is expected that you'll get permission denied message. 8. Reverse the change on server3 and retry ssh server 3. a. Note: It is expected that you should be able to log in again. Type date in the same shells you used to complete the above steps and take a screenshot showing the output from steps along with the date command. Part One: Users and Groups Complete the following steps from a shell as root or sudo, on server2 and server3: 1. Create a new group Inxgrps2 with GID 6000 on server2 and Inxgrps3 on server3. 2. Create user userp1s2 with UID 5000 and GID 6000 on server2 and userpls3 with UID 5000 and GID 6000 on server3. 3. Assign this user a password and establish password aging attributes so that this user cannot change their password within 4 days after setting it and with a password validity of 30 days. This user should start getting warning messages for changing password 10 days prior to account lock down. This user account needs to expire on the 20th of the December in the next calendar year. 4. Then, add a for userpls2 on server2 and userpls3 on server3 to the /etc/sudoers file to allow this user full root access on the system. Make sure that this user is not prompted for a password when they use sudo to execute a command. 5. On server2 switch into the userp1s2 account and try running the following commands. Do the same on server3. a. sudo users. Confirm the id of the user accounts created in step 2. b. sudo groups. Confirm the gid of Inxgrp group created in step 1. Type date in the same shell you used to complete step 5 and take a screenshot of the output from step 5a and 5b and the date command. Do this for server2 and server3. Part Two - Networking Note: We need to pay careful attention to our virtualization configuration. The following steps assume you are using VirtualBox. If you are using a different product, use the equivalent features. Preparation a. Make sure server2 and server3 are powered off. b. Click Settings at the top and then Network on the window that pops up. c. Click on "Adapter 1" and ensure the "Enable Network Adapter" box is checked. d. Select "Host-only Adapter" from the drop-down list besides "Attached to" e. Ensure the same Host-only Adapter is selected under "Name:" on both server2 and server3. If, for some reason there is no adapter available, select Networking and click on the Host-only Networks tab: i. ii. Click on the icon to add a new host-only adapter (plus sign) Then, confirm the IP address and Mask assigned by VirtualBox on the new host-only adapter by selecting it and click on the edit icon (the screwdriver) a. Write down the Address and Mask - this will be your gateway and network definition for the virtual machines. Networking Configuration Finally, power on the virtual machines and perform the following steps: Add a new network interface to server2. 1. As userpls2 with sudo, run ip a and verify the presence of the new interface (e.g., enp0s8). 2. Use the nmcli command and assign IP x.x.x.212/24 and gateway x.x.x.1. a. Identify the network octets (x's) using preparation steps. 3. Set the network connection to auto-activate on system reboots. Add a new network interface to server3. 1. As userpls3 with sudo, run ip a and verify the presence of the new interface (e.g., enp0s8). 2. Use the nmcli command and assign IP x.x.x.213/24 and gateway x.x.x.1. a. Identify the network octets (x's) using preparation steps. 3. Set the network connection to auto-activate on system reboots. Type date in the same shell you used to complete the above steps and take a screenshot showing the output from steps along with the date command. Do this for server2 and server3. As root on server2, generate a private/public key pair without a passphrase using the ssh- keygen command. 2. Distribute the public key to server3 with the ssh-copy-id command. 3. Use SSH (ssh server 3 or server3's IP address) to log on to server3 and accept the fingerprints for the server if presented. 4. On subsequent log in attempts from server2 to server3, you should not be prompted for a password. If you are prompted or encounter an error, include that in your work product submission. Type date in the same shell(s) you used to complete the above steps and take a screenshot showing the output from steps along with the date command. 5. As root with sudo on server3, edit the /etc/ssh/sshd_config file and change the value of the directive PermitRootLogin to "no". 6. Use the systemctl command to activate the change. 7. As root on server2, run ssh server3 (or its IP address). a. Note: It is expected that you'll get permission denied message. 8. Reverse the change on server3 and retry ssh server 3. a. Note: It is expected that you should be able to log in again. Type date in the same shells you used to complete the above steps and take a screenshot showing the output from steps along with the date command. Part One: Users and Groups Complete the following steps from a shell as root or sudo, on server2 and server3: 1. Create a new group Inxgrps2 with GID 6000 on server2 and Inxgrps3 on server3. 2. Create user userp1s2 with UID 5000 and GID 6000 on server2 and userpls3 with UID 5000 and GID 6000 on server3. 3. Assign this user a password and establish password aging attributes so that this user cannot change their password within 4 days after setting it and with a password validity of 30 days. This user should start getting warning messages for changing password 10 days prior to account lock down. This user account needs to expire on the 20th of the December in the next calendar year. 4. Then, add a for userpls2 on server2 and userpls3 on server3 to the /etc/sudoers file to allow this user full root access on the system. Make sure that this user is not prompted for a password when they use sudo to execute a command. 5. On server2 switch into the userp1s2 account and try running the following commands. Do the same on server3. a. sudo users. Confirm the id of the user accounts created in step 2. b. sudo groups. Confirm the gid of Inxgrp group created in step 1. Type date in the same shell you used to complete step 5 and take a screenshot of the output from step 5a and 5b and the date command. Do this for server2 and server3. Part Two - Networking Note: We need to pay careful attention to our virtualization configuration. The following steps assume you are using VirtualBox. If you are using a different product, use the equivalent features. Preparation a. Make sure server2 and server3 are powered off. b. Click Settings at the top and then Network on the window that pops up. c. Click on "Adapter 1" and ensure the "Enable Network Adapter" box is checked. d. Select "Host-only Adapter" from the drop-down list besides "Attached to" e. Ensure the same Host-only Adapter is selected under "Name:" on both server2 and server3. If, for some reason there is no adapter available, select Networking and click on the Host-only Networks tab: i. ii. Click on the icon to add a new host-only adapter (plus sign) Then, confirm the IP address and Mask assigned by VirtualBox on the new host-only adapter by selecting it and click on the edit icon (the screwdriver) a. Write down the Address and Mask - this will be your gateway and network definition for the virtual machines. Networking Configuration Finally, power on the virtual machines and perform the following steps: Add a new network interface to server2. 1. As userpls2 with sudo, run ip a and verify the presence of the new interface (e.g., enp0s8). 2. Use the nmcli command and assign IP x.x.x.212/24 and gateway x.x.x.1. a. Identify the network octets (x's) using preparation steps. 3. Set the network connection to auto-activate on system reboots. Add a new network interface to server3. 1. As userpls3 with sudo, run ip a and verify the presence of the new interface (e.g., enp0s8). 2. Use the nmcli command and assign IP x.x.x.213/24 and gateway x.x.x.1. a. Identify the network octets (x's) using preparation steps. 3. Set the network connection to auto-activate on system reboots. Type date in the same shell you used to complete the above steps and take a screenshot showing the output from steps along with the date command. Do this for server2 and server3.