CSC8306 -- Systems Administration

Secure connections

There are two aims to this practical. One is to give you a reasonable idea of network security, the second is to show you how to connect to a remote machine, in a secure, encrypted fashion. Moreover, it will show you how to do this in non-interactive manner — so that you can set up, use and remove secure connections in an environment which does not require you to be present at the terminal: vital for many tasks.

linux.cs.newcastle.ac.uk

First, you will need a machine to connect to. For this, you can use linux.cs.newcastle.ac.uk, which is a general purpose server. Your University login should work.

Network Ports

Networking uses "ports". A machine will have a number of "open ports" which offer services that you can access. You can query a machine to find out what ports it provides. For this, we are going to use a port scanner.

WARNING!!!

Port scanners are very useful tools for the sys admin. They are also heavily used by hackers to find out what vulnerabilities a machine has.

Using a port scanner is, therefore, a dangerous thing. It's liable to get you noticed by local security people. You should NEVER port scan a machine which you do not own. Doing so is likely to get your machine blocked, and your account disabled.

WARNING!!!

Install the nmap package, using apt-get or synaptic. Given the warning above, please ONLY run this during the practical sessions and not outside of it. Launch nmap with nmap -v -A -NP linux.cs.ncl.ac.uk nmap will take around 2 minutes to run, but after 1 minute it will have discovered everything that you need. If it doesn't run properly, try and work out why.

You should have found a couple of open TCP ports. Try and find out what services these ports offer. Write down your answers and describe how you found out.

Accessing ssh

Next, you need to get access to the machine.

You are currently using a virtual machine. If you want to back it up, then you will need to be able to talk to the outside world. We're going to try linux.cs.ncl.ac.uk as a good place to connect to.

First we need to find your home space on this machine. For this you need the ssh command. ssh is short for "secure shell"; it's pretty much a universal tool for connecting to another machine securely in the Unix world. Try ssh aXXXXXX@linux.cs.ncl.ac.uk. Write down the messages that you get. It's the university password that you need. Not much should appear to happen, although the prompt will change. The shell that you are now looking on is on a different machine. Type hostname if you don't believe me. Find out and write down your home directory location.

The next step is to get password-less access. For this, we will use ssh-agent.

Rather, that describe this myself, we are going to use an existing tutorial.

Read Part One first. You should work your way through the examples and get everything working. For Part Two, some of it is out of date; read the first section (Introducing ssh-agent), but just do the examples from "using ssh-add"

Describe briefly (1-200 words) what Public Key Encryption is, and why it offers security. You should have skipped over the "ssh-agent" examples; explain why you don't have to do this? How does it all just work? ssh allows you ro run commands remotely as well as obtain an interactive shell. Can you create a file, test.txt in your home space using ssh without using an interactive shell on the remote machine? Write down the command line. Bonus Question. How would you use ssh to add new content to test.txt, again without using an interactive shell?