NTP, Syslog & Secure Shell ITIS 3110 Lab 3 NTP, Syslog & Secure Shell

USB and Debian CLI USB mounts do not automount See 2110-3110AdditionalInfo (Helpful Information) near the bottom for instructions on how to have it automount http://webpages.uncc.edu/~tkombol/Classes_2017 _Spring/ITIS%202110-3110%20Common/2110- 3110AdditionalInfo.htm

NTP Create your own NTP server on the Debian VM You will set up the Debian server to sync with the lab’s NTP server Use your CentOS VM and Pi clients to sync with your Debian server Hint: You can sync manually to any server and then run the daemon to stay in sync

Syslog Create a Debian syslog server and allow other “syslog devices” to send their logs to Debian Configure your CentOS VM and Pi to send all logs to your Debian server Remember: Never use an editor (e.g. nano or vi) to view system logs! You do not want to edit these files, just view them

SSH clients and servers Almost all Linux distros come with an SSH client installed and configured Most Linux distros do not come with an SSH server installed or at least configured Why? Will need to install and configure a server on each workstation or server you want to ssh to Applies for scp and sftp also The machine you copy to or from must have the daemon installed and running

OpenSSH Server Any VMs you wish to securely remote log into must have an ssh server: sshd (e.g. open-ssh) You CANNOT control a remote computer without an ssh server running on that computer ssh server not typically installed as default This is the machine you are “remoting” to Your host Linux image may only have the ssh client Typical default This is the machine you are “remoting” from Suggest putting the ssh server on both VMs and Pi Later you may remote log from either machine to the other

OpenSSH Server Note: the terms server and client are relative to who is logging in and who is being logged into Client is who is logging in Server is the machine logging into

SSH Interaction REMEMBER: SSH interaction between hosts is: FROM an ACCOUNT (uid) on one computer TO an ACCOUNT (uid) on another computer For key authentication to work this means: The proper files need to be located in the proper location for every account you intend to use as a server and as a client The files need to be in the proper directory/file for each account on each machine The key pairs are for specific account on one machine to log onto a specific account on a remote machine See supplemental document for description of files and locations

Key Authentication Towards the end of lab, you will disable password authentication Prove the Key Authentication works Make sure your submission shows this You may re-enable password authentication after done with lab Only if you want to

Subnet IDs Posted on post in lab On Lab’s Web page for 3110

End goal SSH Start all machines Debian server CentOS and Pi SSH server CentOS and Pi SSH client Optional: SSH server Start all machines Access Debian Server from the CentOS or Pi Clients Never have to switch to the Debian

Notes Pi added to this lab May want to add SSH server to the Pi NTP Syslog SSH client May want to add SSH server to the Pi Configure a key pair for CentOS  Pi Then CentOS can control all the machines! Configure a key pair for Pi  Debian Then Pi can control the Debian server Default prompt for the terminals are very handy Tells: Which machine you are connected Which ID Current PWD

Notes: When configuring the Pi there is an option to enable the SSH server Can enable or disable later with: sudo raspi-config Go to Advanced Options  SSH Enable OK Finish Reboot the Pi

Last Notes The secure client (the one using ssh, scp or sftp to get/retrieve) Uses the ssh client Usualling installed and configured by default The secure target (the remote machine) Must have the secure daemon installed and running Usually sshd Usually it is not installed on the target Must be installed and configured

Last Notes Remote Access Methods Userid/password Keypair Must have a valid userid and pw on the target Can be disabled Keypair Must have the proper key data on the client and target Identifies valid clients Identifies valid targets No need for a password if the keys are set up properly Keypair and PW For the really paranoid Must have the keys set up properly Must supply another password for the pair Different than the normal UID/PW

Last Notes Some commands are struck out Watch out for Word “helping” “Old” command Left so you can see the old way May be valid on your VMs or other Linux machines service xxxx yyyy is the new improved way Watch out for Word “helping” May have capitalized some commands in the doc

Get Started