ISO-UD - 06-Exam - Act - Split2 Nieto - Daniel

ROCKY LINUX - SPLIT 2
───────────────────────────────────
Daniel Nieto Cerdán

ISO
Unit 06 - Act Exam
ED 01 - 11/05/2023
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
Index
Installing the epel-release package 3

Installing and working test of SSH and SFTP with public key 3
SCP working test with public key 15
Installation and operation of VNC 18
Installation and operation of the SAMBA service 24
2
In this lab we will install various services on the Rocky Linux virtual machine
and test that they work by using a cloned machine. These services are SSH, SFTP,
SCP with public key, VNC, and SAMBA. First of all, we will install the epel-release
package so that the services work correctly.
Installing the epel-release package

We update the package repositories:
We download and install the epel-release package:
We verify that the installation is correct:
Installing and working test of SSH and SFTP with public key
We install the SSH server:
We start the SSH service and configure it to start automatically at system boot:
3
We check the status of the SSH server:
We open the firewall rules to accept incoming traffic on SSH port 22:
Then, we install the SFTP server:
We start the SFTP server and configure it to start automatically at system boot:
We verify that the SFTP server is running:
Once the SSH and SFTP services are properly installed and configured, we will use
them by public key. For this we will download and install two programs in Windows; such as
PuTTY and Filezilla. We will open putty first, and we will see the following window. In the
Host-name part, we put the IP of the Rocky Linux server, the SSH port 22 and we save that
Session.
4
By clicking Open, we will see this menu and we must click OK.
5
Next we will be asked to log in with the username of our server and its password.
Once we have that done, we open FileZilla and see the following. We will put the
server IP above in this format: sftp://192.168.56.10, our username, password and port 22.
With this we will make an sftp connection, which will allow us to transfer files easily,
efficiently and safely, between our W10 client and Rocky Linux server. Once the fields are
filled in, we click on fast connection, save passwords and accept. now we are connected.
6
We are now connected to the server and can transfer files; let's do a test:
We create a folder called “carpetapruebadani” and transfer it to the server:
7
Now we will move on to configure our public key: first we generate 2 keys, public and
private with SSH. The public part stays on the ssh server, and we keep the private part on
the client. When we connect, as the server has our public key, it will send us information
encrypted with the public key, and we decrypt it with the private key. This helps us to
authenticate ourselves and establish a more secure connection. Thus, we will open the
PuTTYgen program in Windows and we will generate these keys by clicking on Generate,
and we will put a passphrase to make it more secure. In my case I will put "danipass".
We'll click Save private key, and I'll save it as dprikey.ppk
Now we copy the generated public key:
8
Let's go back to the putty we had connected and edit the “authorized_keys” file in the
.ssh folder
Here we paste the public key of the PuTTYgen. We save and exit the document.
We check that it has been saved correctly:
We left PuTTY:
9
And now we will go back to enter as before, but before clicking on Open we will do
the following; in the menu on the left we go to Connection, SSH, Auth, Credentials.
Here we will click on Browse to load the private key that we saved earlier:
10
And we will save it as before, with the new settings:
We open the new Server RL key session, and it asks us for the password that we put
for the private key, it was “danipass”. As we can see, we have already accessed the Server
using a public key with SSH.
11
Now let's try using SFTP in FileZilla with a public key, for this we will click on the icon
highlighted in yellow and then on New Site, we call it SFTP PUBLIC DANI:
Then on the right side, we make sure to put the SFTP Protocol, the server IP, the
Keyfile mode, the user and upload the keyfile.
12
By clicking on connect we will see this; we abort the previous connection and accept.
And finally, it asks us for the password with which we protected the key, “danipass”:
13
As we can see, we have already accessed SFTP PUBLIC DANI, an SFTP user
using a public key.
14
SCP working test with public key

The use of SCP, starts from the previous fact that we should already have an SSH
configuration on our server and be able to connect from other clients as occurs in the SSH
section of this manual, so we will skip that part. First, we will generate a public/private key in
the virtual machine, with the command that we will see in the image:
On my client machine, I run the “scp” command to see how I should use it.
Now we scp the public key file to the server:
15
Now we create on the client machine, a text file called “testfiledani”, which we
will later scp to our host:
We execute the following command that has this structure:

scp “path/sourcefilename” “destinationuser”@”destinationIP”:”destinationpath”
And we already have the file copied to our server machine:
16
Installation and operation of VNC

First of all we must have a user interface installed in our Rocky Linux, in our
case we already have it so we will skip this part. We have chosen TigerVNC since it
is free and perfectly functional.
I add the user vncdani and put as passwd: "vncnieto123"
I log in with the user vncdani with superuser permissions.
I edit the vncserver users file with vim, to give my user the number 1
17
Now I copy the vncserver@.service file to the etc folder, directory that
contains the configuration files. The 1 is for the user that we put, with this we indicate
that it is a service of the port that VNC uses.
We will reload the systemctl for the changes to take effect.
We will open the VNC service.
We make sure that VNC will start automatically.
We check the status of the VNC.
We will open the firewall port used by VNC, configure and reload.
Now we will install the VNC viewer on our client machine:
18
As we can see, here we have it installed:
We will enter this command on the client machine to start VNC viewer:
We see the following menu. First we will go to Options.
19
There, in the "misc" tab, we will verify that the "Shared" and "Ask to reconnect
on connection errors" options are selected.
We accept and in the initial menu, we put the ip of the server machine,
accompanied by 5901 (vncviewer port 5900 and user 1).
After that, it asks us for the password that we previously entered:
20
As we can see, we are already connected correctly with VNC to the server,
from the client. We can enter with the usual server password.
21
We enter the terminal and see that our user is the VNC user, but we are on
the server machine, so everything is going correctly.
22
Installation and operation of the SAMBA service

SAMBA is an open source service, with which we can share data between
Linux or Windows systems. This brings accessibility, since it is not easy to exchange
data between these two systems with a server. Now we will install SAMBA on our
Rocky Linux 8 Server machine:
Normally our first step should be to run “sudo yum update” to update the
package repositories, but in our case we already did that at the beginning of the lab.
Let's move on to installing SAMBA with the following command:
We press “s” and enter when it asks us to confirm, as in most Linux

installations, and we will have it installed.
Now we will make various settings to improve the use of the application. First
of all we will make a backup of the configuration file, in case we have to recover it if it
is corrupted or there is an error.
Then we will create a directory to share it and give it the necessary

permissions:
23
We will create a new configuration file:
And we will add the following lines:
When they are written, we will press “Esc” to go to the command mode, “:” to
open the writing of commands and “wq” to save and exit the document. If we want to
return to edit mode before exiting, press “A”.
Now we will verify the configuration:
24
Then we will allow the SAMBA service in the firewall and reload it:
Now we start and enable the “samba” and “nmb” services:
We verify the status of “samba”, as we usually do with other services:
25
We also check the status of “nmb”
26
Now, on my Windows 10 PC, I open Run and type the IP of my Server

machine:
27
We are now connected and can transfer files or folders to the repository:
Now we add a group called “private_group” to which we add a user called

“techview”.
Next, we create the “private” folder in /srv/samba/, and give it permissions

(770: all to owner, all to group, none to other users) and ownership.
I assign a password to the user, in this case I put "danisamba":
28
Now we edit the service configuration smb.conf file:
We add the following lines, and save and exit with “:wq” as before.
Then, we reset and reload the two services to apply the changes:
As we can see in my Windows 10, now when accessing the server as before,
we see the new "private" folder that we created on the server machine:
29
With the user techview and the password "danisamba" for some reason we
are denied access.
We tried to add this last line to the configuration file, after this and some other
tests, we cannot access the private one, although we can access the public one as
we saw.
30

ISO-UD - 06-Exam - Act - Split2 Nieto - Daniel

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISO-UD - 06-Exam - Act - Split2 Nieto - Daniel

Uploaded by

Copyright:

Available Formats

ROCKY LINUX - SPLIT 2

Daniel Nieto Cerdán

Installing the epel-release package 3

Installing the epel-release package

We download and install the epel-release package:

We verify that the installation is correct:

We check the status of the SSH server:

Then, we install the SFTP server:

We verify that the SFTP server is running:

We create a folder called “carpetapruebadani” and transfer it to the server:

We'll click Save private key, and I'll save it as dprikey.ppk

Now we copy the generated public key:

We check that it has been saved correctly:

And we will save it as before, with the new settings:

SCP working test with public key

Now we scp the public key file to the server:

We execute the following command that has this structure:

And we already have the file copied to our server machine:

Installation and operation of VNC

I add the user vncdani and put as passwd: "vncnieto123"

I log in with the user vncdani with superuser permissions.

We will reload the systemctl for the changes to take effect.

We will open the VNC service.

We make sure that VNC will start automatically.

We check the status of the VNC.

Now we will install the VNC viewer on our client machine:

As we can see, here we have it installed:

We see the following menu. First we will go to Options.

After that, it asks us for the password that we previously entered:

Installation and operation of the SAMBA service

We press “s” and enter when it asks us to confirm, as in most Linux

Then we will create a directory to share it and give it the necessary

We will create a new configuration file:

And we will add the following lines:

return to edit mode before exiting, press “A”.

Now we will verify the configuration:

Now we start and enable the “samba” and “nmb” services:

We verify the status of “samba”, as we usually do with other services:

We also check the status of “nmb”

Now, on my Windows 10 PC, I open Run and type the IP of my Server

Now we add a group called “private_group” to which we add a user called

Next, we create the “private” folder in /srv/samba/, and give it permissions

I assign a password to the user, in this case I put "danisamba":

Now we edit the service configuration smb.conf file:

You might also like