Professional Documents
Culture Documents
ISO-UD - 06-Exam - Act - Split2 Nieto - Daniel
ISO-UD - 06-Exam - Act - Split2 Nieto - Daniel
───────────────────────────────────
Index
2
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
In this lab we will install various services on the Rocky Linux virtual machine
and test that they work by using a cloned machine. These services are SSH, SFTP,
SCP with public key, VNC, and SAMBA. First of all, we will install the epel-release
package so that the services work correctly.
Installing and working test of SSH and SFTP with public key
We install the SSH server:
We start the SSH service and configure it to start automatically at system boot:
3
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
We open the firewall rules to accept incoming traffic on SSH port 22:
We start the SFTP server and configure it to start automatically at system boot:
Once the SSH and SFTP services are properly installed and configured, we will use
them by public key. For this we will download and install two programs in Windows; such as
PuTTY and Filezilla. We will open putty first, and we will see the following window. In the
Host-name part, we put the IP of the Rocky Linux server, the SSH port 22 and we save that
Session.
4
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
By clicking Open, we will see this menu and we must click OK.
5
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
Next we will be asked to log in with the username of our server and its password.
Once we have that done, we open FileZilla and see the following. We will put the
server IP above in this format: sftp://192.168.56.10, our username, password and port 22.
With this we will make an sftp connection, which will allow us to transfer files easily,
efficiently and safely, between our W10 client and Rocky Linux server. Once the fields are
filled in, we click on fast connection, save passwords and accept. now we are connected.
6
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
We are now connected to the server and can transfer files; let's do a test:
7
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
Now we will move on to configure our public key: first we generate 2 keys, public and
private with SSH. The public part stays on the ssh server, and we keep the private part on
the client. When we connect, as the server has our public key, it will send us information
encrypted with the public key, and we decrypt it with the private key. This helps us to
authenticate ourselves and establish a more secure connection. Thus, we will open the
PuTTYgen program in Windows and we will generate these keys by clicking on Generate,
and we will put a passphrase to make it more secure. In my case I will put "danipass".
8
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
Let's go back to the putty we had connected and edit the “authorized_keys” file in the
.ssh folder
Here we paste the public key of the PuTTYgen. We save and exit the document.
We left PuTTY:
9
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
And now we will go back to enter as before, but before clicking on Open we will do
the following; in the menu on the left we go to Connection, SSH, Auth, Credentials.
Here we will click on Browse to load the private key that we saved earlier:
10
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
We open the new Server RL key session, and it asks us for the password that we put
for the private key, it was “danipass”. As we can see, we have already accessed the Server
using a public key with SSH.
11
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
Now let's try using SFTP in FileZilla with a public key, for this we will click on the icon
highlighted in yellow and then on New Site, we call it SFTP PUBLIC DANI:
Then on the right side, we make sure to put the SFTP Protocol, the server IP, the
Keyfile mode, the user and upload the keyfile.
12
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
By clicking on connect we will see this; we abort the previous connection and accept.
And finally, it asks us for the password with which we protected the key, “danipass”:
13
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
As we can see, we have already accessed SFTP PUBLIC DANI, an SFTP user
using a public key.
14
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
On my client machine, I run the “scp” command to see how I should use it.
15
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
Now we create on the client machine, a text file called “testfiledani”, which we
will later scp to our host:
16
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
I edit the vncserver users file with vim, to give my user the number 1
17
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
Now I copy the vncserver@.service file to the etc folder, directory that
contains the configuration files. The 1 is for the user that we put, with this we indicate
that it is a service of the port that VNC uses.
We will open the firewall port used by VNC, configure and reload.
18
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
We will enter this command on the client machine to start VNC viewer:
19
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
There, in the "misc" tab, we will verify that the "Shared" and "Ask to reconnect
on connection errors" options are selected.
We accept and in the initial menu, we put the ip of the server machine,
accompanied by 5901 (vncviewer port 5900 and user 1).
20
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
As we can see, we are already connected correctly with VNC to the server,
from the client. We can enter with the usual server password.
21
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
We enter the terminal and see that our user is the VNC user, but we are on
the server machine, so everything is going correctly.
22
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
Normally our first step should be to run “sudo yum update” to update the
package repositories, but in our case we already did that at the beginning of the lab.
Let's move on to installing SAMBA with the following command:
Now we will make various settings to improve the use of the application. First
of all we will make a backup of the configuration file, in case we have to recover it if it
is corrupted or there is an error.
23
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
When they are written, we will press “Esc” to go to the command mode, “:” to
open the writing of commands and “wq” to save and exit the document. If we want to
24
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
Then we will allow the SAMBA service in the firewall and reload it:
25
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
26
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
27
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
We are now connected and can transfer files or folders to the repository:
28
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
We add the following lines, and save and exit with “:wq” as before.
Then, we reset and reload the two services to apply the changes:
As we can see in my Windows 10, now when accessing the server as before,
we see the new "private" folder that we created on the server machine:
29
Daniel Nieto Cerdán ISO UD06 EXM ED01 - 11/05/2023
With the user techview and the password "danisamba" for some reason we
are denied access.
We tried to add this last line to the configuration file, after this and some other
tests, we cannot access the private one, although we can access the public one as
we saw.
30