Goal: Practice using a variety of tools to transfer files between your system and a remote system.

System Setup: A working, installed Red Hat Enterprise Linux system with an unprivileged user account named student with a password of student.

Lab Setup : Instructor should set up one of the student machines as an ftp server and make sure there is a directory /home/student/data.

Do not forget to enable non-anonymous ftp in SELinux!

[root@stationY ~]# setsebool -P ftp_home_dir=1

Sequence 1: Transferring files with lftp

Scenario: One system will act as a repository for data from other computers. The remaining computers will store their data on the data repository and the synchronize their own data with that of the data repository.

Deliverable: A modified/renamed text file transferred to the ~student/data directory on the repository system.

Instructions:

  1. One student’s system will act as the data repository. The student whose system will perform this task should ensure that the student account on this system has a password of student and a directory called data. For the remainder of this lab, this system will be called stationY.
  2. The remaining students should verify network connectivity with stationY, using the ping command:

[student@stationX ~]$ ping -c 3 stationY

  1. Use lftp to connect anonymously to server1 and get a file:

[student@stationX ~]$ cd

[student@stationX ~]$ lftp server1

lftp server1:~> cd pub

lftp server1:/pub> ls

-rw-r–r– 1 0 0 26 Jun 13 23:57 getme

lftp server1:/pub> get getme

26 bytes transferred in 2 seconds (13b/s)

lftp server1:/pub> exit

  1. Examine, and then modify the text file that you have retrieved:

[student@stationX ~]$ cat getme

{Your name here} was here!

[student@stationX ~]$ vi getme

Insert your name where indicated, then save the file as getme.AB where AB are your initials.

[student@stationX ~]$ cat getme.bd

Bob Dobalina was here!

  1. Use lftp to connect to the repository system, stationY, as user student, with a password of student, and transfer your modified file into that user’s ~/data directory:

[student@stationX ~]$ lftp -u student stationY

Password: type_password_here

lftp student@stationY:~> cd data

lftp student@stationY:~/data> put getme.bd

21 bytes transferred.

lftp student@stationY:~/data> exit

Sequence 2: Encrypted communication — The ssh suite

Scenario: In this sequence, you will use the ssh suite of utilities to securely transfer a file between your machine and the data repository. You will then establish an encrypted login session with the remote host, and verify that your file was successfully transferred.

Instructions:

  1. Start by making a copy of your getme.AB file used in the last sequence (Be sure to replace the sample filename listed below with your initials):

[student@stationX ~]$ cd

[student@stationX ~]$ cp getme.bd getme.bd.secure

  1. Securely transfer your new file via an encrypted session back to the data directory of user student on the repository system:

[student@stationX ~]$ scp getme.bd.secure student@stationY:data

… output omitted …

  1. Establish an encrypted session to the repository system, and verify that your file has been successfully transferred:

[student@stationX ~]$ ssh student@stationY

student@stationY.example.com’s password: student

[student@stationY student]$ ls data/*bd*

getme.bd getme.bd.secure

[student@stationY student]$ exit

Sequence 3: Synchronizing your files with a remote system

Scenario: In this sequence, you will use the rsync command to perform a sync with several files on the repository system.

Deliverable: Synchronization between the student data directory on the repository system and your local home directory.

Instructions:

  1. Perform a sync operation against the home directory on the repository system, transferring new and changed files to your local system:

[student@stationX ~]$ cd

[student@stationX ~]$ rsync -e ssh student@stationY:data/get* .

student@stationY’s password: student

[student@stationX ~]$ ls getme*

getme.af getme.ai getme.bg

…output truncated…

Challenge Sequence 4: Authenticating with ssh keys

Scenario: During this lab, you shall setup a key pair and use them to authenticate to another station. You also will experience the authentication agent and related tools.

Instructions:

  1. Ask your neighbor, whose system we will refer to as stationY, to add a user named studentX, with the password “password”. This will require the following commands:

[root@stationY ~]# useradd studentX

[root@stationY ~]# passwd studentX

  1. Try connecting to your neighbor’s system.

[student@stationX ~]$ ssh studentX@stationY hostname

  1. Use ssh-keygen to create a dsa keypair. Use an empty passphrase and store your keys in the default location.

[student@stationX ~]$ ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key(/home/instructor/.ssh/id_dsa):

Enter

Enter passphrase (empty for no passphrase):

Enter

Enter same passphrase again:

Enter

Your identification has been saved in /home/instructor/.ssh/id_dsa.

Your public key has been saved in /home/instructor/.ssh/id_dsa.pub.

The key fingerprint is:

14:30:a7:52:c2:15:ad:a1:d8:b4:e6:03:8d:78:4b:bb

student@stationX.example.com

  1. Copy your public key to stationY.

[student@stationX ~]$ ssh-copy-id -i .ssh/id_dsa.pub

studentX@stationY

studentX@stationY’s password:

[studentX@stationY ~]$

  1. Try to connect using your key.

[student@stationX ~]$ ssh studentX@stationY

[studentX@stationY ~]$

  1. For simplicity’s sake, this lab has cut some corners. What might you have done differently to make your keypair more secure?

Secure your private key with a passphrase (you can add a passphrase afterwards with sshkeygen).

It is also recommended that you lock your screen ( System->Lock Screen) whenever leaving your system unattended.

  1.  Apply a passphrase to your private key.

[student@stationX ~]$ ssh-keygen -f .ssh/id_dsa -p

  1. Now try connecting again. You should be prompted for your key’s passphrase.

[student@stationX ~]$ ssh studentX@stationY

Enter passphrase for key `.ssh/id_dsa`:

[studentX@stationY ~]$

  1. Disconnect from your neighbor’s station.

[studentX@stationY ~]$ exit

[student@stationX ~]$

  1. Remember that you can use the ssh-add command to add your key to Gnome’s authentication agent. This will make it so that you only need to enter your passphrase once per Gnome session.

[student@stationX ~]$ ssh-add

Enter passphrase for key `.ssh/id_dsa`:

Note that you did not need to specify the name of your key. As long as you are using one of the default key names, ~/.ssh/id_dsa or ~/.ssh/id_rsa, ssh-add doesnot need an explicit key name.

  1. Try connecting to your neighbor’s system again. You should no longer be prompted for a passphrase.

[student@stationX ~]$ ssh studentX@stationY

[studentX@stationY ~]$

  1. Key-based, passwordless authentication is especially useful for remote execution of commands. Try the following to see who is logged in on your neighbor’s system.

[student@stationX ~]$ ssh studentX@stationY

… output omitted …

Challenge Sequence 5: Using ssh keys with Gnome

Scenario: Gnome can be configured to automatically prompt for your passphrase when you log in, making secure, key-based ssh authentication very easy.

Instructions:

  1. First, access the Startup Programs dialog by clicking System->Preferences->More Preferences->Sessions and selecting the Startup Programs tab.
  2. Click Add and enter ssh-add in the Startup Command field.
  3. Click OK and then Close.
  4. Log out of Gnome
  5. Log in again as the same user
  6. You should be prompted for your key’s passphrase. Enter it and click OK.
  7. Confirm that everything works by opening a terminal and connecting to stationY again. You should not be prompted for a passphrase.