>> mrt 2018: -5- keys en filezilla
keyd logon by filezilla
- create a virtual linux mint 18 clone
- create my two users (example: bob and dylan) in mint18-clone
bert@mint18-M02 ~ $ sudo useradd -m bob [sudo] password for bert: bert@mint18-M02 ~ $ sudo useradd -m dylan
check the work
bert@mint18-M02 ~ $ tail -n 2 /etc/passwd bob:x:1001:1001::/home/bob: dylan:x:1003:1003::/home/dylan:
bert@mint18-M02 ~ $ sudo passwd bob Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully bert@mint18-M02 ~ $ sudo passwd dylan Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
- give access to centOS by password
[bert@cOS74-T06-2 ~]$ sudo passwd bob [sudo] password for bert: Changing password for user bob. New password: Retype new password: passwd: all authentication tokens updated successfully. [bert@cOS74-T06-2 ~]$ sudo passwd dylan Changing password for user dylan. New password: Retype new password: passwd: all authentication tokens updated successfully.
- bob & dylan generate keys and put them on centos
bert@mint18-M02 ~ $ sudo su bob bob@mint18-M02 /home/bert $ cd bob@mint18-M02 ~ $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/bob/.ssh/id_rsa): Created directory '/home/bob/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/bob/.ssh/id_rsa. Your public key has been saved in /home/bob/.ssh/id_rsa.pub. The key fingerprint is: SHA256:M2dDQcKXrIVWuD7Oc0AoqWgM1RjhTRImNolqx1H0mmc bob@mint18-M02 The key's randomart image is: +---[RSA 2048]----+ |ooB*+o ..*+. | |o=+=. . =.=. | |..o o. + =. | |o. oo + +. | |+... + ES + | |.o. o += . | |. o o | | + . | | o | +----[SHA256]-----+
- put the key on centOS
bob@mint18-M02 ~ $ ssh-copy-id 10.104.198.106 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/bob/.ssh/id_rsa.pub" The authenticity of host '10.104.198.106 (10.104.198.106)' can't be established. ECDSA key fingerprint is SHA256:OFUuD0gVNHojUseVGgrDfq6F4nzPNokpZ2p98aUbzBg. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys firstname.lastname@example.org's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '10.104.198.106'" and check to make sure that only the key(s) you wanted were added.
- check whether keys are needed to logon
bob@mint18-M02 ~ $ ssh 10.104.198.106 email@example.com's password: Last login: Fri Mar 16 11:42:31 2018 [bob@cOS74-T06-2 ~]$ exit logout
the machine is playing with our brain ...
since this worked for the sysadmin user, there is a problem with the position of the home directory ... and then we think about SElinux ...
To cut a long story short we have to give
sshon centOS access to
this worked ....
[student@cOS74-T06-2 ~]$ sudo semanage fcontext --add --type ssh_home_t "/www-homes/.*/\.ssh(/.*)?" [student@cOS74-T06-2 ~]$ sudo restorecon -Rv /www-homes
- convert private key to filezilla ppk format
- install filezilla and putty-tools on bob's linux mint machine (bob and dylan share one machine for testing)
- convert bob's private key into a ppk key for filezilla:
cd $HOME/.ssh puttygen .ssh/id_rsa -o bobs-privates.ppk
- configure filezilla
- disable password for bob and dylan
[student@cOS74-T06-2 ~]$ sudo passwd -l bob
- problem: user bob sees the entire filesystem
this was not asked in the assignment, so this is not obligatory ...
we have to chroot the sftp users as explained in