home       inleiding       sysadmin       services       links       bash       werk       nothing      

>> mrt 2018: -2- mijn user accounts

login + keygen + copy naar centOS7-server en ubuntu16-server voor student

Het is veel makkelijker als je met een langer project bezig bent, keyed-login te gebruiken. Alleen voor je sudo's moet je dan nog regelmatig je passwoord intikken.

  1. identiteit en sleutels aanmaken op client
    De client is in mijn geval een virtual linux-mint 18.2.
    Ik maak er eerst een user-account student aan, dezelfde login als op de servers ...
    Daarna neem ik de identiteit student aan ...
    user@lap17 ~ $ su student
    Password: 
    student@lap17 /home/user $ cd
    student@lap17 ~ $

    Vervolgens log ik in op mijn centOS7 server om te zien of mijn paswoord werkt (zonder paswoord kun je ook geen keys op hun plaats zetten) ...

    student@lap17 ~ $ ssh 10.104.198.106
    The authenticity of host '10.104.198.106 (10.104.198.106)' can't be established.
    ECDSA key fingerprint is SHA256:OFUuD0gVNHojUseVGgrDfq6F4nzPNokpZ2p98aUbzBg.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '10.104.198.106' (ECDSA) to the list of known hosts.
    student@10.104.198.106's password: 
    Last login: Fri Mar  9 09:06:54 2018 from 10.104.255.113

    En daarna log ik onmiddellijk weer uit ...

    [student@cOS74-T06-2 ~]$ exit
    logout
    Connection to 10.104.198.106 closed.

    Ik ga nu over tot het genereren van de sleutels (op de client).
    PRIVATE KEY HOORT THUIS OP DE CLIENT
    PUBLIC KEY OP DE PUBLIEKE SERVER(S)

    student@lap17 ~ $ ssh-keygen 
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/student/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/student/.ssh/id_rsa.
    Your public key has been saved in /home/student/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:XEs8p2meB0h4mdSWHEe7LuE7yIqQSJjFVbkYPWoBxnE student@lap17
    The key's randomart image is:
    +---[RSA 2048]----+
    | .+oEo...o.+o    |
    | o.oo +o +=. .   |
    |  o  =.o=.= o    |
    |.o  + .+ + * .   |
    |o. .    S B .    |
    |.. .     + =     |
    |. o    . .= o    |
    |   . .  o .+     |
    |    . ..  ..     |
    +----[SHA256]-----+
  2. sleutels plaatsen op server
    Ik kopieer vervolgens de public key naar de centOS7-server van daarnet ...
    student@lap17 ~ $ ssh-copy-id 10.104.198.106
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    student@10.104.198.106's password: 
     
    Number of key(s) added: 1
     
    Now try logging into the machine, with:   "ssh '10.104.198.106'"
    and check to make sure that only the key(s) you wanted were added.

    ... en probeer in te loggen ... om te zien of mijn paswoord nog gevraagd wordt ...

    student@lap17 ~ $ ssh 10.104.198.106
    Last login: Fri Mar 16 08:43:54 2018 from 10.104.255.201
    [student@cOS74-T06-2 ~]$ exit
    logout
    Connection to 10.104.198.106 closed.

    Als gaat volgens plan.

  3. sleutels plaatsen op ubuntu-server
    ik log eerst in om te kijken of ik toegang heb tot de server ...
    student@lap17 ~ $ ssh 10.104.199.106
    The authenticity of host '10.104.199.106 (10.104.199.106)' can't be established.
    ECDSA key fingerprint is SHA256:yfZFoGYdW5EAFGw9xCRnkUUhm3OnhgWuLgKNi96xpTQ.
    Are you sure you want to continue connecting (yes/no)? yes
    Warning: Permanently added '10.104.199.106' (ECDSA) to the list of known hosts.
    student@10.104.199.106's password: 
    Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-87-generic x86_64)
     
    * Documentation:  https://help.ubuntu.com
    * Management:     https://landscape.canonical.com
    * Support:        https://ubuntu.com/advantage
     
    141 packages can be updated.
    67 updates are security updates.
     
    Last login: Fri Mar  9 11:10:35 2018 from 10.104.255.113

    en log onmiddellijk weer uit ...

    $ exit
    Connection to 10.104.199.106 closed.

    plaats de public key ...

    student@lap17 ~ $ ssh-copy-id 10.104.199.106
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
    student@10.104.199.106's password: 
     
    Number of key(s) added: 1
     
    Now try logging into the machine, with:   "ssh '10.104.199.106'"
    and check to make sure that only the key(s) you wanted were added.

    probeer in te loggen zonder paswoord ...

    student@lap17 ~ $ ssh 10.104.199.106
    Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-87-generic x86_64)
    student@lap17 ~ $
     
    141 packages can be updated.
    67 updates are security updates.
     
    Last login: Fri Mar 16 08:46:10 2018 from 10.104.255.201
    $ 

    ... en dat werkt
     

  4. ubuntu-server bash-shell aanpassen
    Ik heb nu geen bash prompt, en moet dus telkens bash intikken als ik ingelogd ben, of verder gaan zonder HISTORY, eigen PATH, aliassen en dergelijke ...
    $ sudo vim /etc/passwd
    ik voeg toe: /bin/bash op mijn account regel:
    student:x:1001:1001::/home/student:/bin/bash
     
    ik log uit en weer in om te zien of ik nu een bash prompt krijg met history ...
    student@lap17 ~ $ ssh 10.104.199.106student@lap17 ~ $
    Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-87-generic x86_64)
    141 packages can be updated.
    67 updates are security updates.
    Last login: Fri Mar 16 08:46:27 2018 from 10.104.255.201
    student@ubu164-S06-1:~$

    ik zie inderdaad een bash-prompt
     

  5. paswoord aanpassen
    zodat andere studenten niet meer kunnen inloggen op mijn machines:
    student@ubu164-S06-1:~$ 
    student@ubu164-S06-1:~$ passwd
    Changing password for student.
    (current) UNIX password: 
    Enter new UNIX password: 
    Retype new UNIX password: 
    passwd: password updated successfully
    student@ubu164-S06-1:~$ exit
    logout
    [student@cOS74-T06-2 ~]$ passwd
    Changing password for user student.
    Changing password for student.
    (current) UNIX password: 
    New password: 
    Retype new password: 
    passwd: all authentication tokens updated successfully.
    [student@cOS74-T06-2 ~]$ 

     
    ... nu kan het echte werk beginnen