Port forwarding via SSH (SSH tunneling) creates a secure connection between your server and a remote machine through which any number of services can be relayed. One reason this can be useful is that you can pass traffic that uses an unencrypted protocol (e.g., IMAP, VNC) over an encrypted network stream to increase security.
Our Security team is locking down our access, so let’s get things done right. Our security team has dictated that all traffic leaving Datacenter 2 (where the CentOS 7 CLIENT is installed) must be encrypted.
Since `yum` makes http calls that means that it can’t run updates or install new packages with the current setup.
Your SSH Tunnel SERVER is running a web server on port 80. Once the tunnel is set up another team will set the SERVER up as a yum repository.
You’ve been tasked with setting up an SSH tunnel so that traffic can be encrypted from the CLIENT to the SERVER which will allow the CLIENT to install new packages.
You should additionally create an SSH key so that a password isn’t required to connect from the CLIENT to the SERVER as the user `cloud_user`.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- SSH from the CLIENT to the SERVER without a Password
You need to generate an SSH key and copy it over to the SERVER from the CLIENT.
To generate the key simply run:
ssh-keygen
and accept all defaults.To copy the key over to the SERVER simply run:
ssh-copy-id [email protected]
and enter the password.- Verify SSH Tunnel Accessibility
For this task you need to have an SSH tunnel set up. To do so, simply enter the following command:
ssh -f [email protected] -L 2000:10.0.1.100:80 -N