- Lab
- A Cloud Guru
Design a Container to Run a Proxy
For this lab, the aim is to design a container to run a proxy. We need to connect to the server, create our configuration there, and test it out from a client. We recommended opening two terminals for this lab, one for connecting to the server and one to the client. The client is a playground instance of our choice. Once that is set, we need to create a container with a CentOS 7 image on the server. Within the container, we must install and configure the open ssh server so that it cannot allow `root` login and allows only key-based authentication. After that, we must change it to run on the nonstandard port 61613. After that, we need to copy the public key generated on the client over to the container on the server. Next, we have to create a proxy tunnel from the client and run tests to see if the tunnel works properly. For testing this, we need Proxychains 4.
Path Info
Table of Contents
-
Challenge
Create a Container from a CentOS 7 image and Access It
lxc launch images:centos/7/amd64 SOCKS5-Proxylxc exec SOCKS5-Proxy bash -
Challenge
Configure SSH to not Allow root Login and Only Allow Key-Based Authentication
adduser tunnel -m passwd tunnelyum install openssh-server vimvim /etc/ssh/sshd_configPermitRootLogin no PubkeyAuthentication yes ChallengeResponseAuthentication no PasswordAuthentication no UsePAM yesESC :wq ENTERsu tunnelmkdir /home/tunnel/.ssh touch /home/tunnel/.ssh/authorized_keyschmod 700 /home/tunnel/.ssh chmod 600 /home/tunnel/.ssh/authorized_keys -
Challenge
On the Client, Generate a Key Pair and Copy the Public Key to /home/tunnel/.ssh/authorized_keys
Set the path to
/home/cloud_user/.ssh/SOCKS5.ssh-keygencat /home/cloud_user/.ssh/SOCKS5.pubCopy the client public key to the server into
authorized_keys/home/tunnel/.ssh/authorized_keys -
Challenge
Configure SSH for Port 61613 and Expose the Container to the Outside World
If under a diffrent user in the container, just exit to
root.exitvim /etc/ssh/sshd_configPort 61613ESC :wq ENTERsystemctl restart sshdexitCreate a redirect on the host server.
lxc listlxc config device add SOCKS5-Proxy myport443 proxy listen=tcp:0.0.0.0:443 connect=tcp:Container_IP:61613 -
Challenge
Run Tests to Confirm the Proxy Works on the Client (Refer to Lab Instructions for proxychains)
ssh tunnel@SERVER_IP -i /home/cloud_user/.ssh/SOCKS5 -p 443exitssh -D 65535 -q -C -N -f tunnel@SERVER_IP -i /home/cloud_user/.ssh/SOCKS5 -p 443sudo apt install proxychains4vim /etc/proxychains.confChange the last line to:
socks5 127.0.0.1 65535curl 'https://api.ipify.org?format=json'proxychains4 curl 'https://api.ipify.org?format=json'
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
