Working with Essential Red Hat Linux System Administration Tools

15 minutes
  • 4 Learning Objectives

About this Hands-on Lab

In this lab we are going to make sure we have the minimum knowledge required to successfully pass the RHCE on RHEL8. We’re going to present a scenario that will test an exam candidate’s knowledge of how to use `grep` and configure `ssh` to help students succeed at this exam.

*This course is not approved or sponsored by Red Hat.*

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Find the Username That the Other Admin Created

There are over 25,000 lines in /tmp/logfile so we don’t want to do it by hand. While we don’t know the exact format we’re searching for, we’re fairly confident that it’s some form of the word "username".

grep -e 'user.*name' -i /tmp/logfile

That will match any iteration of ‘user’, followed by any character (or no character), followed by ‘name’.

Create an SSH Key

Use the command ssh-keygen to generate a key that we can use to copy to the
other server to allow passwordless connections.

Copy the SSH Key to Both cloud_user and the User Whose Name You Discovered in the First Task

Use the ssh-copy-id command to copy the SSH key to both the cloud_user and
the new user name:

[cloud_user@Server1 ]# ssh-copy-id cloud_user@&ltServer2_INTERNAL_IP_ADDRESS>
[cloud_user@Server1 ]# ssh-copy-id &ltUSERNAME>@&ltServer2_INTERNAL_IP_ADDRESS>

Now we can test with two ssh commands:

ssh cloud_user@&ltServer2_INTERNAL_IP_ADDRESS&gt

Back out of that login, and try it for the other user:

ssh &ltUSERNAME&gt@&ltServer2_INTERNAL_IP_ADDRESS&gt

Just be sure you’ve substituted the correct Server2_INTERNAL_IP_ADDRESS and USERNAME in the commands. We should now be able to perform passwordless ssh logins.

Ensure That No One Can Use a Password to Log into Server2

Now get out of that shell and come back in as cloud_user. Once we’ve logged in, we need to edit /etc/ssh/sshd_config and, with whichever text editor we like best, change the PasswordAuthentication variable to no. We’re using vi as an example here:

[cloud_user@Server2 ]# sudo vi /etc/ssh/sshd_config

Once we’ve done that, restart the SSH daemon using sudo systemctl restart sshd.

To test, try to log in with a password:

[cloud_user@Server2 ]# ssh -o PreferredAuthentications=password cloud_user@localhost

Additional Resources

One of the junior admins has left the company and we've been tasked with cleaning up some of his mess. He was setting up a server (Server2) for the developers to use. The developers should only ever connect to it from Server1, using an SSH key (no passwords).

There is a user already created on that server, but no one is sure what the username is. The log file, /tmp/logfile, on Server1 contains the username, but we'll have to search for it. It should be labeled "username" or "user-name" or something like that. We can do this with grep.

Once we've found the username and created SSH keys to access the server (using ssh-keygen), we need to copy them across and set the server up so that it doesn't allow password connections at all. The ssh-copy-id command will do this for us.

Then, we'll need to edit /etc/ssh/sshd_config on Server2, to disable password authentication.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?