linux800 | >> mrt 2018: -2- mijn user accounts

>> mrt 2018: -2- mijn user accounts

login + keygen + copy naar centOS7-server en ubuntu16-server voor student

Het is veel makkelijker als je met een langer project bezig bent, keyed-login te gebruiken. Alleen voor je sudo's moet je dan nog regelmatig je passwoord intikken.

identiteit en sleutels aanmaken op client
De client is in mijn geval een virtual linux-mint 18.2.
Ik maak er eerst een user-account student aan, dezelfde login als op de servers ...
Daarna neem ik de identiteit student aan ...

user@lap17 ~ $ su student
Password: 
student@lap17 /home/user $ cd
student@lap17 ~ $

Vervolgens log ik in op mijn centOS7 server om te zien of mijn paswoord werkt (zonder paswoord kun je ook geen keys op hun plaats zetten) ...

student@lap17 ~ $ ssh 10.104.198.106
The authenticity of host '10.104.198.106 (10.104.198.106)' can't be established.
ECDSA key fingerprint is SHA256:OFUuD0gVNHojUseVGgrDfq6F4nzPNokpZ2p98aUbzBg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.104.198.106' (ECDSA) to the list of known hosts.
student@10.104.198.106's password: 
Last login: Fri Mar  9 09:06:54 2018 from 10.104.255.113

En daarna log ik onmiddellijk weer uit ...

[student@cOS74-T06-2 ~]$ exit
logout
Connection to 10.104.198.106 closed.

Ik ga nu over tot het genereren van de sleutels (op de client).
PRIVATE KEY HOORT THUIS OP DE CLIENT
PUBLIC KEY OP DE PUBLIEKE SERVER(S)

student@lap17 ~ $ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/student/.ssh/id_rsa.
Your public key has been saved in /home/student/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:XEs8p2meB0h4mdSWHEe7LuE7yIqQSJjFVbkYPWoBxnE student@lap17
The key's randomart image is:
+---[RSA 2048]----+
| .+oEo...o.+o    |
| o.oo +o +=. .   |
|  o  =.o=.= o    |
|.o  + .+ + * .   |
|o. .    S B .    |
|.. .     + =     |
|. o    . .= o    |
|   . .  o .+     |
|    . ..  ..     |
+----[SHA256]-----+

sleutels plaatsen op server
Ik kopieer vervolgens de public key naar de centOS7-server van daarnet ...

student@lap17 ~ $ ssh-copy-id 10.104.198.106
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
student@10.104.198.106's password: 
 
Number of key(s) added: 1
 
Now try logging into the machine, with:   "ssh '10.104.198.106'"
and check to make sure that only the key(s) you wanted were added.

... en probeer in te loggen ... om te zien of mijn paswoord nog gevraagd wordt ...

student@lap17 ~ $ ssh 10.104.198.106
Last login: Fri Mar 16 08:43:54 2018 from 10.104.255.201
[student@cOS74-T06-2 ~]$ exit
logout
Connection to 10.104.198.106 closed.

Als gaat volgens plan.

sleutels plaatsen op ubuntu-server
ik log eerst in om te kijken of ik toegang heb tot de server ...

student@lap17 ~ $ ssh 10.104.199.106
The authenticity of host '10.104.199.106 (10.104.199.106)' can't be established.
ECDSA key fingerprint is SHA256:yfZFoGYdW5EAFGw9xCRnkUUhm3OnhgWuLgKNi96xpTQ.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.104.199.106' (ECDSA) to the list of known hosts.
student@10.104.199.106's password: 
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-87-generic x86_64)
 
* Documentation:  https://help.ubuntu.com
* Management:     https://landscape.canonical.com
* Support:        https://ubuntu.com/advantage
 
141 packages can be updated.
67 updates are security updates.
 
Last login: Fri Mar  9 11:10:35 2018 from 10.104.255.113

en log onmiddellijk weer uit ...

$ exit
Connection to 10.104.199.106 closed.

plaats de public key ...

student@lap17 ~ $ ssh-copy-id 10.104.199.106
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/student/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
student@10.104.199.106's password: 
 
Number of key(s) added: 1
 
Now try logging into the machine, with:   "ssh '10.104.199.106'"
and check to make sure that only the key(s) you wanted were added.

probeer in te loggen zonder paswoord ...

student@lap17 ~ $ ssh 10.104.199.106
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-87-generic x86_64)
student@lap17 ~ $
 
141 packages can be updated.
67 updates are security updates.
 
Last login: Fri Mar 16 08:46:10 2018 from 10.104.255.201
$

... en dat werkt

ubuntu-server bash-shell aanpassen
Ik heb nu geen bash prompt, en moet dus telkens bash intikken als ik ingelogd ben, of verder gaan zonder HISTORY, eigen PATH, aliassen en dergelijke ...
$ sudo vim /etc/passwd
ik voeg toe: /bin/bash op mijn account regel:
student:x:1001:1001::/home/student:/bin/bash

ik log uit en weer in om te zien of ik nu een bash prompt krijg met history ...
```
student@lap17 ~ $ ssh 10.104.199.106student@lap17 ~ $
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-87-generic x86_64)
141 packages can be updated.
67 updates are security updates.
Last login: Fri Mar 16 08:46:27 2018 from 10.104.255.201
student@ubu164-S06-1:~$
```
ik zie inderdaad een bash-prompt

paswoord aanpassen
zodat andere studenten niet meer kunnen inloggen op mijn machines:

student@ubu164-S06-1:~$ 
student@ubu164-S06-1:~$ passwd
Changing password for student.
(current) UNIX password: 
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
student@ubu164-S06-1:~$ exit
logout

[student@cOS74-T06-2 ~]$ passwd
Changing password for user student.
Changing password for student.
(current) UNIX password: 
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[student@cOS74-T06-2 ~]$

... nu kan het echte werk beginnen