1. On your source server, generate the ssh-key.
[root@mohan ~]# useradd sita
[root@mohan ~]# passwd sita
[root@mohan OS]# su - sita
[sita@mohan ~]$ pwd
/home/sita
[sita@mohan ~]$ ssh-keygen -t dsa
[sita@mohan ~]$ cd .ssh
[sita@mohan .ssh]$ pwd
/home/sita/.ssh
2. Copy the public key to target server
[sita@mohan .ssh]$ scp id_dsa.pub sita@192.168.10.78:/var/tmp^C
[sita@mohan .ssh]$ scp id_dsa.pub 192.168.10.78:
id_dsa.pub 100% 614 0.6KB/s 00:00
3. Login to target server and copy key to .ssh direcotry on user's home directory
rename the file to authorized_keys.
sita@localhost ~]$ pwd
/home/sita
[sita@localhost ~]$ ls -la
-rw-r--r--. 1 sita sita 614 Dec 27 06:47 id_dsa.pub
[sita@localhost ~]$ mkdir .ssh
[sita@localhost ~]$ cp id_dsa.pub .ssh/authorized_keys
[sita@localhost ~]$ pwd
================================================================
ssh-keygen
================================================================
Host_Alias MYHOST = host1, host2
User_Alias MYUSERS = user1, user2, ....
Command_Alias MYCMDS = /usr/sbin/useradd, /usr/bin/passwd
MYUSERS MYHOST = MYCMDS
[khem@puppet Desktop]$ id khem
uid=500(khem) gid=500(khem) groups=500(khem),557(larry)
[khem@puppet Desktop]$ ping yahoo.com
PING yahoo.com (206.190.36.45) 56(84) bytes of data.
64 bytes from ir1.fp.vip.gq1.yahoo.com (206.190.36.45): icmp_seq=1 ttl=52 time=87.4 ms
64 bytes from ir1.fp.vip.gq1.yahoo.com (206.190.36.45): icmp_seq=2 ttl=52 time=92.2 ms
^C
--- yahoo.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1927ms
rtt min/avg/max/mdev = 87.482/89.864/92.247/2.401 ms
[khem@puppet Desktop]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/khem/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/khem/.ssh/id_rsa.
Your public key has been saved in /home/khem/.ssh/id_rsa.pub.
The key fingerprint is:
00:0e:f2:be:84:9f:15:48:54:29:eb:71:c2:57:87:7e khem@puppet.mydomain.local
The key's randomart image is:
+--[ RSA 2048]----+
|..+.o. . |
| +.+..o . |
| .oooo.. |
| o= o...E |
|..o=. .S |
| o.+ |
| + |
| |
| |
+-----------------+
[khem@puppet Desktop]$ pwd
/home/khem/Desktop
[khem@puppet Desktop]$ cd ../.ssh
[khem@puppet .ssh]$ ls
id_rsa id_rsa.pub known_host
[khem@puppet .ssh]$ ls -l
total 12
-rw-------. 1 khem khem 1675 Mar 28 06:36 id_rsa
-rw-r--r--. 1 khem khem 408 Mar 28 06:36 id_rsa.pub
-rw-r--r--. 1 khem khem 395 Mar 1 06:56 known_hosts
[khem@puppet .ssh]$ ssh-copy-id -i id_rsa.pub sham@192.168.0.149
The authenticity of host '192.168.0.149 (192.168.0.149)' can't be established.
RSA key fingerprint is a4:ea:95:ed:0c:53:49:35:f8:bf:89:fc:32:e7:bb:76.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.149' (RSA) to the list of known hosts.
sham@192.168.0.149's password:
Now try logging into the machine, with "ssh 'sham@192.168.0.149'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[khem@puppet .ssh]$ id
uid=500(khem) gid=500(khem) groups=500(khem),557(larry) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[khem@puppet .ssh]$ ssh sham@192.168.0.149
Last login: Thu Mar 26 20:44:28 2015 from mohan.home
[sham@ldap ~]$
===========================================================
Q. Please create a run control script of a file hello.sh which start at runlevel 3 up on reboot.
# cat hello.sh
#!/bin/sh
echo "Testing ....."
echo "Hello.World !!!"
# cd /etc/rc3.d; ls -l S51hello
# ln -s /etc/init.d/hello.sh ./S51hello
Q. Please update a link S51hello at rc3.d from a file located at /opt/apps/hello.sh
# cp hello.sh hello.sh.oldie
# cp /var/tmp/hello.sh /etc/init.d/hello.sh
planning..
ln -s /opt/apps/hello.sh /etc/rc3.d/S51hello
ln -s /opt/apps/hello.sh S51hello
# ls -l S51hello
lrwxrwxrwx. 1 root root 20 Mar 28 09:01 S51hello -> /etc/init.d/hello.sh
# rm S51hello
# ln -s /opt/apps/hello.sh S51hello
ln: creating symbolic link `S51hello': File exists
# ln -s /opt/apps/hello.sh /etc/rc3.d/S51hello
ln: creating symbolic link `/etc/rc3.d/S51hello': File exists
# ln -s /opt/apps/hello.sh /etc/rc3.d/S51hello
# ls -l S51hello
lrwxrwxrwx. 1 root root 18 Mar 28 09:28 S51hello -> /opt/apps/hello.sh
SUDO
----
syntax
user machine/host = command
Q. give user sham access to create account
# visudo
sham ALL = /usr/sbin/useradd, /usr/bin/passwd
Q. Give multiple user to create account.
# visudo
# User Alias
User_Alias MYADMIN = sham,juliet,ramsing
# Command Alias
Cmnd_Alias MYCMD = /usr/sbin/useradd, /usr/bin/passwd
# Host Alias, since we are working on local host, we don't have to create hostalias.
# Specify the user machine command.
# here MYADMIN is user alias, ALL is list of hosts, its local here in this example
# MYCMD is the list of commands that user has access to
MYADMIN ALL=MYCMD
# if you want user without prompting pw
MYADMIN ALL=NOPASSWD: MYCMD
# su - ramsing
$ sudo useradd hari
$ sudo passwd hari
Changing password for user hari.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
[ramsing@ldap ~]$ logout
# for i in sam hari geeta; do usermod -aG sysadmin $i; done
# cat /etc/group
sysadmin:x:505:sam,hari,geeta
# visudo
%sysadmin localhost=NOPASSWD: /usr/sbin/useradd, /usr/bin/passwd
# su - hari
$ sudo useradd devi
$ id devi
uid=506(devi) gid=507(devi) groups=507(devi)
[root@mohan ~]# useradd sita
[root@mohan ~]# passwd sita
[root@mohan OS]# su - sita
[sita@mohan ~]$ pwd
/home/sita
[sita@mohan ~]$ ssh-keygen -t dsa
[sita@mohan ~]$ cd .ssh
[sita@mohan .ssh]$ pwd
/home/sita/.ssh
2. Copy the public key to target server
[sita@mohan .ssh]$ scp id_dsa.pub sita@192.168.10.78:/var/tmp^C
[sita@mohan .ssh]$ scp id_dsa.pub 192.168.10.78:
id_dsa.pub 100% 614 0.6KB/s 00:00
3. Login to target server and copy key to .ssh direcotry on user's home directory
rename the file to authorized_keys.
sita@localhost ~]$ pwd
/home/sita
[sita@localhost ~]$ ls -la
-rw-r--r--. 1 sita sita 614 Dec 27 06:47 id_dsa.pub
[sita@localhost ~]$ mkdir .ssh
[sita@localhost ~]$ cp id_dsa.pub .ssh/authorized_keys
[sita@localhost ~]$ pwd
================================================================
ssh-keygen
================================================================
Host_Alias MYHOST = host1, host2
User_Alias MYUSERS = user1, user2, ....
Command_Alias MYCMDS = /usr/sbin/useradd, /usr/bin/passwd
MYUSERS MYHOST = MYCMDS
[khem@puppet Desktop]$ id khem
uid=500(khem) gid=500(khem) groups=500(khem),557(larry)
[khem@puppet Desktop]$ ping yahoo.com
PING yahoo.com (206.190.36.45) 56(84) bytes of data.
64 bytes from ir1.fp.vip.gq1.yahoo.com (206.190.36.45): icmp_seq=1 ttl=52 time=87.4 ms
64 bytes from ir1.fp.vip.gq1.yahoo.com (206.190.36.45): icmp_seq=2 ttl=52 time=92.2 ms
^C
--- yahoo.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1927ms
rtt min/avg/max/mdev = 87.482/89.864/92.247/2.401 ms
[khem@puppet Desktop]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/khem/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/khem/.ssh/id_rsa.
Your public key has been saved in /home/khem/.ssh/id_rsa.pub.
The key fingerprint is:
00:0e:f2:be:84:9f:15:48:54:29:eb:71:c2:57:87:7e khem@puppet.mydomain.local
The key's randomart image is:
+--[ RSA 2048]----+
|..+.o. . |
| +.+..o . |
| .oooo.. |
| o= o...E |
|..o=. .S |
| o.+ |
| + |
| |
| |
+-----------------+
[khem@puppet Desktop]$ pwd
/home/khem/Desktop
[khem@puppet Desktop]$ cd ../.ssh
[khem@puppet .ssh]$ ls
id_rsa id_rsa.pub known_host
[khem@puppet .ssh]$ ls -l
total 12
-rw-------. 1 khem khem 1675 Mar 28 06:36 id_rsa
-rw-r--r--. 1 khem khem 408 Mar 28 06:36 id_rsa.pub
-rw-r--r--. 1 khem khem 395 Mar 1 06:56 known_hosts
[khem@puppet .ssh]$ ssh-copy-id -i id_rsa.pub sham@192.168.0.149
The authenticity of host '192.168.0.149 (192.168.0.149)' can't be established.
RSA key fingerprint is a4:ea:95:ed:0c:53:49:35:f8:bf:89:fc:32:e7:bb:76.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.149' (RSA) to the list of known hosts.
sham@192.168.0.149's password:
Now try logging into the machine, with "ssh 'sham@192.168.0.149'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[khem@puppet .ssh]$ id
uid=500(khem) gid=500(khem) groups=500(khem),557(larry) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[khem@puppet .ssh]$ ssh sham@192.168.0.149
Last login: Thu Mar 26 20:44:28 2015 from mohan.home
[sham@ldap ~]$
===========================================================
Q. Please create a run control script of a file hello.sh which start at runlevel 3 up on reboot.
# cat hello.sh
#!/bin/sh
echo "Testing ....."
echo "Hello.World !!!"
# cd /etc/rc3.d; ls -l S51hello
# ln -s /etc/init.d/hello.sh ./S51hello
Q. Please update a link S51hello at rc3.d from a file located at /opt/apps/hello.sh
# cp hello.sh hello.sh.oldie
# cp /var/tmp/hello.sh /etc/init.d/hello.sh
planning..
ln -s /opt/apps/hello.sh /etc/rc3.d/S51hello
ln -s /opt/apps/hello.sh S51hello
# ls -l S51hello
lrwxrwxrwx. 1 root root 20 Mar 28 09:01 S51hello -> /etc/init.d/hello.sh
# rm S51hello
# ln -s /opt/apps/hello.sh S51hello
ln: creating symbolic link `S51hello': File exists
# ln -s /opt/apps/hello.sh /etc/rc3.d/S51hello
ln: creating symbolic link `/etc/rc3.d/S51hello': File exists
# ln -s /opt/apps/hello.sh /etc/rc3.d/S51hello
# ls -l S51hello
lrwxrwxrwx. 1 root root 18 Mar 28 09:28 S51hello -> /opt/apps/hello.sh
SUDO
----
syntax
user machine/host = command
Q. give user sham access to create account
# visudo
sham ALL = /usr/sbin/useradd, /usr/bin/passwd
Q. Give multiple user to create account.
# visudo
# User Alias
User_Alias MYADMIN = sham,juliet,ramsing
# Command Alias
Cmnd_Alias MYCMD = /usr/sbin/useradd, /usr/bin/passwd
# Host Alias, since we are working on local host, we don't have to create hostalias.
# Specify the user machine command.
# here MYADMIN is user alias, ALL is list of hosts, its local here in this example
# MYCMD is the list of commands that user has access to
MYADMIN ALL=MYCMD
# if you want user without prompting pw
MYADMIN ALL=NOPASSWD: MYCMD
# su - ramsing
$ sudo useradd hari
$ sudo passwd hari
Changing password for user hari.
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
[ramsing@ldap ~]$ logout
# for i in sam hari geeta; do usermod -aG sysadmin $i; done
# cat /etc/group
sysadmin:x:505:sam,hari,geeta
# visudo
%sysadmin localhost=NOPASSWD: /usr/sbin/useradd, /usr/bin/passwd
# su - hari
$ sudo useradd devi
$ id devi
uid=506(devi) gid=507(devi) groups=507(devi)
No comments:
Post a Comment