linux slides continue part 2
TRANSCRIPT
-
8/14/2019 Linux Slides Continue Part 2
1/153
M4 is a macro languagethat can help to configure
the sendmail.cf file, using
sendmail.mc
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
2/153
Open theVirtusertable file, for
mapping user virtual
domain addresses.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
3/153
The virutusertableconfiguration helps to
define the domain name
along with fully
qualified domain name.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
4/153
Open a local-host-file.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
5/153
The local-host-file is formultiple hosts using thesame mail server. Enter
the domain name as
given above.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
6/153
Service for
the sendmail
is restarted
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
7/153
Inorder to
determine if sendmail is identifying
your station
hostname correctly,
use sendmail -d0.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
8/153
The ipop3 protocol
enables to receive
the messages from
mail server. Openthe pop3 file .
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
9/153
Disable = yes, the
pop3 service is
disabled then the
mails cannot be
received.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
10/153
To Enable the ipop3
Disable is changed to
no.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
11/153
The xinetd
service is
restarted.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
12/153
The root user send a
mail to the user joe
using mail command.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
13/153
The mail sent by
the root is received
by the user joe as
shown above.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
14/153
Evolution:
Evolution is the primary mail client for redhat.
It is the powerful tool with supports numerous
protocol (smtp, pop and imap)
It includes calendar, address book , multiple
mail accounts and encryption.
It is supported by both gnome and kde
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
15/153
Runningevolution in the
background.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
16/153
The evolution
welcome wizard
get opened and
click forward to
continue.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
17/153
Enter the user name and
email address and click
forward to continue .
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
18/153
The pop option is
chosen to receive mailsfrom the mail server
and click forward.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
19/153
Specify the
server hostname
and the username
.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
20/153
The time given as 10
will update the mail inevery 10 seconds .
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
21/153
Select the SMTP protocol
to transfer the mail to the
mail server and specify a
server address.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
22/153
A name is given to
represent the mail
account.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
23/153
Location is specified in
the timezone setting forthe sendmail
configuration .
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
24/153
Evolution process is
done by entering theinformation needed.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
25/153
Tom the user
sends a mail by
selecting Newbutton .
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
26/153
The user tom sends
the mail to the user
root as shown above.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
27/153
The root user
view the mail
received from theuser tom using the
command mail.
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
28/153
Sendmail Configuration
The user root sends
the mail to the user
tom as shown above.
.
-
8/14/2019 Linux Slides Continue Part 2
29/153
The tom views the mailreceived from the use
root as shown above .
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
30/153
dig command shows ip
address of the specifiedfully-qualified domain
name .
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
31/153
Sendmail Configuration
The access file is
opened to set therestriction for accessing
the sendmail server .
-
8/14/2019 Linux Slides Continue Part 2
32/153
Except the
example.com all others
are restricted to access .
Sendmail Configuration
-
8/14/2019 Linux Slides Continue Part 2
33/153
Internet mail Access Protocol
It allows a remote server to hold mail for user whocan then login into access their mail.
Unlike the POP servers, IMAP servers retain usermail messages.
User can even save their mails on the IMAP mailserver.
IMAP also supports the use of shared folder towhich several user can access mail on given topic.
Certificates for IMAP
-
8/14/2019 Linux Slides Continue Part 2
34/153
Certificates for imap
To create the imap
certificate first remove
the file imapd.pem.
-
8/14/2019 Linux Slides Continue Part 2
35/153
The imap certificate
can created using thecommand make
imapd.pem.
Certificates for imap
-
8/14/2019 Linux Slides Continue Part 2
36/153
While creating imap
certificate it will prompts
for following, just enter
the corresponding details.
Certificates for imap
-
8/14/2019 Linux Slides Continue Part 2
37/153
The imaps protocol
enables to receive and
save the mails from
mail server. Open the
imaps3 file.
Certificates for imap
-
8/14/2019 Linux Slides Continue Part 2
38/153
Setting disable=no
will enables imapsservices.
Certificates for imap
-
8/14/2019 Linux Slides Continue Part 2
39/153
The xinetdservice is
restarted.
Certificates for imap
-
8/14/2019 Linux Slides Continue Part 2
40/153
The issued certificate
information cab be
viewed using thecommand mutt.
Certificates for imap
C f f
-
8/14/2019 Linux Slides Continue Part 2
41/153
Here you can see
the certificateinformation's.
Certificates for imap
Fil T f P l (FTP)
-
8/14/2019 Linux Slides Continue Part 2
42/153
File Transfer Protocol (FTP)
FTP is designed to transfer large file across a network
from one system to another.
Like most internet operation, FTP works on a
client/server model.
FTP client program can enable users to transfer files to
and from a remote system running an FTP server
program.
FTP S i fil
-
8/14/2019 Linux Slides Continue Part 2
43/153
FTP: Service profile
Packages : vsftpd
Daemons : vsftpd
Ports : 21(FTP), 20(ftp-data)
Config. : /etc/vsftpd/vsftpd.conf
/etc/vsftpd.ftpuser
/etc/pam.d/vsftpd
FTP fi ti
-
8/14/2019 Linux Slides Continue Part 2
44/153
FTP configurations
check vsftpd
package is installed.
FTP fi ti
-
8/14/2019 Linux Slides Continue Part 2
45/153
Install the vsftpd
package using rpm
command.
FTP configurations
FTP fi ti
-
8/14/2019 Linux Slides Continue Part 2
46/153
Open the
configuration
file vsftpd.conf
FTP configurations
FTP fi ti
-
8/14/2019 Linux Slides Continue Part 2
47/153
Setting the option yes will
allow anonymous users to
use the FTP server.
Setting the option yes
will allow all local
users in your system to
use the FTP server.
FTP configurations
FTP fi ti
-
8/14/2019 Linux Slides Continue Part 2
48/153
Set this option to
upload files by
anonymous users.
FTP configurations
Set this option to
create files by
anonymous users.
Set this option tochange the
owner of upload
files.
To replace
uploads file
username.
FTP fi ti
-
8/14/2019 Linux Slides Continue Part 2
49/153
Here set thepermission to
upload files.
FTP configurations
FTP fi ti
-
8/14/2019 Linux Slides Continue Part 2
50/153
Creating directory name as
incoming inside /var/ftp
directory and change user
is root and group is ftp for
that directory.
FTP configurations
Set thepermission 730
for incoming
directory.
Restart the vsftpd
service.
FTP fi ti
-
8/14/2019 Linux Slides Continue Part 2
51/153
The screen showcontents of pub
directory.
FTP configurations
FTP fi ti
-
8/14/2019 Linux Slides Continue Part 2
52/153
In client side login on
ftp server, the user
name is anonymous and
password is just enter.
FTP configurations
FTP configurations
-
8/14/2019 Linux Slides Continue Part 2
53/153
After login successfully,we change directory to pub
to download the file, test
using mget command.
FTP configurations
bye command used
to come out from
ftp server.
FTP configurations
-
8/14/2019 Linux Slides Continue Part 2
54/153
Above screen
show download
file test is present.
FTP configurations
FTP configurations
-
8/14/2019 Linux Slides Continue Part 2
55/153
Anonymous user again
login ftp server to
upload pop.pl file.
FTP configurations
Anonymous user to
change incoming
directory.
Anonymous user
upload file pop.pl to ftp
server using mputcommand.
FTP configurations
-
8/14/2019 Linux Slides Continue Part 2
56/153
The file pop.pl is
uploaded to the
ftp server.
FTP configurations
FTP configurations
-
8/14/2019 Linux Slides Continue Part 2
57/153
Now we get into
hosts.allow file.
FTP configurations
FTP configurations
-
8/14/2019 Linux Slides Continue Part 2
58/153
Here we mention the
network address or
domain having privilege
to access this ftp server.
FTP configurations
FTP configurations
-
8/14/2019 Linux Slides Continue Part 2
59/153
FTP configurations
Now we get intohosts.deny file.
FTP configurations
-
8/14/2019 Linux Slides Continue Part 2
60/153
Except the network specified
in the /etc/hosts.allow other
cannot access the ftp server.
FTP configurations
NFS
-
8/14/2019 Linux Slides Continue Part 2
61/153
Network file system
It enables you to mount a file system on a remotecomputer as if it were local to your own system.
You can directly access any of the file on the remote filesystem.
NFS operate over a TCP/IP network.
The remote computer that holds the file system makes itavailable to other computers on the network.
NFS
NFS Service Profile
-
8/14/2019 Linux Slides Continue Part 2
62/153
Packages : Portmap, nfs-utils
Daemons : nfs
Ports : 111
Config. : /etc/exports
NFS Service Profile
NFS configuration
-
8/14/2019 Linux Slides Continue Part 2
63/153
NFS configuration
Check portmap
and nfs-utils
pakages installed.
NFS configuration
-
8/14/2019 Linux Slides Continue Part 2
64/153
Above screen shows
the file contents of
the test1.
NFS configuration
Now we get into the
file /etc/exports .
NFS configuration
-
8/14/2019 Linux Slides Continue Part 2
65/153
Here the test1 is the
directory name to be
exported to the network
specified above.
NFS configuration
This is the second
directory specified along
with example.com
(domain name) to be
exported.
Note: options rw is
for read and write
permission. sync isfor synchronization.
NFS configuration
-
8/14/2019 Linux Slides Continue Part 2
66/153
Services portmap
and nfs is restarted.
NFS configuration
NFS configuration
-
8/14/2019 Linux Slides Continue Part 2
67/153
exportfs -v shows
the shared directoryof the server
machine.
NFS configuration
exportfs -r -a both
export the added
entries and re-export
the changed ones.
NFS configuration
-
8/14/2019 Linux Slides Continue Part 2
68/153
NFS configuration
In client side to check the
shared document from
server machine, use
showmount -e command.
NFS configuration
-
8/14/2019 Linux Slides Continue Part 2
69/153
NFS configuration
From the client
machine the nfs server
machine shared
directory is mounted.
DHCP
-
8/14/2019 Linux Slides Continue Part 2
70/153
Dynamic host configuration protocol
Allow the hosts to get assigned an IP address from
pool of IP address automatically.
Allow the clients also to receive IP address from outside
network segment.
The server can be configured to accept requests from
only a specific set of MAC address.
DHCP
DHC: Service profile
-
8/14/2019 Linux Slides Continue Part 2
71/153
DHC: Service profile
Packages : dhcp
Daemons : dhcpd
Config file : /etc/dhcpd.conf,
/var/lib/dhcp/dhcp.leases
Ports : 67(bootps), 68(bootpc)
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
72/153
DHCP configuration
The package dhcp is
checked whether
insatalled.
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
73/153
DHCP configuration
Dhcp configurationneed a single package
called dhcp which can
be installed through
rpm command.
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
74/153
Command rpm -qlchecks the files present
in the dhcp package .
DHCP configuration
dhcp.conf.sample is aconfiguration file,
which must be copied to
the /etc directory.
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
75/153
Using cp command the
dhcp.conf.sample is
copied to /etc/dhcp.conf.
DHCP configuration
We get into the
configuration file
copied earlier.
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
76/153
Specify the
network hereand subnet
mask.
DHCP configuration
The gatewayand subnet is
mentioned
here.
Nis domain is
mentioned here.
DNS name is
mentioned here
and the DNS ipaddress.
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
77/153
DHCP configuration
Dynamic range
ip is mentioned
here for the
client systems.
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
78/153
DHCP configuration
The ip
192.168.0.20
is thegateway for
the client
machines.
The domain name ismentioned here as
example.com and ip
address.
Ip ranges is specifiedfor the client machine to
assign automatically.
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
79/153
DHCP configuration
ip is mentioned
for the particular
system by macaddress.
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
80/153
DHCP configuration
ip is added to
the host
station33 bymac address.
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
81/153
In the client
machine, netconfig
command is used
to assign the ip
address.
DHCP configuration
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
82/153
Using space bar the
# (hash) symbol is
checked to enablethe dhcp service.
DHCP configuration
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
83/153
DHCP configuration
Network
service is
restarted to
enable the dhcp
service.
p is viewed to
heck the dhcp
services
enabled.Now the
gateway has
been assigned
via dhcp.
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
84/153
Open the
resolv.conf
file.
g
DHCP configuration
-
8/14/2019 Linux Slides Continue Part 2
85/153
In the client machine
the above domain
name and ip addressget assigned.
g
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
86/153
Andrew Tridgell wrote a SMB [server message block] clientand server that he called Samba.
Samba is a collection of Linux tools that allow you to
communicate with windows systems over a network.
Helps in browsing the network resources using host namesby name resolution instead of DNS.
File and printer sharing is probably the most attractivesamba feature.
g
Samba Service Profile
-
8/14/2019 Linux Slides Continue Part 2
87/153
Packages : samba, samba-common, samba-client
Daemons : smbd, nmbd (NetBIOS nameserver)
Config file : /etc/samba/smb.conf
Ports : 137 (nmbd), 138(smbd)
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
88/153
rpm -q
queries for
the packages
installed.
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
89/153
rpm -ivh along
with package
name installs thepackage.
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
90/153
/etc/samba/smb.confis the configuration
file.
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
91/153
The smb.conf
file is opened
now to edit.
The windows
domain name or
the workgroupname can be
given.
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
92/153
This is the default
screen showing the
default network for
accessing.
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
93/153
The screen shows that
the network 192.168.0
and 192.168.1 can
access the samba server.
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
94/153
At the end of thesmb.conf file, shows the
example of how to
share the linux files.
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
95/153
The previous example is
used here as such like
tmp and var directory.
The tmp directory is
shared to public(full
access) as well as write
the file.
The var directory is
given as the user joe
only can access the file
from any windows
operating system.
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
96/153
Password is set for
accessing from thewindows operating
system.
Samba user name and
password are storedin
/etc/samba/smbpasswd
file.
-
8/14/2019 Linux Slides Continue Part 2
97/153
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
98/153
smbclient -L shows theshared directory of
samba server.
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
99/153
This command helpsto confirm whether
the configuration is
done properly.
The user joe gets
logged in by giving
password for
authentication. ls
command is used to
list the files shared.
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
100/153
The screen viewing the
listed files.mget command copy the
file from shared directory
to our machine.
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
101/153
testparm commandis used to show the
shared directory of
the samba server.
Hitting enter will
show the detailed
shared directory.
Samba configuration
-
8/14/2019 Linux Slides Continue Part 2
102/153
Here the screen shows
the simulation of the
samba configuration.
NIS
-
8/14/2019 Linux Slides Continue Part 2
103/153
- Network information service.
- NIS stores administrative files in /etc/passwd,
/etc/hosts etc., in DB files.
- These Datas are available over the network to
all clients that are connected to the NIS domain.
- NIS client daemon (ypbind) finds a server for its
NIS Domain by sending a broadcast request.
NIS: Service profile
-
8/14/2019 Linux Slides Continue Part 2
104/153
Packages : ypserv, ypbind, yp-tools
Daemons : ypserv, ypbind, rpc.yppasswdd
Config. Files : /etc/ypserv.conf (server)
/var/yp/*,
/etc/sysconfig/network (common)
/etc/nsswitch.conf, (client)
/etc/yp.conf
Port : 111 (assigned byportmap)
Steps to Configure NIS
-
8/14/2019 Linux Slides Continue Part 2
105/153
Define the NIS domain name that the NIS server willwork for.
Start the ypserv daemon.
In the /var/yp/Makefile file, set any NIS server options
and specify the configuration files to manage.
Use ypinit to create the NIS versions of the
configuration file.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
106/153
Query is made to
check whether the
portmap and ypserv
are installed. if not,
install the packages
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
107/153
To set the nis domain
name temporarily,
nisdomainnamecommand is used.
To set nis domain
name permanently,
entries are made at/
etc/sysconfig/network.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
108/153
Enter the nisdomain name.Here
our nis domain is
nis
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
109/153
Start the portmap
and ypserv
services.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
110/153
Open the nis
configuration file.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
111/153
nopush options is set
to true if there is nonis slave server.and
it is set to false if
there is a slave sever.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
112/153
The minimum
user and group Ids
are set to 500.
MERGE_PASSWD is
to true than thepassword file and the
shadow file will be
merge.
MERGE_GROUP
is set to true than
the group file andthe gshadow file
will be merge.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
113/153
The files that are sharedon the network are
listed in the all.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
114/153
This command
create the nis
database
consisting of
the nis
configuration
file.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
115/153
Create a control
access file named
securents, which
enables access by
hosts to the nis
server.
Open thecontrol
access file.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
116/153
Here we are giving
access all the hosts in
the network 192.168.0.0
and the localhost.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
117/153
Restart the yppasswddand ypserv services.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
118/153
In client sidecheck for the
ypbind package.
This command
is used to
indicate the nis
server.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
119/153
Select the NIS option
and enter the nis
domain name and its ip
address and press next.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
120/153
Press ok
to
continue.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
121/153
ypcat lists any NISconfiguration file here
we can see the
password file.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
122/153
ypmatch command is
used to view a
particular users entry in
the configuration file.Open the
auto.master
file.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
123/153
Enter the mounting
directory, here we
mount in the
/home directory .
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
124/153
Open theauto.misc
file.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
125/153
Mention the NIS server
ip address and the homedirectory to be
mounted.
NIS Configurations
-
8/14/2019 Linux Slides Continue Part 2
126/153
Restart the
autofs service .
Secure shell (SSH)
-
8/14/2019 Linux Slides Continue Part 2
127/153
Secure Shell
Allows remote logins and remote command executionvia secure encrypted connections.
Syntax:
ssh @
Secure shell (SSH)
-
8/14/2019 Linux Slides Continue Part 2
128/153
Service for the
sshd is
restarted.
Secure shell (SSH)
-
8/14/2019 Linux Slides Continue Part 2
129/153
Open the file
hosts.allow.
Secure shell (SSH)
-
8/14/2019 Linux Slides Continue Part 2
130/153
example.com specified here,
enables the machines under
example.com domain canaccess the remote login.
-
8/14/2019 Linux Slides Continue Part 2
131/153
Secure shell (SSH)
-
8/14/2019 Linux Slides Continue Part 2
132/153
sshd : ALL enteredabove means that except
example .com others are
restricted to access.
Secure shell (SSH)
-
8/14/2019 Linux Slides Continue Part 2
133/153
Look at the client machine
it is available in the
example.com domain.
Secure shell (SSH)
-
8/14/2019 Linux Slides Continue Part 2
134/153
From the host
satation41 we logged
as root in
station20.example.com
Open ssh
-
8/14/2019 Linux Slides Continue Part 2
135/153
Open SSH replaces common, insecure network
communication skills.
Provides greater data security between networked
systems.
Capable of tunneling in secured protocols through
forwarding.
Open ssh
-
8/14/2019 Linux Slides Continue Part 2
136/153
Packages : openssh-clients, openssh-
server
Daemons : sshd
Config. Files : /etc/ssh/*, $home/.ssh
Port : 22
Open ssh
-
8/14/2019 Linux Slides Continue Part 2
137/153
The openssh packages
are installed
Open ssh
-
8/14/2019 Linux Slides Continue Part 2
138/153
Service sshd is
restarted.
Keygen is used to
Open ssh
-
8/14/2019 Linux Slides Continue Part 2
139/153
Keygen is used to
generate public
and private keysusing DSA
algorithm.
The generated private
key is saved in id_dsa
file.
The generated public
key is saved in
id_dsa.pub file.
Open ssh
-
8/14/2019 Linux Slides Continue Part 2
140/153
To transfer the publickey to a remote
machine
use scp command .
Open ssh
-
8/14/2019 Linux Slides Continue Part 2
141/153
Create a file named
authorized_keys in
/root/.ssh directory and
give full permission to theowner for .ssh directory .
Redirect the public key
file id_dsa.pub to theauthorized_keys file.
Open ssh
-
8/14/2019 Linux Slides Continue Part 2
142/153
Give read and write
permission to owner forthe file authorized file.
Open ssh
-
8/14/2019 Linux Slides Continue Part 2
143/153
Now we can access the
machine 192.168.0.21remotely without
knowing passwd using
public key.
PAM
-
8/14/2019 Linux Slides Continue Part 2
144/153
Pluggable authentication modules
It is a service that determines the method of authentication to beperformed for the users .
When a PAM user login his authentication is redirected to PAMfrom password file.
Authentication is carried out by modules that be vary according tothe kind of authentication needed.
An administrator can add or replace modules by simply changingthe PAM configuration files.
PAM Configuration File
-
8/14/2019 Linux Slides Continue Part 2
145/153
PAM uses different configuration for different services that
request authentications.
Configuration files can be seen in /etc/pam.d directory.
Some of the configuration files are given below.
/etc/pam.d/login
/etc/pam.d/samba/etc/pam.d/system-auth
PAM Modules
-
8/14/2019 Linux Slides Continue Part 2
146/153
A PAM configuration files contains a list of modules to beused for authentication.
They have following format:
Module-type control-flag module-path module-args
Module-type:
PAM Modules
-
8/14/2019 Linux Slides Continue Part 2
147/153
It refers to different group of authenticationmanagement : Account, authentication, sectionand password.
Account :
It performs account verification such as password expiry.
Authentication[auth]:
It verifies who the user is, usually through apassword confirmation.
Continue
PAM Modules
-
8/14/2019 Linux Slides Continue Part 2
148/153
Section:
It refers to task perform before a serviceaccess and before it is shutdown.
Password:
It performs authentication updates such aspassword change.
Control-flag:
PAM Modules
-
8/14/2019 Linux Slides Continue Part 2
149/153
g
It indicates who PAM is to respond if the modules fails.
The control can be a simple directive such as:
Requisite:
End the authentication process immediately if the
modules fails.
Required:
This directive only ends the authentication after theremaining modules are run.
Continue
PAM Modules
-
8/14/2019 Linux Slides Continue Part 2
150/153
Sufficient:
This directive indicates that success of thismodule is enough to provide authentication.
Optional
This directive indicates modules success is not
needed unless it is the only authenticationmodule for its services.
PAM Modules
-
8/14/2019 Linux Slides Continue Part 2
151/153
Module-path : It is a module to be run.
Module-args : Module-argument are the parametersyou want pass to that module
PAM Modules
-
8/14/2019 Linux Slides Continue Part 2
152/153
Open the pam
configuration filelogin.
PAM Modules
-
8/14/2019 Linux Slides Continue Part 2
153/153
This is the
module-type
field.
This is the
control-flag
field.
This field is the
module-path.This field is for
the module
arguments.