In this lesson, we're gonna talk about accessing remote systems using Sssh. Now, first, I need you to make sure you have your primary lenox academy dot com lab, silver running or whichever one you're using for your red hat seven distribution. Next. I need you to go ahead and start a 2nd 1 Because what we're gonna do is we're gonna connect from our 1st 1 over to our 2nd 1 So let's go ahead and make sure we're first connected to our I'm gonna call it my primary because I'm choosing to use Anthony one as my lab server.
So I'm gonna connect to it with the SS H user and then at ip address. Now, this is stuff that we've learned inside of lenox academy dot com and inside of the introduction section of lenox academy dot com. So this part should pretty much be old hat to us. It should be relatively simple for us to D'oh. But now what I'm gonna do is I'm gonna teach you a few tips and tricks and connecting to remote systems, issuing commands on remote systems and copying files to and from remote systems. So now that I have my 2nd 1 set up here.
What I'm gonna do is I'm gonna first set. This is my primary. Then I'm gonna set this as my secondary just for my own purpose here of labeling our lab servers are. Then I'm gonna go ahead and copy this I p address. Now, I'm not going to open up another terminal, because instead, I want to learn how to do a few tips and tricks. So first, let's start at the very basics of what we actually just did again. I'm gonna connect to that from my primary server, gonna connect in my secondary one. And I'm gonna do that just by issuing sshh user and then at the iP address yet again.
So if you notice here, it asks for a password. What this is called is this is called password authentication. In order to connect to remote machine, we can do it in multiple ways. Now the default way is enabling password authentication. Now, password authentication allows us to manage passwords just like a regular text password. Now, this is usually encrypted if we're using a as a stage connections,
so it's not being sent over the Internet in plain text. However, what we can do is we can enable something called key authentication where weaken securely. Sign an incorrect keys that essentially require a handshake from our client computer to our remote commute computer in order to access. It's a much higher and more secure method of communicating with servers remotely. Now, this is actually gonna be part of the red hat security section of this course, and we're not gonna cover keys here and said we're gonna cover the basic concepts of SS H and transferring files with that's Shh. So we just connected to our remote system. What I'm gonna do is I'm gonna create a few files using my touch command.
How to do login?
I'm just gonna do touch file one file to file three and then close our bracket. Now, before I continue on, I want to talk about these squiggly rackets. These squiggly brackets allow us to create multiple files at one time with just issuing one command. I can remove files, I can touch files, I can make directories, and I can do multiple at one time by surrounding inside of brackets. So if we now issue R. L s command, we see that we have three files Now that that is located on our system. I'm also gonna go ahead and s you into the route User. Once in is the real user. Let's navigate into the Etc directory and then the SS H directory. I want to take a look at my S S H D config file. Now, the reason I want to do this is because there's something enabled on here called Route Off Indication or Permit Root Log in now by default. This is already commented out on most distributions.
However, it is best practice to also leave it comments it out Now. What permit root log in does is if enabled or uncommon tid this hash in front of it means that basically the system is going to ignore this line of code or this line of configuration. This is a comment the system doesn't recognize comments uncommon sit items the system recognizes. So if we were to comment, permit root log in, that means I could log in to the system remotely as the route user, instead of logging in as a different user and then changing into the route user.
Now, this is bad practice. It's considered a security hole. If somebody got access to your root password and they logged into the system, well, that could cause a lot of damage on your system. Instead, if you have multiple layers of security, where first they must get your key or password, too generic user account and then they must have privileges to be promoted to the route user. So leaving this disabled his best practice and it's already disabled on our system. If it's not disabled on your system, what you'll either do is comment this out where you'll change this to know. And then once you changed the configuration, you'll perform a system CCL restart on the S S H D service and that'll apply that configuration change.
I'm gonna go ahead and exit out of the route user and then also exit out of my secondary system. That system we just ss aged into. Now I'm back on my primary machine. So what I want to do is I actually want to issue a command to a remote server without actually connecting to that server. So how could I do that? Well, that's really simple. I could just do sshh my user name and then we'll get my server. I p address or server host name whatever you want to use and then the command. So I'm gonna issue the command. L's since we don't have password list authentications set up using keys yet I'm gonna need to enter in my password.
Password policies for the dummies
In order for this to work when the password is accepted, we're not going to connect to the system. Instead, it's gonna temporarily connect to the system, return our output of our command, which is just l s. Since we logged in as the user, it's gonna l s the user's home directory, which would be slashed home slash user. And if you recall inside of that home directory and our secondary server, we just set up by using the Touch Command file one file too, and file three so we can issue commands remotely by doing this. So this is a really useful tool, especially if you need thio execute a script remotely without connecting to it. So now that we've done that, what I want to do is I want to create a file or take one of our files that we've already created here and I want a copy it up to my home slash user directory on the remote system. What can use a tool called S C P S C. P s, a secure file transferred protocol or tool that uses port 22. Port 22 is the SS H port and isn't an encrypted port. So data that is sent over port 22 is encrypted and is not in plain text.
Now, if you're not familiar with this, if you were to use, for example on FTP program or Telenet in order to do these types of communications, you would be using plain text tunnels to your remote server instead of encrypted tunnels. And this is bad because a hacker could eavesdrop in between these connections. Basically middleman attack toe, listen to what's being sent to and from your remote servers. That's a security hole. So if you're connecting as a remote user, your password is being transferred. If you're using, tell Net or if ftp over plain text. Instead, we have S C P sssh and sftp secure file transfer protocol, which we use over Port 22 that's what we're learning about here. So we have s C p and then what I'm gonna do is what file? I want a transfer. Well, I just created this log file, So we're gonna transfer the last 10 lines dot t x t.
Transferring data for passwords
I'm gonna transfer it Thio using the user user at than our host names of these are my credentials to communicate with my remote server. And then when I do s e p, I have to specify the location in which I want to put this file. So I'm actually just gonna specify my user's home directory. I could specify sub direct decree from my user's home directory by doing my dirt one if my door one existed inside of slash home slash user on the remote system. So instead, I'm just gonna upload it to the user's home directory, which, in this case, since the user is user name user will be slashed home slash user on the remote system. So we have our SCP command, the file. We want to transfer the credentials to the server we want to communicate with and then the location that we're uploading the file too. And then we'll hit enter. We'll enter the password for the remote user.
It's going to say it works successfully. I don't believe it. So let's go ahead and just issue a command on the ropes. Remote server and see. We'll do sshh user at well paced in our I P address, and then we'll issue the command l s type in our password and we should see now on the remote server because we issued this command on the remote server we now see last 10 lines dot t x t. Okay, so I want to download file one file too, and file three. I could choose to do it with SCP by doing it the other way around. Or I could just sftp to my remote server. So sftp is using port 22 instead of the regular FTP port.
Now, this is important because sftp implies secure file transfer. The files and data sent over sftp are encrypted information. It's using the SS H port, so we're using it to communicate with remote systems. So we'll do sftp user at the I P address we want to communicate with now, in this case again, we're connecting as the user user than the I P address. If it was a different user name. You would replace user user with that different user name. So I'm gonna go ahead and connect to it. And now we're inside of our remote system. I can do in L s and inside of here. Iris. I see the files inside of my remote system. No, Aiken generally issue regular lennox commands inside of sftp.
So by typing PWD, I see that I'm working inside the remote directory slash home slash user. I can navigate into the desktop directory if I wanted, and doing l s or navigate back out of the desktop directory. Now, I want to go ahead and download file one, so I could just type get file one, and that's gonna download it to my local machine. I can get filed two that'll download it to my local machine. Now, if I have permissions to do this inside of the directory, I should be able to do a make dirt test. And if I do in l s on a remote machine, you see that we now have a directory called Test. Now the other side of that is, I can also upload files from my current working directory.
So if we come back up here. When we started the sftp directory, I was inside of my user's home directory on my primary server. So that means these files here are inside of my directory. So I can tie put bad command dot t x t. And I did tab completion there. So I just started typing and then hit tab, and it completed it for me. So get if you're not familiar with that, I'll just tight, bad and then hit tab and will complete it for me since I'm inside of that directory and I'm just gonna put that on side of the remote machine. So now, on the remote machine, we see that we have bad command at
t X t. So I can quit by either typing quick exit or by and then now we're back on our local machine on our local machine.
We now have fire one and file to Whereas we downloaded those via sftp. If I were to issue a command on my remote machine, I'm gonna search my history to find that command. So to search that I'm gonna hit control are and then ss h. And then if you notice it completes it for me. So we're act actually searching the history on our system by hitting control our It's our command history.
So, since this command will issue the remote L s command on our remote system, I'm gonna go ahead and issue that command by hitting enter, entering in my password and then we see that bad commander T X T is there because we uploaded it with the sftp program. So that concludes it for this lesson. In this lesson, we learn how to connect to remote machines using SS H. We also learn to use the S S H protocol in port 22 in order to use secure file transfer the S C P program as Wells sftp. It is an exam requirement for us to be able to transfer files to and from different machines. Six Security Lee and these two programs satisfy that exam requirement. So that concludes it for this lesson. Go ahead and complete this lesson.