1.) Munging a Document and Comparing Message Digests [Top]
To do this exercise you will need to be root.
On your machine type:
Look at your neighbour's machine. Is their file exactly the same as yours? Can you be sure?
# cat /etc/motd
Now run the file through the sha1 one-way hashing function:
Let's do this again and save the results to a file:
# sha1sum /etc/motd
Now change ONE (1) character in your /etc/motd file and repeat the sha1 test. You may want to do this using two terminals. One to have your sha1 output displayed and the other for editing the /etc/motd file.
# sha1sum /etc/motd > /tmp/motd-hash
One character change. Save the file and exit. Now we'll run sha1 again, save the results to the same
# vi /etc/motd
motd-hashfile and compare the hashes.
# sha1sum /etc/motd >> /tmp/motd-hash
Compare the results with your neighbor, or with your previous sha1 message digest. They should be very different.
As discused the sha1 hashing algorithm is no longer considered
reliable. You can do this same exercises using
Note: In UNIX the equivalent hashing functions are named
2.) Generate Public/Private Key Pair for SSH [Top]
Note: Please be sure that you are logged in and using your pacnog account for this exercise - not root.
NOTE: If you are using a laptop and you are not running Linux on your laptop, then you should do this exercise with someone who is sitting at a desktop machine.
We will now generate a single RSA SSH protocol 2 key of 2048 bits. To do this, issue the following commands:
You will be prompted for a file location for the key as well as for a passphrase to encrypt the key file. Do not change the default filename or location for the key.
$ ssh-keygen -t rsa -b 2048
This command output should look like:
Be sure to enter a passphrase. Private key files without passphrases are a security hole. Your passphrase can be pretty much anything you want and as long as you want - including spaces.Generating public/private rsa key pair. Enter file in which to save the key (/home/pacnog/.ssh/id_rsa): [PRESS ENTER] Created directory '/home/pacnog/.ssh'. Enter passphrase (empty for no passphrase): [TYPE IN PASSPHRASE] Enter the same passphrase again: [TYPE IN SAME PASSPHRASE] ...
You will see something like this:
Your private key should now be protected by a passphrase. This means to use your public/private key combination you will need to type in your passphrase (not your afnog account's password) when prompted.Your identification has been saved in /home/pacnog/.ssh/id_rsa. Your public key has been saved in /home/pacnog/.ssh/id_rsa.pub. The key fingerprint is: d9:99:7c:ad:80:90:df:8c:1b:7e:79:a4:bb:c3:89:a1 email@example.com The key's randomart image is: +--[ RSA 2048]----+ | E. | | .. | | . | | + | | o oSo . | | = o.o . | | . o *.o. | | = *o. | | =** | +-----------------+
3.) Copy Your Public Key to an account we have created for on the NOC box [Top]
We have created the accounts pc1, pc2, pc3, pc4 through pc15 on the classroom noc server. For users on the desktop machines you should do this exercise using the corresponding account on the noc box. For users on laptops please ask the instructor to determine which account you should use. The password for these accounts is the same as the password for the pacnog user on your desktop machines
The first thing you will do is to copy your public key file over to the home directory of your account on the noc box.
Please remember - you must do this exercise as the pacnog user on your local machine.
It is critical that you pay close attention to the command above. Be sure you include the ":" and the "." at the end of the command.
$ cd .ssh
$ scp id_rsa.pub pcX@noc:.
You should see something like this on your screen:
Response with "yes" to accept this public key from noc.The authenticity of host 'noc (184.108.40.206)' can't be established. RSA key fingerprint is ca:0b:74:d5:65:9a:bc:cf:1d:e3:c2:39:5f:7d:f9:07. Are you sure you want to continue connecting (yes/no)?
This is the initial exchange of the noc's ssh public key's fingerprint to your machine so that the next time you log in ssh on your machine can compare this information to what it has seen before.
Afer you say yes, type in the password for the pcX account on the noc box, then you will have copied your public ssh key to your corresponding pcX account on our classroom noc machine. Now log in to your account on the noc box to execute a few more commands:
You will no be logged in to the noc machine as the user pcX.
$ ssh pcX@noc
Now do the following:
Note: You could have done this all remotely, but I wanted you to see what logging in to the noc box looks like using a password.
$ mkdir .ssh
$ cat id_rsa.pub >> .ssh/authorized_keys
$ rm id_rsa.pub
Now log off from the noc box:
Now try logging back in to the noc box:
What just happened? If everything worked you should have been asked for the passphrase of the private key of your ssh key on your local machine. This is pretty cool!
$ ssh pcX@noc
You can exit from the noc machine by type: