In this review, you will configure, secure, and use SSH service to access remote machine,
configure rsyslog service, archive local files, transfer local files to remote machine, and
manage packages using yum.

##OUTCOMES
You should be able to:

• Create a new SSH key pair.

• Disable SSH logins as root user.

• Disable SSH logins using password.

• Update the time zone of a server.

• Install packages and package modules using yum.

• Archive local files for backup.

• Transfer local files to remote machine.

##BEFORE YOU BEGIN
Log in to workstation as student using student as the password.

On workstation, run lab rhcsa-rh124-review3 start to start the comprehensive
review. This script creates the necessary files to set up the environment correctly.

[student@workstation ~]$ lab rhcsa-rh124-review3 start

##INSTRUCTIONS
Accomplish the following tasks on serverb to complete the exercise.

• Generate SSH keys for the user student on serverb. Do not protect the private key
with a passphrase.

• On servera, configure the user student to accept logins authenticated by the SSH
key pair you created for the user student on serverb. The user student on serverb
should be able to log in to servera using SSH without entering a password.

• On serverb, configure the sshd service to prevent users from logging in as root via
SSH.

• On serverb, configure the sshd service to prevent users from using their passwords to
log in. Users should still be able to authenticate logins using an SSH key pair.

• Create a tar archive named /tmp/log.tar containing the contents of /var/log on
serverb. Remotely transfer the tar archive to /tmp directory on servera, authenticating
as student using the student user’s private key of the SSH key pair.

• Configure the rsyslog service on serverb to log all messages it receives that have
the priority level of debug or higher to the file /var/log/grading-debug. This
configuration should be set in an /etc/rsyslog.d/grading-debug.conf file, which
you need to create.

• Install the zsh package, available in the BaseOS repository, on serverb.

• Enable the default module stream for the module python36 and install all provided
packages from that stream on serverb.

• Set the time zone of serverb to Asia/Kolkata.

1.
Generate SSH keys for the user student on serverb. Do not protect the private key with a
passphrase.

      1.1.
From workstation, open an SSH session to serverb as student.

[student@workstation ~]$ ssh student@serverb
...output omitted...
[student@serverb ~]$

      1.2.
Use the ssh-keygen command to generate the SSH keys for the user student. The
private and public key files should be named /home/student/.ssh/review3_key
and /home/student/.ssh/review3_key.pub respectively.

2.
On servera, configure the user student to accept logins authenticated by the SSH key
pair you created for the user student on serverb. The user student on serverb should
be able to log in to servera using SSH without entering a password.

      2.1.
Use the ssh-copy-id command to export the public key /home/student/.ssh/
review3_key.pub from servera to serverb.

[student@serverb ~]$ ssh-copy-id -i .ssh/review3_key.pub
student@servera
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/
review3.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you
are prompted now it is to install the new keys
student@servera's password: student
Number of key(s) added: 1
Now try logging into the machine, with:
"ssh 'student@servera'"
and check to make sure that only the key(s) you wanted were added.

      2.2.
Use the ssh command to confirm that you can log in to servera from serverb as
student using the SSH private key /home/student/.ssh/review3_key without
being prompted for the password.

[student@serverb ~]$ ssh -i .ssh/review3_key student@servera
...output omitted...
[student@servera ~]$

      2.3.
Log out of servera.

[student@servera ~]$ exit
logout
Connection to servera closed.
[student@serverb ~]$

3.
On serverb, configure the sshd service to prevent users from logging in as root with SSH.

      3.1. Set the parameter PermitRootLogin to no in the /etc/ssh/sshd_config.
You may use the command sudo vim /etc/ssh/sshd_config to edit the
configuration file.

      3.2. Reload the sshd service.

[student@serverb ~]$ sudo systemctl reload sshd.service

4.
On serverb, configure the sshd service to prevent users from using their passwords to log
in. Users should still be able to authenticate logins using their private key of the SSH key pair.

      4.1. Set the parameter PasswordAuthentication to no in the /etc/ssh/
sshd_config. You may use the command sudo vim /etc/ssh/sshd_config to
edit the configuration file.

      4.2. Use the sudo systemctl command to reload the sshd service.

[student@serverb ~]$ sudo systemctl reload sshd.service

5.
Create a tar archive named /tmp/log.tar containing the contents of /var/log
on serverb. Remotely transfer the tar archive to the directory /tmp on servera,
authenticating as student using /home/student/.ssh/review3_key as the student
user’s private key of the SSH key pair for authentication.

      5.1.
Use the sudo tar command to create an archive named /tmp/log.tar as the
superuser containing the contents of /var/log.

[student@serverb ~]$ sudo tar -cvf /tmp/log.tar /var/log
[sudo] password for student: student
...output omitted...

      5.2.
Use the scp command to remotely transfer the archive file /tmp/log.tar to the
directory /tmp on servera. Specify /home/student/.ssh/review3_key as the
private key of the SSH key pair.

6.
Configure the rsyslog service on serverb to log all messages it receives that have the
priority level of debug or higher to the file /var/log/grading-debug. This configuration
should be set in an /etc/rsyslog.d/grading-debug.conf file which you should create.

      6.1.
Create the file /etc/rsyslog.d/grading-debug.conf with the following
content. You may use the sudo vim /etc/rsyslog.d/grading-debug.conf to
create the file.

*.debug /var/log/grading-debug

      6.2.
Use the sudo systemctl command to restart the rsyslog service.

[student@serverb ~]$ sudo systemctl restart rsyslog.service

      6.3.
Use the logger command to generate the log message Debug Testing having
priority debug.

[student@serverb ~]$ logger -p debug Debug Testing

      6.4.
Confirm that the log message Debug Testing is saved in the /var/log/grading-
debug file.

[student@serverb ~]$ sudo tail /var/log/grading-debug
...output omitted...
Mar 12 09:55:23 serverb student[32383]: Debug Testing

7.
Use the sudo yum command to install the zsh package, available in the BaseOS repository,
on serverb.

[student@serverb ~]$ sudo yum install zsh
...output omitted...
Is this ok [y/N]: y
...output omitted...
Installed:
zsh-5.5.1-6.el8.x86_64
Complete!

8.
Use the yum command to enable the default module stream for the module python36 and
install all the provided packages from that stream, on serverb.

[student@serverb ~]$ sudo yum module install python36
...output omitted...
Is this ok [y/N]: y
...output omitted...
Installed:
python36-3.6.6-18.module+el8+2339+1a6691f8.x86_64
pip-9.0.3-13.el8.noarch
python3-
Complete!

9. Set the timezone of serverb to Asia/Kolkata.

      9.1.
Use the sudo timedatectl command to set the timezone of serverb to Asia/
Kolkata.

[student@serverb ~]$ sudo timedatectl set-timezone Asia/Kolkata

      9.2.
Log out of serverb.

[student@serverb ~]$ exit
logout
Connection to serverb closed.
[student@workstation ~]$

##Evaluation
On workstation, run the lab rhcsa-rh124-review3 grade command to confirm success
of this exercise.

[student@workstation ~]$ lab rhcsa-rh124-review3 grade

##Finish
On workstation, run lab rhcsa-rh124-review3 finish to complete the comprehensive
review. This script deletes the files and directories created during the start of the comprehensive
review and ensures that the environment on serverb is clean.

[student@workstation ~]$ lab rhcsa-rh124-review3 finish

This concludes the comprehensive review.