SSH Key concept in Linux

 SSH – secure shell

              It is used to connect Linux server remote using command line. Also ssh mentioned as secure shell. So what secure technical way followed? So for that ssh introduced concept is called ssh keys as private and public key authentication method to access your server.

For server-client model method some known user also access your server and some unknown attacker also access your server that case you have authenticate whom want access your server securely, For that thing used as ssh-key concept.

screenshot_1

ssh-key

SSH keys are used for secure connections across a network. They come in pairs, so you have a public key and a private key.

ssh-keygen

[root@Master ~]# ls -al

total 20

dr-xr-x—. 2 root root 4096 Nov 10 00:38 .

dr-xr-xr-x. 23 root root 4096 Nov 9 21:51 ..

-rw——-. 1 root root 2335 Nov 8 08:03 anaconda-ks.cfg

-rw-r–r–. 1 root root   18 May 20 2009 .bash_logout

-rw-r–r–. 1 root root 176 Sep 22 2004 .bashrc

[root@Master ~]# ssh-keygen (command to generate private and public key)

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Created directory ‘/root/.ssh’.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

41:90:31:1a:17:a5:05:5f:75:69:9d:a8:0a:7b:e0:76 root@Master.Au-Tel.com

The key’s randomart image is:

+–[ RSA 2048]—-+

|   . BB+ … oo.|

|     +.* .   oo..|

|   . . o   ..   |

|       o . .     |

|     . S .     |

|       + E       |

|     . o       |

|                 |

|                 |

+—————–+

 

After running key gen command it will generate two key file under /root/.ssh directory

[root@Master .ssh]# pwd

/root/.ssh

[root@Master .ssh]# ls -l

total 8

-rw——- 1 root root 1675 Nov 10 01:20 id_rsa

-rw-r–r– 1 root root 404 Nov 10 01:20 id_rsa.pub

 

Private and public keys

[root@Master .ssh]# pwd

/root/.ssh

[root@Master .ssh]# ls -l

total 8

-rw——- 1 root root 1675 Nov 10 01:20 id_rsa (private key)

-rw-r–r– 1 root root 404 Nov 10 01:20 id_rsa.pub (public key)

Private key

[root@Master .ssh]# cat id_rsa

—–BEGIN RSA PRIVATE KEY—–

MIIEowIBAAKCAQEAuZv3TUN2+QnLTJ8rCK/QhNqi2Ce1BV2YtRfgprxjaXpeP9Mv

pju4Qf1rJ21sIfdUe4s2zheDZ514y9o5nP70bfHYMtR2yKbb5f8//k6f26B7LPF1

hB4/POX1mssoWGsRKFlVb+TtXFhwpCT/Eiaz4NhSts3ZPBOLVCPlIrFx5WMC3B4o

xlvz7tg7MrPhqE5YkA+s6wl+bhvPSC7QsmJIfpetKqc36T6CoJdq3NfQ+AbSFre9

FkZHhePFBlsm4yBtIZKCOkot1mLF/bqx6CuRdz8Xc1RhJY/rDk/IdVyn5gUj7xBY

P/UyIIfUL8aS9SQvzGfizF4Xa+HhmcL0wSv7ZQIBIwKCAQEAmcpfMWPI+jtQrTNs

zK7umfb79O2zPvXHq/3XZZTHZgZOF6Bark69Pf3ccSAmZUlF//cBhjC9Vdo/hFW6

tUhG3sESOL6rkE+9hA4B0rYsrqmKoZTdtpy4DeMb9Uk+r6kreTQTlzoGf7b+PtzT

WC6yTJX7ZEQpBeRO31DxDh3/SQd74ohbqEahHCHN+f7+Z1PLZcr0fDRmJQp3zsld

0gqRgi4ZnC/DXVFcWbN1YAwP1yGBFiRJqG5HVqSIz/ZzAAAeqPllpL/WDeXw1Sg0

ubB6+taL+iZqpgR/kjxzL72XkL/SdPDPQvN9O6hjEBWMBGnU/TdvzjTE6kqbHv24

d6qOawKBgQDaem8C5vfm1/LbVtQzZzRUvWZAmgSk8YjfTOulbaRPeH/pw9Sy8Z+H

7Mw82gTueO5wGWP3MSOoyyKoMFP6BzFem8aimD9NPwmM7KquhKqUTgvjYUtFXSIs

EJamt6SYNiwNZUKqBnE7EgojgRHYZyhwbC+3Hx3reUFgJJ89Rxht7QKBgQDZfGuu

bJM4/cVnRDkrxGVvckqL3m1VYYZNuxJY7vfWpsWkfi7xdVdEn89IE1GRle/yVVzx

0U4TqnYfcRuHlVAEAHuRGQAKY0O1TZjePMZ6ZGU7ryoxI199TTs1npVzPvGUH/p/

Ha2MDRxlQwSnoyO+UexvxglP8lgehLO1iIxUWQKBgQDN/miq9wb+OVKxjGGszwV0

eA/zxGrHZ2PLOeV+t9VvgD4W69csYCizW5v+3DCJEu9xAf8q5TBAD/wa67zkbS6M

Zv0c9fKKqSZDCwdUFq914y/HwiJl+LnRxn9p/ZswbZc/1ICu8CGeGFKzwtZPsbhp

/5qz+MRwTcFMBUWuzgEXLwKBgQDG2Cfv7j1171VlurftgFy9qlLJBeBOEAXDaTVY

n/iJvQx5IukXRrYwHRVJNjvy0jp3KXmMoht/scsVbroVj9Qg6n+amoOxudeBMQDL

MEBv5sL0vWhncMxVTez90tHIdBASZmFeRwUSVSFGo6x8At7Z5IBmMWeZjR1duyf2

bjcoiwKBgHy6LlBYhb8LDikHr2XxEmaS0WanLi2395WAM71fyF+7OjvUMplz/wf9

xVfcFrNKRNTogMl+B1Gfck1Cu3DcgwiVVGe6p35bPXzHFmU+9rFfE+bMFcI4j8f9

enRA3rPuikfCHg1Kuask9EuGHeWMkOmfljJ/IpRSJbPoGwTTpLhA

—–END RSA PRIVATE KEY—–

Public key

[root@Master .ssh]# cat id_rsa.pub

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuZv3TUN2+QnLTJ8rCK/QhNqi2Ce1BV2YtRfgprxjaXpeP9Mvpju4Qf1rJ21sIfdUe4s2zheDZ514y9o5nP70bfHYMtR2yKbb5f8//k6f26B7LPF1hB4/POX1mssoWGsRKFlVb+TtXFhwpCT/Eiaz4NhSts3ZPBOLVCPlIrFx5WMC3B4oxlvz7tg7MrPhqE5YkA+s6wl+bhvPSC7QsmJIfpetKqc36T6CoJdq3NfQ+AbSFre9fkZHhePFBlsm4yBtIZKCOkot1mLF/bqx6CuRdz8Xc1RhJY/rDk/IdVyn5gUj7xBYP/UyIIfUL8aS9SQvzGfizF4Xa+HhmcL0wSv7ZQ== root@Master.Au-Tel.com

SSH Key Authentication

 Run ssh-copy id command in Master server side:-

[root@Master .ssh]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@slave.autel.com

root@192.168.50.133’s password:

Now try logging into the machine, with “ssh ‘root@ slave.autel.com “, and check in:

.ssh/authorized_keys

to make sure we haven’t added extra keys that you weren’t expecting.

Check authorized keys is available in Slave Server: –

[root@Slave .ssh]# cat authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuZv3TUN2+QnLTJ8rCK/QhNqi2Ce1BV2YtRfgprxjaXpeP9Mvpju4Qf1rJ21sIfdUe4s2zheDZ514y9o5nP70bfHYMtR2yKbb5f8//k6f26B7LPF1hB4/POX1mssoWGsRKFlVb+TtXFhwpCT/Eiaz4NhSts3ZPBOLVCPlIrFx5WMC3B4oxlvz7tg7MrPhqE5YkA+s6wl+bhvPSC7QsmJIfpetKqc36T6CoJdq3NfQ+AbSFre9fkZHhePFBlsm4yBtIZKCOkot1mLF/bqx6CuRdz8Xc1RhJY/rDk/IdVyn5gUj7xBYP/UyIIfUL8aS9SQvzGfizF4Xa+HhmcL0wSv7ZQ== root@Master.Au-Tel.com

I am authorized server for slave server next it will not ask password connect

no-passwd

ssh-know host

Very first time if you are trying to access Linux server 3via SSH it will ask yes or no for connecting you have type yes. Because I don’t know about new Linux server it will ask yes or not for connecting yes. From next time it will not ask yes or not it will store information about you in ssh-known-host file

screenshot_2

Before connecting server run below command

[root@Master .ssh]# pwd

/root/.ssh

[root@Master .ssh]# ls -a

. .. id_rsa id_rsa.pub

 

From Server side

[root@Master .ssh]# ssh root@192.168.50.133

The authenticity of host ‘192.168.50.133 (192.168.50.133)’ can’t be established.

RSA key fingerprint is 7b:05:1a:c6:51:b5:0b:71:2e:41:d1: ed:d0:bb:3f:26.

Are you sure you want to continue connecting (yes/no)?yes

[ root@Master .ssh]# ls -a

. .. id_rsa id_rsa.pub known_hosts

 [root@Master .ssh]# cat known_hosts

192.168.50.133 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwQozTZRbhKZYYlx9SjR6LKJTkz6mk4nxGl20XVLQJhTwNvCTvpIX3k5dBBN/5hAHizgtSP7G2/b1lG1jVtgaLzQ07/if0R5k4EtCFJyObg+pcX8+Ainzz0rEqE8WZcrqqo9o/J9BSjH2lvNUUUlwmKvpXqjnkjHJO2io3eo9P5DXYcc1UIk53xjTl8VYYe3l26DmaitW8tfolO08ESfbg3R6cT22gpzybWZ12k1SqB8S4InHACW+cQXsswEMIXpjgCG9y4Acsf1n4tK5vruNi5BZ2pgOWYAG6GpviiN6n1DGr84ZWCzBjua65ZtgC+8KHMcZ5qxMGttpF3LvOVCjqw==

Next try it will not ask yes / no because you know about the server. It is stored server ip with public key in “/root/.ssh/knownhosts”

[root@Master .ssh]# ssh root@192.168.50.133

root@192.168.50.133’s password:

RHEL6 vs RHEL7

Posted: November 7, 2016 in RHEL 7, rhel6 vs rhel7

[1]ON THE BASIS OF RELEASE DATE.

RELEASE DATE OF RHEL6 IS 10th NOV 2010.

RELEASE DATE OF RHEL7 IS 10TH JUNE 2014.

[2]DIFFERENCE ON THE BASIS OF OPERATING SYSTEM NAMES

If you want to see this use this command

#cat /etc/redhat-release

RHEL6 : REDHAT ENTERPRISE LINUX (SANTIGO)

RHEL7: REDHAT ENTERPRISE LINUX (MAIPO)

[3]KERNEL VERSION

RHEL6: 2.6.32

RHEL7:  3.0.10

[4] OS BOOT TIME

RHEL6: 40 sec

RHEL7: 20 sec

[5]MAXIMUM SIZE OF SINGLE PARTITION

RHEL6: 50TB(EXT4)

RHEL7: 500TB(XFS)

[6] BOOT LOADER

RHEL6:  /boot/grub/grub.conf

RHEL7: /boot/grupb2/grub.cfg

[7]PROCESSOR ARCHITECTURE

RHEL6: It support 32bit & 64bit  both

RHEL7: It only support 64bit

[8]HOW TO FORMAT OR ASSIGN A FILE SYSTEM IN

RHEL6:      #mkfs.ext4   /dev/sda6

RHEL7:       #mkfs.xfs   /dev/sda6

[9]HOW TO REPAIR A FILE SYSTEM IN

RHEL6:  #fsck -y /dev/hda6

RHEL7:  #xfs_repair /dev/hda6

[10]COMMAND TO MANAGE NETWORK IN RHEL6 AND RHEL7

RHEL6:  #setup

RHEL7:  #nmtui

[11]HOSTNAME CONFIGURATION FILE

RHEL6:    /etc/sysconfig/network

RHEL7:    /etc/hostname

[12]DEFAULT ISO IMAGE MOUNT PATH

RHEL6: /media

RHEL7: /run/media/root

[13]FILE SYSTEM CHECK

RHEL6:   e2fsck

RHEL7:   xfs_repair

[14]RESIZE A FILE SYSTEM

RHEL6:   #resize2fs  -p /dev/vg00/lv1

RHEL7:    #xfs_growfs  /dev/vg00/lv1

[15]TUNE A FILE SYSTEM

RHEL6: tune2fs

RHEL7: xfs_admin

[16]IPTABLES AND FIREWALL

RHEL6: iptables

RHEL7: firewalld

[17]COMMUNICATION BETWEEN TCP AND UDP IN BACK END

RHEL6: netcat

RHEL7: ncat

[18]INTERFACE NAME

RHEL6: eth0

RHEL7: ens198(N)

[19]COMBINING NIC

RHEL6: Network Bonding

RHEL7: Team Driver

[20]NSF Server Version

RHEL6:  NFSv2

RHEL7:  NFSV4

 [21]DATABASE USED

RHEL6: Mysql

RHEL7: mariaDB

[22]MANAGING SERVICES

RHEL6:

#service sshd restart

#chkconfig sshd on

RHEL7:

#systemctl restart sshd

#systemctl enable sshd


screenshot_5

For the Above issue ESXi  keep on booting PXE only means it is not booting from local Disk.After long time analysis concluded as

In my lab,LUN id is mismatch happen between Storage host LUN id and Blade Server host LUN id.

Resolution:

Storage Boot LUN Host LUN id = ESXi Host blade SAN Boot LUN id


For many users this has worked, for me, it did not. As you can see in the image below, vCenter does not have the vSphere Data Protection.

1

In order to resolve this problem I accessed https://<vCenterIPAddress>/mob. From there log in with your Administrator account, whatever that might be. From there you will need to select “content”.

2

After selecting that, you will be presented with a bunch of properties. Scroll down and select “ExtensionManager”

3

From there you will be presented with another screen that will show you all of your extensions and provide some methods at the bottom. Verify that extensionList[“com.vmware.vdp”] is listed.  You will need to select “UnregisterExtension”.

4

After selecting “UnregisterExtension” a popup willbe presented. Enter “com.vmware.vdp” without the quotes and select “InvokeMethod”.

6

Once this has completed, you will notice that extensionList[“com.vmware.vdp”] is no longer listed.

After all the steps above have been completed, reboot your vDP VM by right clicking on the virtual machine and selecting “Restart Guest OS”. Once it reboots, log out of the vCenter Web Client and log back in using your credentials. This should present vSphere Data Protection extension in your vCenter.

final

Hopefully this will help someone because it ate up a good portion of my time.


This post explaining about how to protect Linux server from attackers. It means now days many people  try to hack your server using Hacking technique. In this case server should secure from hacker’s. Below  picture describe about how to protect SSH Linux server from attackers. This concept is called SSH brute force . Many people are accessing my Linux using SSH service. So i want to protect SSH using iptables rules.

screenshot_2

 

update the below rule in iptables configuration file /etc/sysconfig/iptables

-A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -m recent –set –name SSH –rsource
-A INPUT -p tcp -m tcp –dport 22 -m recent –rcheck –seconds 60 –hitcount 3 –rttl –name SSH –rsource -j LOG –log-prefix “SSH brute force”
-A INPUT -p tcp -m tcp –dport 22 -m recent –rcheck –seconds 60 –hitcount 3 –rttl –name SSH –rsource -j REJECT –reject-with tcp-reset
-A INPUT -p tcp -m tcp –dport 22 -m recent –update –seconds 60 –hitcount 3 –rttl –name SSH –rsource -j REJECT –reject-with tcp-reset
-A INPUT -p tcp -m tcp –dport 22 -j ACCEPT

#service iptables restart

#chkconfig iptables on

Explanation

I am blocking attackers using SSH ip rule . IT will check every 60 seconds anybody trying to access my server without knowing me . It accept 3 wrong attempt for 6o seconds then it will block in the 3rd attempt for 60 seconds of SSH  port number 22 and also it will log message who try to attacked my server.

Hacker (Dont know the password but he know the IP)

[root@Attacker ~]# ssh 192.168.0.100

root@1192.168.0.100’s password:

[root@Attacker ~]# ssh 192.168.0.100

root@1192.168.0.100’s password:

[root@Attacker ~]# ssh 192.168.0.100

ssh: connect to host 192.168.0.100 port 22: Connection refused

Linux Server ( How to i track who attacked my server )

[root@Linuxserver ~]# grep “SSH brute force” /var/log/messages

Oct 13 11:52:03 Linuxserver kernel: SSH brute forceIN=eth0 OUT= MAC=00:0c:29:42:09:4e:ac: 16:2d:f1:6b:00:08:00 SRC=192.168.1.10 DST=192.168.0.100 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=29582 DF PROTO=TCP SPT=59907 DPT=22 WINDOW=14600 RES=0x00 SYN URGP=0

[root@Linuxserver ~]# grep -i ‘failed’ /var/log/secure | tail -n 1

Oct 13 11:51:59 Linuxserver sshd[21263]: Failed password for root from 192.168.1.10 port 59906 ssh2


[root@test ~]# date

Tue Oct 4 10:05:15 EEST 2016

[root@test ~]# ll /etc/localtime

lrwxrwxrwx 1 root root 35 Oct 4 10:04 /etc/localtime -> /usr/share/zoneinfo/Europe/Helsinki

[root@test zoneinfo]# cd /usr/share/zoneinfo/

[root@test zoneinfo]# unlink /etc/localtime

[root@test zoneinfo]# cd Asia/

[root@test Asia]# pwd

/usr/share/zoneinfo/Asia

[root@test Asia]# ln -s /usr/share/zoneinfo/Asia/Kolkata /etc/localtime

[root@test Asia]# date

Tue Oct 4 12:40:00 IST 2016

[root@test Asia]# ll /etc/localtime

lrwxrwxrwx 1 root root 32 Oct 4 12:39 /etc/localtime -> /usr/share/zoneinfo/Asia/Kolkata


screenshot_4-2

The solution was simple:

– Right click on the ESXi host and select disconnect – accept the warning message.  The VM’s that are running on the host will continue without disruption.

– Once disconnected then reconnect the host again.  You will be prompted to enter username and password of the host.