Lab: Git and Linux SSH Script - Hsanokklis/2023-2024-Tech-journal GitHub Wiki
Learn more about git here: https://git-scm.com/
- Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency.
You should already have a git repository, though it may only contain your wiki. We will add configurations, source files and scripts to your repository to make it far more useful in this class and beyond.
sudo apt install git
- Make a clone of one of your GitHub directories!!
git clone https://github.com/Hsanokklis/2023-2024-Tech-jounral
I found that if you make a clone of a repo that has no code in it, it will be an empty clone on your desktop. My tech journal from last year did not have any code in it so when I copied it, it was an empty directory. You will see in the image above, I have a bunch of other directories, but they are all empty.
If you haven't done so already, create a directory structure within your local repository that is organized to capture your configuration information.
cd /home/hannelore/2023-2024-Tech-journalmkdir SYS265cp -r DockerProject ~/2023-2024-Tech-journal/
I copied the
DockerProjectfolder from the last lab into aSYS265directory within the2023-2024-Tech-journaltech journalTIP: ~/ is equal to /home/hannelore
TROUBLESHOOTING: password authentication no longer supported so I had to make a personal access token to push my directories to github.
Steps:
- Github
- Settings
- Developer Settings
- Personal Access Tokens
- Tokens (classic)
- Generate new token (give your password)
- Copy token (you will only be able to see it once)
Link: https://stackoverflow.com/questions/68775869/message-support-for-password-authentication-was-removed
git add .
git status
git config user.email [email protected]
git config user.name hsanokklis
git commit -m "added a readme"
git push
# input user name
# input personal access token
Successful push to github!
SIDENOTE: When I pushed my DockerProject to github I got an email from GitGuardian saying that I pushed a password. I ended up signing up and connecting GitGuardian to my account, and it was able to scan my files for any passwords/usernames it could find.
It ended up finding the password I set for FireFly III when I was doing my Docker Project, so it wasn't a huge deal.
The README was in the Docker Project directory, and I wanted it to be up a directory, so I made one within the SYS265 directory, and then push it again.
Once pushed, you can always recover files deleted locally by doing a git checkout. Delete the README.md file from the local repo on docker01.
cat README.md
rm README.md
git checkout .
cat README.md
The period in the
git checkout .command indicates all files in this project
Install the 64-bit version of Git on mgmt01 using defaults.
Find and execute git-bash, and then clone your repo in much the same way as you did on docker01.
It appeared on my desktop!
Adding a README.md to the mgmt01 directory
- add, commit and push to github!
git add .
git status
git config user.email [email protected]
git config user.name hsanokklis
git commit -m "added a readme"
git push
# input user name
# input personal access token
successful push
echo "$(hostname)" > README.md
The differnce between > and >> when using the
echocommand, is that>>will append your text to whatever is already in the file, and>will override everything, like below.
Re-commit with the comment, “oops”, and push. Provide a screenshot similar to the one below.
git add .
git status
git commit -m "oops"
git push
Now the local repository on docker01 is out of sync with the online version because of the push from mgmt01 that is not reflected in the local repo on docker01. Let's sort that out.
Clone your tech journal to web01. You will need to install git.
yum install git
git clone https://github.com/Hsanokklis/2023-2024-Tech-jounral\
Let's organize our local repository a bit and then push the changes up to github. We are going to create a few directories and a shell script called secure-ssh.sh
# go to /SYS265
mkdir -p linux/{public-keys,ubuntu}
cd linux/
nano ubuntu/secure-ssh.sh
chmod +x ubuntu/secure-ssh.sh
put these 6 lines into the ubuntu/secure-ssh.sh file (they are a place holder)
#secure-ssh.sh
#author hsanokklis
#creates a new ssh user using $1 parameter
#addsd a public key from the local repo or curled from the remote repo
#removes roots ability to ssh in
echo "ALL YOUR CODE GOES HERE"
Successful commit
Create an RSA Keypair on web01, with no passphrase required. Copy the PUBLIC key to the local repo, see the last two lines.
# go into the /SYS265/linux/public-keys directory
ssh-keygen -t rsa -C "sys265"
cp ~/.ssh/id_rsa.pub .
Now add, commit and push your web01 modifications
git add .
git status
git commit -m "commit of keys"
git push
TIP: you have to commit before you push to github
On docker01, pull to synchronize your repo.
git pull
The following screenshot shows the manual creation of a user that can only login via RSA Private Key. You are going to need to figure out how to create such a user using a script. In this case, SYS265 is the created user.
These are the commands I did manually for user sys265
sudo useradd -m -d /home/sys265 -s /bin/bash sys265
sudo mkdir /home/sys265/.ssh
sudo cp SYS265/linux/public-keys/id_rsa.pub /home/sys265/.ssh/authorized_keys
sudo chmod 700 /home/sys265/.ssh
sudo chmod 600 /home/sys265/.ssh/authorized_keys
sudo chown -R sys265:sys265 /home/sys265/.ssh
useradd -m -d /home/sys265 -s /bin/bash sys265creates a new user account named "sys265" with a home directory at /home/sys265 and sets the default shell for the user to Bash.
700
- this permission says you can do anything with the file or directory and other users have no access to it at all.
600
- This file permission means you can read and write the file or directory and other users have no access to it.
Now test your manual configuration on web01 signing into docker01
ssh sys265@docker01-hannelore
TROUBLESHOOTING: When I tried to ssh into
sys265@docker01-hannelorefromweb01-hanneloreI kept getting a message saying that the system could not resolve the hostname.I did
nslookupofdocker01-hanneloreand the system could not resolve the IP address of the docker01.I tried to ping
docker01-hannelorefrom the webserver and it did not work.I was able to log via
ssh [email protected]which tells me that the system cannot resolve the hostname but it can use the docker01 IP address.
sudo nano /etc/hosts- added
10.0.5.12 docker01-hanneloreto the hostsTo solve this, I went into the
/etc/hostsfile and added10.0.5.12 docker01-hanneloremanually to the file. This solved the issue and I was able to login via the hostname.
Using a passed parameter for username such as ./secure-ssh.sh testuser12, create a passwordless user such that the user with the associated private key on web01 can login without password
#secure-ssh.sh
#author hsanokklis
#creates a new ssh user using $1
#adds a public key from the local repo or curled from the remote repo
#removes roots ability to ssh in
echo "ALL YOUR CODE GOES HERE"
#!/bin/bash
#Check if username is provided as a parameter
if [ $# -ne 1 ]; then
echo "Usage: $0 <username>"
exit 1
fi
username="$1"
# Create user with passwordless authentication
sudo useradd -m -s /bin/bash "$username"
sudo mkdir -p /home/"$username"/.ssh
sudo cp /home/hannelore/2023-2024-Tech-journal/SYS265/linux/public-keys/id_rsa.pub /home/"$username"/.ssh/authorized_keys
sudo chmod 700 /home/"$username"/.ssh
sudo chmod 600 /home/"$username"/.ssh/authorized_keys
sudo chown -R "$username:$username" /home/"$username"/.ssh
echo "Passwordless user '$username' has been created with associated private key."
TROUBLESHOOTING: When I created a script I kept getting this error. A user was being made, but when I tried to log in as a passwordless user, it did not work.
The problem was that I was not putting the full path to the keys and I was not making the
authorized_keysfile to copy the public key for the new user.I changed the line in the script to
sudo cp /home/hannelore/2023-2024-Tech-journal/SYS265/linux/public-keys/id_rsa.pub /home/"$username"/.ssh/authorized_keysand it worked!I was also doing this from
web01-hanneloreand notdocker01-hannelore, but that was an easy fix as I just pushed the stuff fromweb01-hanneloreto github and then pulled it todocker01-hannelore
Deliverable 1. A screenshot similar to the following that shows the configuration files (not your wiki) added to your github site. Note how the README.md is displayed
The README was in the Docker Project directory, and I wanted it to be up a directory, so I made one within the SYS265 directory, and then push it again.
Deliverable 4. Re-commit with the comment, “oops”, and push. Provide a screenshot similar to the one below.
don't mind my spelling
Deliverable 9. Cat the script syntax, show a test running of your script on docker01, and the passwordless ssh login from web01 (similar to the one above).
cat secure-ssh.sh
Script working
passwordless ssh login from web01
