Git & Linux SSH Script Lab - RileyBashaw/SYS265 GitHub Wiki

Git is already installed on my docker01-riley Ubuntu Server, so I can continue without the installation.

Had to use https://github.com/RileyBashaw/SYS265.wiki.git in order to clone my tech journal wiki, which clones it locally rather than remotely.

Initial Setup On Docker

Add Token in for GitHub Repo:

git remote set-url origin https://RileyBashaw:[email protected]/RileyBashaw/SYS265.git

Send your files!

echo "docker01 configuration" >> README.md

git add .

git config user.email "email"

git config user.name RileyBashaw

git push

You should see your files within your github repo!

Windows Git Time!

Now, for Git on Windows!

Download Git on your Mgmt01-riley server:

clone your repo once again onto mgmt01:

Once complete, type the following commands: cd ~/Desktop/SYS265/ mkdir mgmt01 cd mgmt01 hostname echo hostname >> README.md git add . git commit -m "added a readme" git push

You should see your new README.md!

Now correct it!

echo mgmt01-riley >> README.md

Submit it again and it should work!

Back to Docker

Now, on your docker01 server, pull the items you've missed!

git pull

PART 2: Hardening SSH

sudo yum install git git remote set-url origin https://RileyBashaw:[email protected]/RileyBashaw/SYS265.git

Now, use the following commands and put a placeholder for your script:

mkdir -p linux

Within this directory, add directories called "public-keys" and "centos7"

cd linux

Use command "ls" to see your newly created additional directories within it.

nano centos7/secure-ssh.sh sudo chmod +x secure-ssh.sh image

Push your changes and you'll see your secure-ssh.sh file in your repo!

RSA KEYPAIR

Now, create your public RSA keypair:

ssh-keygen -t rsa -C "SYS265"

use the default file location it gives you:

NO PASSPHRASE, THIS MAKES IT PUBLIC!!!

Now, copy it to your folder while in the public-keys directory:

cp ~/.ssh/id_rsa.pub .

Add, commit and push to your Repo!!

Hardening Script:

Now, pull from your repo to get up to date!

Then, use the following commands to create a user named sys265 and set it up to login only via an RSA private key.

sudo useradd -m -d /home/sys265 -s /bin/bash sys265 sudo mkdir /home/sys265/.ssh sudo cp SYS265/linux/public-keys/id_rsa.pub /home/sys265/.ssh/authorized_keys sudo chmod 700 /home/sys265/.ssh sudo chmod 600 /home/sys265/.ssh/authorized_keys sudo chown -R sys265:sys265 /home/sys265/.ssh

Unfortunately only got this far, couldn't figure out my issue with the rest of the hardening!