Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Linux Administration Cookbook
Linux Administration Cookbook

Linux Administration Cookbook: Insightful recipes to work with system administration tasks on Linux

eBook
€20.98 €29.99
Paperback
€36.99
Subscription
Free Trial
Renews at €18.99p/m

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Table of content icon View table of contents Preview book icon Preview Book

Linux Administration Cookbook

Remote Administration with SSH

The following recipes will be covered in this chapter:

  • Generating and using key pairs with ssh-keygen
  • SSH client arguments and options
  • Using a client-side SSH configuration file
  • Modifying the server-side SSH configuration file
  • Rotating host keys and updating known_hosts
  • Using local forwarding
  • Using remote forwarding
  • ProxyJump and bastion hosts
  • Using SSH to create a SOCKS Proxy
  • Understanding and using SSH agents
  • Running multiple SSH servers on one box

Introduction

In the first chapter, we SSH'd to our VM using one command:

$ ssh adam@127.0.0.1 -p2222
adam@127.0.0.1's password:
Last login: Mon Aug 6 17:04:31 2018 from gateway
[adam@localhost ~]$

In this chapter, we're going to expand on this, looking at making connecting easier with SSH key pairs; running over the security benefits of SSH; making changes to both the client and server side configuration; setting up a port forward and reverse port forward connections; learning about ProxyJump and bastion hosts, as well as setting up a temporary proxy with SSH; and finally, we're going to look at SSH agents and setting up an additional SSH server on our VM.

This chapter assumes that you have a rudimentary understanding of SSH.

Technical requirements

As introduced in the first chapter, we're going to use Vagrant and VirtualBox for all of our work in this chapter and those going forward. This allows us to quickly provision infrastructure for testing, and saves you the manual job of creating multiple VMs each time.

If you really, really, don't want to use VirtualBox or Vagrant, then you don't have to, and I've tried to keep the examples as generic as possible, but you will probably find it much easier if you do.

I've put together the following Vagrantfile for use in this chapter:

# -*- mode: ruby -*-
# vi: set ft=ruby :

$provisionScript = <<-SCRIPT
sed -i 's#PasswordAuthentication no#PasswordAuthentication yes#g' /etc/ssh/sshd_config
systemctl restart sshd
SCRIPT

Vagrant.configure("2") do |config|
config.vm.provision "shell",
inline: $provisionScript...

Generating and using key pairs with ssh-keygen

Passwords are great, but they're also terrible.

Most people use weak passwords, and while I hope that's not you, there's always the chance that someone in your team doesn't have the discipline you do, and resorts to football99 or similar for connecting to your shared remote host.

With password access enabled, anyone might be able to connect to your server from any country by brute-forcing their way into your machine, given enough time and enough processing power.

I say "might" because as long as you use secure passwords of a decent length, passwords can be hard to guess, even with the power of a sun. Consult your company security policy when deciding these things, or read up on the best practices at the time you're writing the policy yourself.

Here's where keys come in.

SSH keys are based on...

SSH client arguments and options

SSH is a powerful piece of software, as we've already discussed, and while it can be used in a very simple way to enable access to your server, it is also extremely flexible.

In this section, we're going to look at common flags that are used with SSH in environments that may have different requirements.

We will be using the same Vagrant boxes as before.

Getting ready

As with the previous section, confirm that both of your Vagrant boxes are enabled, and connect to the first using the vagrant command:

$ vagrant ssh centos1

How to do it...

...

Using a client-side SSH configuration file

While it's nice to be able to manipulate SSH using command-line arguments, it's also nice to not have to bother.

If you've got a system you work on day in and day out, it can be beneficial to configure your setup with your typical arguments on a permanent basis. This is where the client-side SSH configuration file comes in.

On our example box, the default ssh_config file is located in the /etc/ssh/ directory. Open this file to have a look if you like, but don't make any changes yet.

Getting ready

As with the previous section, confirm that both of your Vagrant boxes are enabled, and connect to the first using the vagrant command:

$ vagrant ssh centos1

To configure...

Modifying the server-side SSH configuration file

For the last few sections, we've been focusing on the client configuration. We've tweaked our connection string on the command line and we've written a configuration file to be read automatically by SSH when connecting to our second host.

In this section, we're going to take a look at the sshd_config file, or the server-side of the configuration tango, on our second host.

We're going to make a few example and routine changes to get you familiar with the concept.

Getting ready

Connect to both centos1 and centos2. Doing this from outside (in separate windows, and using vagrant ssh) is best:

$ vagrant ssh centos1
$ vagrant ssh centos2

Place your Terminal...

Rotating host keys and updating known_hosts

One thing we've not mentioned yet are host keys, and the known_hosts file.

This is something that is often overlooked, so I'd like to take a few minutes to go over these otherwise-ignored treasures.

In this section, we will inspect what happens when you first SSH to a new machine, and then we will change the keys of that machine to see what problems this causes us.

Getting ready

Connect to centos1 and centos2 in different sessions:

$ vagrant ssh centos1
$ vagrant ssh centos2

If you're working on a fresh setup, SSH to centos2 from centos1 and accept the host key when you're presented with it.

Log back out of centos2:

[vagrant@centos1 ~]$ ssh 192.168.33.11
The authenticity...

Technical requirements

Confirm that both of your Vagrant boxes are enabled, and connect to both using the vagrant command.

If you've previously changed the SSH configuration file, it might be an idea to destroy your boxes and re-provision them first:

$ vagrant ssh centos1
$ vagrant ssh centos2

Using local forwarding

Local forwarding is the act of mapping local TCP ports or Unix sockets onto remote ports or sockets. It's commonly used when either accessing a system securely (by requiring the user to first SSH to the box, thus encrypting their connection), or for troubleshooting problems.

In this section, we're going to start a small webserver on centos2, which we're going to connect to from centos1, first by connecting to the IP and port directly, and then by a connection to a mapped local port, utilizing port forwarding.

Getting ready

On centos2, run the following command:

[vagrant@centos2 ~]$ python -m SimpleHTTPServer 8888
Serving HTTP on 0.0.0.0 port 8888 ...

You've just created a small, Python...

Using remote forwarding

In the previous section, we looked at the ability to forward local connection attempts to a remote machine.

In this section, we're going to look at something very similar: remote forwarding.

With remote forwarding, connection attempts made to a specified address and port on a remote machine are passed back through the SSH tunnel you've set up, and are processed on the local machine (your client).

Start on centos1.

Before we start it's worth noting that remote forwarding is a great way to punch holes out of networks, which means that it can also be a nightmare for security professionals charged with maintaining a network. With great power comes great etc.

Getting ready

Confirm that both...

ProxyJump and bastion hosts

We're going to take a look at one very new SSH option, a slightly older SSH option, and the concept of bastion hosts (or jump boxes) in this recipe.

We need three machines because we're going to use one machine as the "gateway" to another.

Getting ready

Set up your three VMs, preferably using the Vagrantfile at the top of this chapter.

Connect to each box, and then check that from centos1, you can ping centos2 and centos3:

[vagrant@centos1 ~]$ ping 192.168.33.11
PING 192.168.33.11 (192.168.33.11) 56(84) bytes of data.
64 bytes from 192.168.33.11: icmp_seq=1 ttl=64 time=2.54 ms
64 bytes from 192.168.33.11: icmp_seq=2 ttl=64 time=1.09 ms
64 bytes from 192.168.33.11: icmp_seq=3 ttl...

Using SSH to create a SOCKS Proxy

SSH is great.

I never get tired of talking about how great it is, and it would be remiss of me to not mention one of its best features: the ability to quickly and easily set up a SOCKS proxy.

In the previous sections, we forwarded individual ports, but what if we were using a bastion host to connect to a slew of different websites within a network? Would you like to add tens of lines to your SSH config file? Or manually type out each port and mapping every time?

I didn't think so.

That's where the -D flag comes in.

See -D [bind_address:]port in the SSH manual page (https://man.openbsd.org/ssh):

Specifies a local "dynamic" application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection...

Understanding and using SSH agents

One thing we touched on briefly was the concept of an SSH agent.

When you SSH to a server (after setting up a key) and you're prompted for a passphrase, what you're actually doing is decrypting the private key part of your public-private key pair (the id_rsa file by default), so that it can be used to verify that you are who you say you are against the remote host. It can get tedious to do this each time you SSH to a server, especially if you're managing hundreds or thousands of constantly changing boxes.

That's where SSH agents come in. They're somewhere for your now-decrypted private key to live, once you've given it the passphrase, for the duration of your session.

Once you've got your private key loaded into your agent, the agent is then responsible for presenting the key to any servers you connect to, without...

Running multiple SSH servers on one box

Sometimes, it can be a requirement to run multiple SSH servers on one box. You may want to use one for regular, day-to-day activities, and the other server for backups or automation.

In this case, it's perfectly possible to run two distinct versions of the SSH server at once.

We're going to use centos2 for this, setting up a secondary SSH server on port 2020.

Getting ready

If you haven't already, I would advise destroying your previous Vagrant boxes and deploying new ones for this.

Once new boxes are created, connect to both:

$ vagrant ssh centos1
$ vagrant ssh centos2

Install policycoreutils-python on centos2, for semanage later:

[vagrant@centos2 ~]$ sudo yum -y install...

Summary

While I've spent this chapter describing some brilliant things that SSH is capable of and singing its praises throughout, it's worth highlighting that it's still software, and it's also constantly evolving. Because it's software, it can have bugs and unexpected behavior, though the developers behind it are some of the best, what with it being part of the OpenBSD suite of software.

If you take anything away from this chapter, make it the following:

  • Use key-based authentication
  • Disable root login over SSH
  • Use a local SSH config file for connecting to remote machines

I'd highly recommend signing up to the various SSH mailing lists if you're a bit sad like I am, and keeping an eye out for new features that might capture your imagination. ProxyJump hasn't been around for long, and it's very handy.

I do recall instances that SSH...

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Understand and implement the core system administration tasks in Linux
  • Discover tools and techniques to troubleshoot your Linux system
  • Maintain a healthy system with good security and backup practices

Description

Linux is one of the most widely used operating systems among system administrators,and even modern application and server development is heavily reliant on the Linux platform. The Linux Administration Cookbook is your go-to guide to get started on your Linux journey. It will help you understand what that strange little server is doing in the corner of your office, what the mysterious virtual machine languishing in Azure is crunching through, what that circuit-board-like thing is doing under your office TV, and why the LEDs on it are blinking rapidly. This book will get you started with administering Linux, giving you the knowledge and tools you need to troubleshoot day-to-day problems, ranging from a Raspberry Pi to a server in Azure, while giving you a good understanding of the fundamentals of how GNU/Linux works. Through the course of the book, you’ll install and configure a system, while the author regales you with errors and anecdotes from his vast experience as a data center hardware engineer, systems administrator, and DevOps consultant. By the end of the book, you will have gained practical knowledge of Linux, which will serve as a bedrock for learning Linux administration and aid you in your Linux journey.

Who is this book for?

If you are a system engineer or system administrator with basic experience of working with Linux, this book is for you.

What you will learn

  • Install and manage a Linux server, both locally and in the cloud
  • Understand how to perform administration across all Linux distros
  • Work through evolving concepts such as IaaS versus PaaS, containers, and automation
  • Explore security and configuration best practices
  • Troubleshoot your system if something goes wrong
  • Discover and mitigate hardware issues, such as faulty memory and failing drives

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Dec 31, 2018
Length: 826 pages
Edition : 1st
Language : English
ISBN-13 : 9781789340280
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want

Product Details

Publication date : Dec 31, 2018
Length: 826 pages
Edition : 1st
Language : English
ISBN-13 : 9781789340280
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
€18.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
€189.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts
€264.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just €5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 111.97
Linux Administration Cookbook
€36.99
Learn Linux Shell Scripting – Fundamentals of Bash 4.4
€32.99
Hands-On System Programming with Linux
€41.99
Total 111.97 Stars icon

Table of Contents

14 Chapters
Introduction and Environment Setup Chevron down icon Chevron up icon
Remote Administration with SSH Chevron down icon Chevron up icon
Networking and Firewalls Chevron down icon Chevron up icon
Services and Daemons Chevron down icon Chevron up icon
Hardware and Disks Chevron down icon Chevron up icon
Security, Updating, and Package Management Chevron down icon Chevron up icon
Monitoring and Logging Chevron down icon Chevron up icon
Permissions, SELinux, and AppArmor Chevron down icon Chevron up icon
Containers and Virtualization Chevron down icon Chevron up icon
Git, Configuration Management, and Infrastructure as Code Chevron down icon Chevron up icon
Web Servers, Databases, and Mail Servers Chevron down icon Chevron up icon
Troubleshooting and Workplace Diplomacy Chevron down icon Chevron up icon
BSDs, Solaris, Windows, IaaS and PaaS, and DevOps Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.6
(5 Ratings)
5 star 80%
4 star 0%
3 star 20%
2 star 0%
1 star 0%
Thomas Aug 18, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Huge content, large number of topics covered in great detail
Subscriber review Packt
romeo Nov 01, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Never read a technology book on linux with such a fine sense of humour. Wish more technologyauthors were like him
Amazon Verified review Amazon
Anthony Apr 16, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book provides a both a great grounding to someone starting a career in Linux administration but also to more experienced IT professionals wanting to complete their Linux toolbox.This book has loads to offer me as an experienced software developer who dips in and out of server maintenance. I like the fact it goes into a lot of detail, this book is huge, and covers a very broad range of subjects. I can see me using it as a reference for years to come.It also provides instructions for how to set up virtual machine to try out the concepts and lots of code examples. Invaluable to someone new to the field who might treat the book more as a long series of tutorials.
Amazon Verified review Amazon
Donald A. Tevault Feb 20, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Okay, first off, I have to disclose that I was the tech editor for the last seven chapters of this book, and I'm also a fellow Packt Publishing author. Now, with that out of the way, here's what I think.Being tech editor for this book was very enjoyable. The author's writing style is brilliant, and he knows how to use humor to hold the reader's attention. (So, if you're in need of a sleeping aid, sorry, you'll have to look elsewhere.)The book is chock full of good, hands-on recipes, many of which are introductions to technologies that you may not have tried before. For example, you'll find good introductions to things like Ansible, Nagios, Icinga, and SELinux. The recipes are easy-to-follow, and even include directions on how to set up your own virtual machines in order to perform the experiments.So, bottom line, if you want to expand your knowledge about Linux administration, just buy this book. (You'll be glad that you did.)
Amazon Verified review Amazon
Williamson11B Sep 05, 2021
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
My issue isn't with the book, the book gets great reviews in physical format.I however have the digital edition on the Kindle app and something like 70% of the book is missing. Not the 1st time either as I have this same issue with CCNA on the Kindle app. Thousands of missing pages.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.