Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Linux Administration Cookbook
Linux Administration Cookbook

Linux Administration Cookbook: Insightful recipes to work with system administration tasks on Linux

eBook
₱1399.99 ₱2000.99
Paperback
₱2500.99
Subscription
Free Trial

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Linux Administration Cookbook

Remote Administration with SSH

The following recipes will be covered in this chapter:

  • Generating and using key pairs with ssh-keygen
  • SSH client arguments and options
  • Using a client-side SSH configuration file
  • Modifying the server-side SSH configuration file
  • Rotating host keys and updating known_hosts
  • Using local forwarding
  • Using remote forwarding
  • ProxyJump and bastion hosts
  • Using SSH to create a SOCKS Proxy
  • Understanding and using SSH agents
  • Running multiple SSH servers on one box

Introduction

In the first chapter, we SSH'd to our VM using one command:

$ ssh adam@127.0.0.1 -p2222
adam@127.0.0.1's password:
Last login: Mon Aug 6 17:04:31 2018 from gateway
[adam@localhost ~]$

In this chapter, we're going to expand on this, looking at making connecting easier with SSH key pairs; running over the security benefits of SSH; making changes to both the client and server side configuration; setting up a port forward and reverse port forward connections; learning about ProxyJump and bastion hosts, as well as setting up a temporary proxy with SSH; and finally, we're going to look at SSH agents and setting up an additional SSH server on our VM.

This chapter assumes that you have a rudimentary understanding of SSH.

Technical requirements

As introduced in the first chapter, we're going to use Vagrant and VirtualBox for all of our work in this chapter and those going forward. This allows us to quickly provision infrastructure for testing, and saves you the manual job of creating multiple VMs each time.

If you really, really, don't want to use VirtualBox or Vagrant, then you don't have to, and I've tried to keep the examples as generic as possible, but you will probably find it much easier if you do.

I've put together the following Vagrantfile for use in this chapter:

# -*- mode: ruby -*-
# vi: set ft=ruby :

$provisionScript = <<-SCRIPT
sed -i 's#PasswordAuthentication no#PasswordAuthentication yes#g' /etc/ssh/sshd_config
systemctl restart sshd
SCRIPT

Vagrant.configure("2") do |config|
config.vm.provision "shell",
inline: $provisionScript...

Generating and using key pairs with ssh-keygen

Passwords are great, but they're also terrible.

Most people use weak passwords, and while I hope that's not you, there's always the chance that someone in your team doesn't have the discipline you do, and resorts to football99 or similar for connecting to your shared remote host.

With password access enabled, anyone might be able to connect to your server from any country by brute-forcing their way into your machine, given enough time and enough processing power.

I say "might" because as long as you use secure passwords of a decent length, passwords can be hard to guess, even with the power of a sun. Consult your company security policy when deciding these things, or read up on the best practices at the time you're writing the policy yourself.

Here's where keys come in.

SSH keys are based on...

SSH client arguments and options

SSH is a powerful piece of software, as we've already discussed, and while it can be used in a very simple way to enable access to your server, it is also extremely flexible.

In this section, we're going to look at common flags that are used with SSH in environments that may have different requirements.

We will be using the same Vagrant boxes as before.

Getting ready

As with the previous section, confirm that both of your Vagrant boxes are enabled, and connect to the first using the vagrant command:

$ vagrant ssh centos1

How to do it...

...

Using a client-side SSH configuration file

While it's nice to be able to manipulate SSH using command-line arguments, it's also nice to not have to bother.

If you've got a system you work on day in and day out, it can be beneficial to configure your setup with your typical arguments on a permanent basis. This is where the client-side SSH configuration file comes in.

On our example box, the default ssh_config file is located in the /etc/ssh/ directory. Open this file to have a look if you like, but don't make any changes yet.

Getting ready

As with the previous section, confirm that both of your Vagrant boxes are enabled, and connect to the first using the vagrant command:

$ vagrant ssh centos1

To configure...

Modifying the server-side SSH configuration file

For the last few sections, we've been focusing on the client configuration. We've tweaked our connection string on the command line and we've written a configuration file to be read automatically by SSH when connecting to our second host.

In this section, we're going to take a look at the sshd_config file, or the server-side of the configuration tango, on our second host.

We're going to make a few example and routine changes to get you familiar with the concept.

Getting ready

Connect to both centos1 and centos2. Doing this from outside (in separate windows, and using vagrant ssh) is best:

$ vagrant ssh centos1
$ vagrant ssh centos2

Place your Terminal...

Rotating host keys and updating known_hosts

One thing we've not mentioned yet are host keys, and the known_hosts file.

This is something that is often overlooked, so I'd like to take a few minutes to go over these otherwise-ignored treasures.

In this section, we will inspect what happens when you first SSH to a new machine, and then we will change the keys of that machine to see what problems this causes us.

Getting ready

Connect to centos1 and centos2 in different sessions:

$ vagrant ssh centos1
$ vagrant ssh centos2

If you're working on a fresh setup, SSH to centos2 from centos1 and accept the host key when you're presented with it.

Log back out of centos2:

[vagrant@centos1 ~]$ ssh 192.168.33.11
The authenticity...

Technical requirements

Confirm that both of your Vagrant boxes are enabled, and connect to both using the vagrant command.

If you've previously changed the SSH configuration file, it might be an idea to destroy your boxes and re-provision them first:

$ vagrant ssh centos1
$ vagrant ssh centos2

Using local forwarding

Local forwarding is the act of mapping local TCP ports or Unix sockets onto remote ports or sockets. It's commonly used when either accessing a system securely (by requiring the user to first SSH to the box, thus encrypting their connection), or for troubleshooting problems.

In this section, we're going to start a small webserver on centos2, which we're going to connect to from centos1, first by connecting to the IP and port directly, and then by a connection to a mapped local port, utilizing port forwarding.

Getting ready

On centos2, run the following command:

[vagrant@centos2 ~]$ python -m SimpleHTTPServer 8888
Serving HTTP on 0.0.0.0 port 8888 ...

You've just created a small, Python...

Using remote forwarding

In the previous section, we looked at the ability to forward local connection attempts to a remote machine.

In this section, we're going to look at something very similar: remote forwarding.

With remote forwarding, connection attempts made to a specified address and port on a remote machine are passed back through the SSH tunnel you've set up, and are processed on the local machine (your client).

Start on centos1.

Before we start it's worth noting that remote forwarding is a great way to punch holes out of networks, which means that it can also be a nightmare for security professionals charged with maintaining a network. With great power comes great etc.

Getting ready

Confirm that both...

ProxyJump and bastion hosts

We're going to take a look at one very new SSH option, a slightly older SSH option, and the concept of bastion hosts (or jump boxes) in this recipe.

We need three machines because we're going to use one machine as the "gateway" to another.

Getting ready

Set up your three VMs, preferably using the Vagrantfile at the top of this chapter.

Connect to each box, and then check that from centos1, you can ping centos2 and centos3:

[vagrant@centos1 ~]$ ping 192.168.33.11
PING 192.168.33.11 (192.168.33.11) 56(84) bytes of data.
64 bytes from 192.168.33.11: icmp_seq=1 ttl=64 time=2.54 ms
64 bytes from 192.168.33.11: icmp_seq=2 ttl=64 time=1.09 ms
64 bytes from 192.168.33.11: icmp_seq=3 ttl...

Using SSH to create a SOCKS Proxy

SSH is great.

I never get tired of talking about how great it is, and it would be remiss of me to not mention one of its best features: the ability to quickly and easily set up a SOCKS proxy.

In the previous sections, we forwarded individual ports, but what if we were using a bastion host to connect to a slew of different websites within a network? Would you like to add tens of lines to your SSH config file? Or manually type out each port and mapping every time?

I didn't think so.

That's where the -D flag comes in.

See -D [bind_address:]port in the SSH manual page (https://man.openbsd.org/ssh):

Specifies a local "dynamic" application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection...

Understanding and using SSH agents

One thing we touched on briefly was the concept of an SSH agent.

When you SSH to a server (after setting up a key) and you're prompted for a passphrase, what you're actually doing is decrypting the private key part of your public-private key pair (the id_rsa file by default), so that it can be used to verify that you are who you say you are against the remote host. It can get tedious to do this each time you SSH to a server, especially if you're managing hundreds or thousands of constantly changing boxes.

That's where SSH agents come in. They're somewhere for your now-decrypted private key to live, once you've given it the passphrase, for the duration of your session.

Once you've got your private key loaded into your agent, the agent is then responsible for presenting the key to any servers you connect to, without...

Running multiple SSH servers on one box

Sometimes, it can be a requirement to run multiple SSH servers on one box. You may want to use one for regular, day-to-day activities, and the other server for backups or automation.

In this case, it's perfectly possible to run two distinct versions of the SSH server at once.

We're going to use centos2 for this, setting up a secondary SSH server on port 2020.

Getting ready

If you haven't already, I would advise destroying your previous Vagrant boxes and deploying new ones for this.

Once new boxes are created, connect to both:

$ vagrant ssh centos1
$ vagrant ssh centos2

Install policycoreutils-python on centos2, for semanage later:

[vagrant@centos2 ~]$ sudo yum -y install...

Summary

While I've spent this chapter describing some brilliant things that SSH is capable of and singing its praises throughout, it's worth highlighting that it's still software, and it's also constantly evolving. Because it's software, it can have bugs and unexpected behavior, though the developers behind it are some of the best, what with it being part of the OpenBSD suite of software.

If you take anything away from this chapter, make it the following:

  • Use key-based authentication
  • Disable root login over SSH
  • Use a local SSH config file for connecting to remote machines

I'd highly recommend signing up to the various SSH mailing lists if you're a bit sad like I am, and keeping an eye out for new features that might capture your imagination. ProxyJump hasn't been around for long, and it's very handy.

I do recall instances that SSH...

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Understand and implement the core system administration tasks in Linux
  • Discover tools and techniques to troubleshoot your Linux system
  • Maintain a healthy system with good security and backup practices

Description

Linux is one of the most widely used operating systems among system administrators,and even modern application and server development is heavily reliant on the Linux platform. The Linux Administration Cookbook is your go-to guide to get started on your Linux journey. It will help you understand what that strange little server is doing in the corner of your office, what the mysterious virtual machine languishing in Azure is crunching through, what that circuit-board-like thing is doing under your office TV, and why the LEDs on it are blinking rapidly. This book will get you started with administering Linux, giving you the knowledge and tools you need to troubleshoot day-to-day problems, ranging from a Raspberry Pi to a server in Azure, while giving you a good understanding of the fundamentals of how GNU/Linux works. Through the course of the book, you’ll install and configure a system, while the author regales you with errors and anecdotes from his vast experience as a data center hardware engineer, systems administrator, and DevOps consultant. By the end of the book, you will have gained practical knowledge of Linux, which will serve as a bedrock for learning Linux administration and aid you in your Linux journey.

Who is this book for?

If you are a system engineer or system administrator with basic experience of working with Linux, this book is for you.

What you will learn

  • Install and manage a Linux server, both locally and in the cloud
  • Understand how to perform administration across all Linux distros
  • Work through evolving concepts such as IaaS versus PaaS, containers, and automation
  • Explore security and configuration best practices
  • Troubleshoot your system if something goes wrong
  • Discover and mitigate hardware issues, such as faulty memory and failing drives

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Dec 31, 2018
Length: 826 pages
Edition : 1st
Language : English
ISBN-13 : 9781789342529
Tools :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Dec 31, 2018
Length: 826 pages
Edition : 1st
Language : English
ISBN-13 : 9781789342529
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₱260 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₱260 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 7,553.97
Linux Administration Cookbook
₱2500.99
Learn Linux Shell Scripting – Fundamentals of Bash 4.4
₱2245.99
Hands-On System Programming with Linux
₱2806.99
Total 7,553.97 Stars icon

Table of Contents

14 Chapters
Introduction and Environment Setup Chevron down icon Chevron up icon
Remote Administration with SSH Chevron down icon Chevron up icon
Networking and Firewalls Chevron down icon Chevron up icon
Services and Daemons Chevron down icon Chevron up icon
Hardware and Disks Chevron down icon Chevron up icon
Security, Updating, and Package Management Chevron down icon Chevron up icon
Monitoring and Logging Chevron down icon Chevron up icon
Permissions, SELinux, and AppArmor Chevron down icon Chevron up icon
Containers and Virtualization Chevron down icon Chevron up icon
Git, Configuration Management, and Infrastructure as Code Chevron down icon Chevron up icon
Web Servers, Databases, and Mail Servers Chevron down icon Chevron up icon
Troubleshooting and Workplace Diplomacy Chevron down icon Chevron up icon
BSDs, Solaris, Windows, IaaS and PaaS, and DevOps Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.6
(5 Ratings)
5 star 80%
4 star 0%
3 star 20%
2 star 0%
1 star 0%
Thomas Aug 18, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Huge content, large number of topics covered in great detail
Subscriber review Packt
Williamson11B Sep 05, 2021
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
My issue isn't with the book, the book gets great reviews in physical format.I however have the digital edition on the Kindle app and something like 70% of the book is missing. Not the 1st time either as I have this same issue with CCNA on the Kindle app. Thousands of missing pages.
Amazon Verified review Amazon
romeo Nov 01, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Never read a technology book on linux with such a fine sense of humour. Wish more technologyauthors were like him
Amazon Verified review Amazon
Anthony Apr 16, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book provides a both a great grounding to someone starting a career in Linux administration but also to more experienced IT professionals wanting to complete their Linux toolbox.This book has loads to offer me as an experienced software developer who dips in and out of server maintenance. I like the fact it goes into a lot of detail, this book is huge, and covers a very broad range of subjects. I can see me using it as a reference for years to come.It also provides instructions for how to set up virtual machine to try out the concepts and lots of code examples. Invaluable to someone new to the field who might treat the book more as a long series of tutorials.
Amazon Verified review Amazon
Donald A. Tevault Feb 20, 2019
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Okay, first off, I have to disclose that I was the tech editor for the last seven chapters of this book, and I'm also a fellow Packt Publishing author. Now, with that out of the way, here's what I think.Being tech editor for this book was very enjoyable. The author's writing style is brilliant, and he knows how to use humor to hold the reader's attention. (So, if you're in need of a sleeping aid, sorry, you'll have to look elsewhere.)The book is chock full of good, hands-on recipes, many of which are introductions to technologies that you may not have tried before. For example, you'll find good introductions to things like Ansible, Nagios, Icinga, and SELinux. The recipes are easy-to-follow, and even include directions on how to set up your own virtual machines in order to perform the experiments.So, bottom line, if you want to expand your knowledge about Linux administration, just buy this book. (You'll be glad that you did.)
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.