Install CentOS server

Download the minimal mirror CentOS-7-x86_64-Minimal-2009.iso from CentOS Official SIte.

Basic configuration

1
2
3
4
5
ifconfig
ip addr

# The system configuration file
cat /etc/sysconfig/network-scripts/ifcfg-ens33 [Your network name varies]

Solution to VMware bridge connection: Solution

e.g. IP address for CentOS server virtual machine on my PC: 192.168.0.120

Network protocols

HTTPS, TLS, SSL, SSH, FTP, TELNET (this protocol is prohibited because of security reason),
There are too many protocols in Computer Networks, do some further reading by yourself.

SSH (Secure SHell)

1
ssh

Encryption & Decryption / SSH

Symmetric-key Encryption

Encrypt plaintext using only one key.

message(m) –> Encrypt(superKey) –>E(m)

E(m) –> Decrypt(superKey) –> message(m)

Hacker can access the key when client connect to server first.

Asymmetric-Key Encryption

Similar to Symmetric one, but with two key: public key and private key.

public to encrypt and private one for decrypt.

e.g. RSA algorithm

SSH combine both encryption methods: client and server transmute the asy-encryption’s key, then use the sy-encryption way to communicate. (do some research on this yourself)

Make your server (or client) ‘SSH-enabled’

First step: install OpenSSH
openssh-clients for clients and openssh-server for servers. (This requires client-server model)

Second step: what you are going to do on your machine is:

1
2
3
4
5
6
7
8
9
sudo systemctl start sshd
# another option is : sudo systemctl enable sshd

#other useful command
#sudo systemctl stop sshd
#sudo systemctl restart sshd
#sudo systemctl status sshd

#sudo systemctl list-unit-files =>used to see what tools that installed are activated

Common SSH tools on Windows: Putty, XShell, SecureCRT, MobaXterm | on Linux: just install openssh-clients | no need for macOS

SSH to the server (on Linux Client)

1
2
ssh roo@192.168.0.120 
# ssh [user_name]@[server]

Configure SSH using ‘config’ file (on Linux server)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# for client, common args in file: Host, HostName, Port, User
/etc/ssh/ssh_config
# for server, common args in file: Port, PermitRootLogin, PasswordAuthentication, PubkeyAuthentication, PermitEmptyPasswords
/etc/ssh/sshd_config

# The global config file above do changes to all user, be careful

PermitRootLogin no
# for current user (you, you can be client/server )
~/ .ssh/config

# if no such folder, run: ssh localhost, if no config file on client,run:
[mo@mos-computer .ssh]$ touch config
[mo@mos-computer .ssh]$ chmod 600 config
[mo@mos-computer .ssh]$ nano config
[mo@mos-computer .ssh]$ cat config 
Host Mo
	HostName 192.168.0.120
	Port 22
	User root
[mo@mos-computer .ssh]$ ssh Mo
root@192.168.0.120's password: 
Last login: Mon Mar  8 00:50:12 2021 from localhost
[root@localhost ~]# 

# after modificatte the config file, it is more convenient to log in

# man sshd_config/ man ssh_config to see more details

# Activate config changes immediately: systemctl restart sshd

SSH log in without password (pubKey log in)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
[mo@mos-computer ~]$ ssh-keygen
# you can use -t to specify key algorithm type
Generating public/private rsa key pair.
Enter file in which to save the key (/home/mo/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/mo/.ssh/id_rsa.
Your public key has been saved in /home/mo/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:CL4VZcWLLahJK3bHxnTPmMcmu9oebOAD8Sq4pn4NPaA mo@mos-computer
The key's randomart image is:
+---[RSA 2048]----+
|        oo.      |
|       o  .      |
|    o .. o .     |
|   o.+oo+ o      |
|  ..=B=.SB       |
| Eo.=O=o+ *      |
|...o=o+ +=       |
| o o . +..       |
|*..   .o+.       |
+----[SHA256]-----+
[mo@mos-computer ~]$ cd .ssh
[mo@mos-computer .ssh]$ ls
config  id_rsa  id_rsa.pub  known_hosts
[mo@mos-computer .ssh]$ cat id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA6sB0mGq1VsP5bqvd4QLNrzwW56MhfKXTOCugr9YCkAVEIMCU
KmM0EFcyBq1wCH94UE6EvnuyTBSwYl6JoJrPb40cFRSYjSVHkk+luX/iWtVZiqHZ
sqTxE+W/fIPtq7Q2BwG+gY/I/zPymwDrP0dGI/JF9yl4MwCk+b/CUi8ssj1OjPR1
eylxgn1Frb/1qjucW/QEShI6m+7kRUtGQJNwPOGKDIoAsdPFF4TLeeRjb3ji6iLR
OjLLCgjfwPv4O8j+z4uyXkUloQAXsL/sCE6N03vuqu/KZ9hzEJAxMPPr3miFqhvP
hDIUN2MQVvSxiweTP/suEAwMJY8FcBIiibtNnwIDAQABAoIBAEM3OetOWn/ueyQa
J9y+ncA4F2LZzcPQA0uJCmhugatVJq2uFn6Qix7GqLdKv9JfFUcBRHb6GhI4tkxk
P0nyKcUKBWlvzUJU00psbcpQeLKDdjEAqMHDApgs54gyikHoxrN452BXmDiiWivR
tooW0VmHjEr538XSwGoWYwB/K3AZGzo1/xgV/xhDnNbbjnJWTBFsTX3qyAfNhigB
JEA2q8GD3N1kxUG2HfatxkFBYyB3FtYTccSPCjkOif+acvQeoqhkVFGgOYZaj6YL
BM2X6qvF1bSxLNYZB4UKmdXZiGyznrfDnv6STUcyqe+yjzla0iyuQ2AUOUx550qs
wJxXuvECgYEA/9Y+jbvJaMRveibg2nSsjjERoE4rx06Mjgmp59tZ1YNVuzFNM2iR
UP05/e63JxQgYmh0VIVr05cSOOGGIklr6HuffU1d31S7RrOJx7J+LmZ7C7nQMlA0
sdbxccL/LI/JpcOvXmWAMgDNjONEt7lDqnJAZ86PbR2C/WrH0C3EJqcCgYEA6ubF
Ds3/omS2s04dF+HFQ8k6ElFFTo4mmOVu+FvhiwGVU0QnFoMZLQ5G3HRUncCHUZML
aGR+g8KR+9KB7dAua2bN0OBwKRvgw0isGK0dmVCX0dc7UmqyUQPlBYSja8x1Kfyg
+2yTTKUBrrGFkAmI7Q2f7OZt2t8Ff/F7HeOieEkCgYBtma76sTQ7ucu4HOe/LrSt
xb+zWUnP/IqiXul29rWpjrYvl5NnLqjydUley+GS0EB/aBhODUqAPvwDejoofiPI
WQ2edIJ+pqIES+3+qyz7W9Pi1hunMk0g0uBkyBDhWkgcx5RdcEZXJZjpfoN14dxn
LMMCta8kI7x2LESlnrWliQKBgQCglAsH2Ni1KcYfgvmudr9EXI4fMYGAdvp5sPYQ
P7dKMFXlKwTRheMzArx8PeYORSv8HtpAjdpStjLXhAsgCB2DfC6caKEj6RPYS5ih
8c33Hbn7T/gUmi215kSsZgTVT1qUzkc6OPnk/jPNOTvFwE7jRloaN1fHtIfs86Yn
Q5KwSQKBgQDvInpamHWJaQCI43g0jaQwnzRP7CcBQz/gppLktLnAjzo1io70HsKN
joMVaBUz8rO+bwS/fXbS7QQ7vN3otLxzAv0Fb8eHCC30E4W4mGLMehzAd/QVB6O+
LK8Vv9f8Z74RGj7jhuoBfvmS/N36B4ZvqqD8gqmD96QsmA19Pa0Izg==
-----END RSA PRIVATE KEY-----
[mo@mos-computer .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqwHSYarVWw/luq93hAs2vPBbnoyF8pdM4K6Cv1gKQBUQgwJQqYzQQVzIGrXAIf3hQToS+e7JMFLBiXomgms9vjRwVFJiNJUeST6W5f+Ja1VmKodmypPET5b98g+2rtDYHAb6Bj8j/M/KbAOs/R0Yj8kX3KXgzAKT5v8JSLyyyPU6M9HV7KXGCfUWtv/WqO5xb9ARKEjqb7uRFS0ZAk3A84YoMigCx08UXhMt55GNveOLqItE6MssKCN/A+/g7yP7Pi7JeRSWhABewv+wITo3Te+6q78pn2HMQkDEw8+veaIWqG8+EMhQ3YxBW9LGLB5M/+y4QDAwljwVwEiKJu02f mo@mos-computer
[mo@mos-computer .ssh]$ ssh-copy-id root@192.168.0.120
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.0.120's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.0.120'"
and check to make sure that only the key(s) you wanted were added.

# if addr of key is not in default location, use -i to specify,read the manual

[mo@mos-computer .ssh]$ ssh Mo
Last login: Mon Mar  8 00:55:14 2021 from 192.168.0.106
[root@localhost ~]# 

# Above process generated a public key (using RSA) and copy this key from client to server's ~/.ssh/authorized_keys folder and thus completed the log in without needing root user's password.

However if you want to return to log in mode, here is the option:

1
2
3
4
5
6
7
8
9
ssh -o PreferredAuthentications=password -o PubKeyAuthentication=no [user_name]@[host]

[mo@mos-computer .ssh]$ ssh -o PreferredAuthentications=password -o PubKeyAuthentication=no root@192.168.0.120
root@192.168.0.120's password: 
Last login: Mon Mar  8 01:06:37 2021 from 192.168.0.106
[root@localhost ~]# exit
logout
Connection to 192.168.0.120 closed.