Simulating Remote Hosts¶
Some of the class examples involve communicating with remote unix servers.
Since the class will not necessarily have access to real remote servers, we will
use /etc/hosts
to simulate remote servers using only our local system.
Earlier we installed package openssh-server
, the OpenSSH secure shell
server. This will allow us to login to our VMs using SSH.
/etc/hosts
¶
When a unix system attempts to resolve a domain name into an IP address, it first looks in
the file /etc/hosts
. If an entry is found, the name is resolved to that
address. Otherwise, the system then queries a DNS server.
We will add two entries, named newyork
and seattle
to our /etc/hosts
file, pointing those names to 127.0.0.1, the loopback IP address. (I.e.
pointing them back at our local host.)
Initially your /etc/hosts
file should look something like this:
127.0.0.1 localhost
127.0.1.1 sbtrain-vbox
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
Modify it to look like this:
127.0.0.1 localhost
127.0.0.1 newyork
127.0.0.1 seattle
127.0.1.1 sbtrain-vbox
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
SSH Key Setup¶
We will now configure our VM’s SSH keys, so we can login without typing our credentials.
Generate a Key Pair¶
Generate a new public/private SSH keypair:
student@sbtrain-vbox:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/id_rsa):
Created directory '/home/student/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/student/.ssh/id_rsa.
Your public key has been saved in /home/student/.ssh/id_rsa.pub.
The key fingerprint is:
38:a2:64:4a:9b:25:17:36:67:4b:a0:4a:42:ae:0e:90 student@sbtrain-vbox
The key's randomart image is:
+--[ RSA 2048]----+
| . . |
|o.. . |
|E+ + + |
|* . * .. |
|+ooo..o S |
|++*. . . |
|.+. |
| |
| |
+-----------------+
student@sbtrain-vbox:~/.ssh$ ls
id_rsa id_rsa.pub
Authorized Keys¶
Create an authorized_keys
file containing the newly created public key:
student@sbtrain-vbox:~/.ssh$ cat id_rsa.pub >> authorized_keys
Verify Key Fingerprints¶
For each of our simulated hosts, we will need to verify the SSH key fingerprint one time before we can do fully automated logins:
student@sbtrain-vbox:~/.ssh$ ssh seattle
The authenticity of host 'seattle (127.0.0.1)' can't be established.
ECDSA key fingerprint is f3:c7:4b:87:c2:31:6d:ef:44:45:85:9a:21:e6:3c:7b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'seattle' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 12.04.1 LTS (GNU/Linux 3.2.0-29-generic-pae i686)
* Documentation: https://help.ubuntu.com/
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
student@sbtrain-vbox:~$ exit
logout
Connection to seattle closed.
student@sbtrain-vbox:~/.ssh$
Repeat the same command for newyork
and localhost
.
Automatic Login¶
If you have completed all steps above successfully, you should now be able to login to any of our “remote” hosts without any keyboard interaction:
student@sbtrain-vbox:~/.ssh$ ssh seattle
Welcome to Ubuntu 12.04.1 LTS (GNU/Linux 3.2.0-29-generic-pae i686)
* Documentation: https://help.ubuntu.com/
Last login: Mon Nov 5 16:50:03 2012 from localhost
student@sbtrain-vbox:~$ exit
logout
Connection to seattle closed.
student@sbtrain-vbox:~/.ssh$