SSH Server
Preparation
Note
Clone terlebih dahulu VM DebianZero menjadi Praktikum SSH Server dan rubah hostname dari VM Praktikum SSH Server Menjadi SSH-Server , setting pula IP Address untuk enp0s8 menjadi 192.168.10.2. Kemudian SSH dari CMD.
Warning
Jika error seperti dibawah ini ketika SSH
C:\Users\Monk>ssh useradmin@192.168.10.2
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:L/3cnhqkHGYiiyFzDHwFeR2HOIfb4azsKi1UCtBFl4Y.
Please contact your system administrator.
Add correct host key in C:\\Users\\Monk/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in C:\\Users\\Monk/.ssh/known_hosts:1
Host key for 192.168.10.2 has changed and you have requested strict checking.
Host key verification failed.
Ip Address dan Path known_hosts kalian.Installasi openssh-server
Membuat user sudo
Memasukkan User admin kedalam group sudo
root@SSH-Server:~# adduser admin sudo
Adding user `admin' to group `sudo' ...
Adding user admin to group sudo
Done.
Warning
apabila sudo command not found install terlebih dahulu sudo dengan apt-get install sudo
Testing
Failure
admin@SSH-Server:/root$ apt-get update
Reading package lists... Done
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
E: Unable to lock directory /var/lib/apt/lists/
W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)
W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)
Warning
Apabila muncul error seperti dibawah ini:
Masukkan perintah seperti di bawah ini :
Success
admin@SSH-Server:/root$ sudo apt-get update
sudo: unable to resolve host SSH-Server: No address associated with hostname
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for admin:
Get:1 http://mirror.poliwangi.ac.id/debian bullseye InRelease [116 kB]
Mengamankan SSH
Mengganti Port
Testing
C:\Users\Monk>ssh admin@192.168.10.2 -p 26
admin@192.168.10.2's password:
Linux SSH-Server 5.10.0-18-amd64 #1 SMP Debian 5.10.140-1 (2022-09-02) x86_64
_____ _______ _______
| __ \| __ \ \ / / ____|
| |__) | |__) \ \ / / (___
| _ /| ___/ \ \/ / \___ \
| | \ \| | \ / ____) |
|_| \_\_| \/ |_____/
admin@SSH-Server:~$
DIsable root Login SSH
nano /etc/ssh/sshd_config
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
Warning
Dengan konfigurasi diatas kita tidak dapat login menggunakan user root ketika SSH.
Testing
Failure
Disable root sbin/nologin
sudo nano /etc/passwd
root:x:0:0:root:/root:/usr/sbin/nologin
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
SSH KEY
Membuat Public Key dan Private Key
Perintah ini dilakukan di CMD
CMD
C:\Users\Monk>ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (C:\Users\Monk/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\Monk/.ssh/id_rsa
Your public key has been saved in C:\Users\Monk/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:qhM9dMIhzwQMHrK0Vy/aWncF9OK8E4oM1WCunksSz7o monk@LAPTOP-CPTQFMIT
The key's randomart image is:
+---[RSA 3072]----+
|..oo.= .o |
|.+..* * o |
|.... X + . o |
| . = B + o |
| . + = +S= |
| = B =.o o |
| . B +.o o |
| + o. . |
| E.... |
+----[SHA256]-----+
Copy public key ke Server
Perintah ini dijalankan di CMD
CMD
SSH Kedalam Server Melalui CMD.
Memindahkahkan C:\Users\Monk>scp -P 26 .ssh/id_rsa.pub admin@192.168.10.2:/home/admin
admin@192.168.10.2's password:
id_rsa.pub 100% 575 175.4KB/s 00:00
id_rsa.pub kedalam authorized_key
admin@SSH-Server:~$ ls
id_rsa.pub
admin@SSH-Server:~$ mkdir .ssh
admin@SSH-Server:~$ cat id_rsa.pub >> .ssh/authorized_keys
Success
CMD
C:\Users\Monk>ssh -p 26 -i .ssh/id_rsa admin@192.168.10.2
Linux SSH-Server 5.10.0-18-amd64 #1 SMP Debian 5.10.140-1 (2022-09-02) x86_64
_____ _______ _______
| __ \| __ \ \ / / ____|
| |__) | |__) \ \ / / (___
| _ /| ___/ \ \/ / \___ \
| | \ \| | \ / ____) |
|_| \_\_| \/ |_____/
Last login: Wed Aug 2 09:24:25 2023 from 192.168.10.101
admin@SSH-Server:~$
Tugas Praktikum !!!
- Buatlah sebuah kelompok yang terdiri dari 2 orang.
- Konfigurasikan SSH dengan ketentuan berikut :
- Buatlah User baru dengan nama teman kalian (B) pada server anda (A), dan buatlah user baru dengan nama anda sendiri (A) pada server teman kalian (B).
- Konfigurasikan agar SI A dapat melakukan SSH KEY ke Server B dan SI B dapat melakukan SSH KEY ke server A.
- Dokumentasikan lalu dikumpulkan via discord dengan format NAMA_SI_A-NAMA_SI_B-SSH_Server.doc/pdf