1 00:00:00,000 --> 00:00:03,120 [No audio] 2 00:00:03,120 --> 00:00:06,360 SSH and TELNET. These are the two main 3 00:00:06,360 --> 00:00:09,360 services that run in Linux to accept 4 00:00:09,360 --> 00:00:13,680 connections from outside. Telnet is an 5 00:00:13,710 --> 00:00:16,170 old and unsecure connection between two 6 00:00:16,170 --> 00:00:19,980 computers. And a lot of companies don't 7 00:00:19,980 --> 00:00:25,230 use telnet anymore. The SSH is a newer 8 00:00:25,920 --> 00:00:29,700 connection established protocol that is 9 00:00:29,730 --> 00:00:33,720 completely secure. There are two types 10 00:00:33,720 --> 00:00:36,090 of packages for most of the services 11 00:00:36,090 --> 00:00:39,090 that you see on a Linux machine. One is 12 00:00:39,090 --> 00:00:41,490 a client package, and the other one is a 13 00:00:41,490 --> 00:00:46,410 server package. So you have a server, it 14 00:00:46,410 --> 00:00:50,220 sends a connection request, an SSH 15 00:00:50,220 --> 00:00:54,300 request, to another server. So in this 16 00:00:54,300 --> 00:00:57,180 case, you are the client and the 17 00:00:57,390 --> 00:00:59,400 computer you are trying to connect is a 18 00:00:59,400 --> 00:01:02,340 server. So let's take it the other way. 19 00:01:02,580 --> 00:01:06,000 So if you on the right hand side, and 20 00:01:06,000 --> 00:01:07,710 the server is on the right hand side, 21 00:01:07,710 --> 00:01:11,130 when it tries to sync it's time to you, 22 00:01:11,610 --> 00:01:15,480 as through the NTP protocol, then it's 23 00:01:15,480 --> 00:01:17,220 no longer the server, it becomes a 24 00:01:17,220 --> 00:01:20,670 client, and then you become the server. 25 00:01:21,300 --> 00:01:24,300 So let's look at our SSH and telnet. 26 00:01:24,540 --> 00:01:27,420 Both of these, those services that we 27 00:01:27,420 --> 00:01:29,790 have and how they work in our computer. 28 00:01:29,790 --> 00:01:34,080 [No audio] 29 00:01:34,080 --> 00:01:35,910 I will connect it through the PuTTY 30 00:01:35,910 --> 00:01:40,620 session, and I'll confirm I am root. 31 00:01:40,980 --> 00:01:44,310 Let's clear the screen. And the service 32 00:01:44,370 --> 00:01:47,580 that runs, the first one is telnet. So 33 00:01:48,090 --> 00:01:50,250 when you run telnet, you will see it 34 00:01:50,250 --> 00:01:53,280 says command not found. Why? Because by 35 00:01:53,280 --> 00:01:56,250 default, now Linux don't include telnet 36 00:01:56,760 --> 00:01:59,400 in the installation. So if you have to 37 00:01:59,430 --> 00:02:01,650 install telnet, you will have to do 38 00:02:01,650 --> 00:02:06,750 yum install telnet, and it will go to 39 00:02:06,750 --> 00:02:09,720 the repositories, and it will find, it 40 00:02:09,720 --> 00:02:13,620 will match the the option I have for 41 00:02:13,620 --> 00:02:16,350 telnet, and it found one package. And 42 00:02:16,350 --> 00:02:18,090 it's telling me, do you want to download? 43 00:02:18,600 --> 00:02:20,580 Now we will not be using telnet in our 44 00:02:20,580 --> 00:02:24,090 environment, but if there is, if you are 45 00:02:24,090 --> 00:02:26,730 troubleshooting, telnet is sometimes a 46 00:02:26,730 --> 00:02:29,190 tool that allows you to troubleshoot 47 00:02:29,190 --> 00:02:31,320 some of the issue, some of the network 48 00:02:31,320 --> 00:02:33,480 communication issues. But for this 49 00:02:33,480 --> 00:02:35,520 lesson, we'll just skip that, and we 50 00:02:35,520 --> 00:02:38,700 don't want to download that. Next one, 51 00:02:38,700 --> 00:02:42,420 we have the SSH. Do we have SSH? Yes, we 52 00:02:42,420 --> 00:02:45,270 do, that's why we got this usage of SSH. 53 00:02:45,630 --> 00:02:48,900 We could do ssh to followed by the IP 54 00:02:48,900 --> 00:02:51,720 address of the remote computer. But 55 00:02:51,720 --> 00:02:53,340 since we don't have a remote computer, 56 00:02:53,460 --> 00:02:55,290 we'll just say local computer, which is 57 00:02:55,290 --> 00:02:57,510 the same box that we're trying, we are 58 00:02:57,510 --> 00:02:59,940 already logged into. When you do, hit 59 00:02:59,940 --> 00:03:03,780 enter, yes, you're logging in as root. 60 00:03:03,780 --> 00:03:07,110 So put in the root password. And you log 61 00:03:07,140 --> 00:03:09,000 into the same machine that you were 62 00:03:09,000 --> 00:03:11,850 logged in before. So you can create as 63 00:03:11,850 --> 00:03:14,670 many sessions as you want. So you can 64 00:03:14,730 --> 00:03:17,130 exit out and you will come back to your 65 00:03:17,160 --> 00:03:22,530 first session. To check the service of 66 00:03:22,560 --> 00:03:28,500 sshd, we'll run ps -ef to see if the 67 00:03:28,500 --> 00:03:31,080 process is running. And you'll see the 68 00:03:31,080 --> 00:03:37,276 process is right here. It says /usr/sbin/sshd. 69 00:03:37,276 --> 00:03:39,120 This is the process that is 70 00:03:39,120 --> 00:03:42,270 actually listening for all the incoming 71 00:03:42,270 --> 00:03:46,200 traffic. If I stopped this process, I 72 00:03:46,200 --> 00:03:49,290 will not be able to log into this 73 00:03:49,290 --> 00:03:52,380 machine anymore. But before we do that, 74 00:03:52,380 --> 00:03:56,580 I wanted to check my IP, and my IP 75 00:03:56,580 --> 00:04:03,150 address is 192.168.1.12. And let's 76 00:04:03,150 --> 00:04:12,120 go ahead and stop the sshd service, and 77 00:04:12,120 --> 00:04:14,910 you hit enter, you get the prompt back. 78 00:04:15,270 --> 00:04:17,430 It means it's not running. You could do 79 00:04:17,430 --> 00:04:21,750 ps -ef again to grep it, and you 80 00:04:21,750 --> 00:04:26,700 will see the sshd and sshd this is, this 81 00:04:26,790 --> 00:04:28,890 already established connections, this is 82 00:04:28,890 --> 00:04:32,610 telling me, but it is not showing the one 83 00:04:32,610 --> 00:04:35,790 we looked for before. We just use it as 84 00:04:35,850 --> 00:04:40,350 an sshd. So it means it will not accept 85 00:04:40,380 --> 00:04:43,710 any incoming sessions anymore. How can 86 00:04:43,710 --> 00:04:45,960 we confirm that? Let's log into a new 87 00:04:45,960 --> 00:04:49,230 PuTTY, session and I will put in the IP 88 00:04:49,230 --> 00:04:54,840 address of this machine again 192.168.1.12. 89 00:04:54,840 --> 00:04:57,420 [No audio] 90 00:04:57,420 --> 00:04:59,730 See, it says network error connection refused 91 00:05:00,000 --> 00:05:03,030 because there is no SSHD daemon that 92 00:05:03,030 --> 00:05:06,540 is running. So we'll click OK. Close 93 00:05:06,540 --> 00:05:09,480 this out, and this time we'll start the 94 00:05:09,480 --> 00:05:17,640 sshd process. It has started because we 95 00:05:17,640 --> 00:05:20,820 got a prompt back. How do we verify it? 96 00:05:21,180 --> 00:05:24,840 You can run ps -ef again sshd, and 97 00:05:24,840 --> 00:05:27,780 you will see right here, the process is 98 00:05:27,780 --> 00:05:30,420 running now. Now it will accept the 99 00:05:30,420 --> 00:05:33,150 connection. Another way to find out if 100 00:05:33,150 --> 00:05:35,550 that service is running is by doing 101 00:05:35,550 --> 00:05:44,130 systemctl status sshd, and right here 102 00:05:44,130 --> 00:05:48,450 is telling you active, active, and 103 00:05:48,450 --> 00:05:53,910 running. So now if you try to connect to 104 00:05:53,910 --> 00:05:56,220 that IP one it wants you to want that 105 00:05:56,220 --> 00:06:04,445 well, you should be able to 192.168.1.12. 106 00:06:04,445 --> 00:06:08,430 Bingo. You see how SSHD 107 00:06:08,430 --> 00:06:13,560 works. So this is how you could stop the 108 00:06:13,560 --> 00:06:16,080 connection to your server or refine or 109 00:06:16,080 --> 00:06:19,350 restrict your computer. This is 110 00:06:19,410 --> 00:06:24,180 an enhanced way to implement security on 111 00:06:24,180 --> 00:06:26,190 your system. Good luck. 112 00:06:26,190 --> 00:06:28,267 [No audio]