This guide walks through setting up SSH between two machines on the same network, logging into another system, and managing logs.
2. SSH Key-Based Authentication
- Checking Network Connectivity
Ensure both machines are on the same network and get their IP addresses:
On Machine A:
ifconfig Or ip a
On Machine B:
- Testing Ping
Check connectivity between machines:
- Login to Machine B
a) Verify the user is available:
b) Log in as the user ritik from Machine A:
c) On Machine B, verify the directory and file:
Create a file as user ritik through Machine A:
Verify on Machine B:
- Login as Root
Log in as the root user on Machine B:
- Generate SSH Key on Machine A:
Files: id_rsa (private key) and id_rsa.pub (public key)
- Copy Public Key to Machine B:
Enter the password when prompted.
- Verify Password-less Login:
- Edit SSH configuration on Machine B:
vim /etc/ssh/sshd_config
- Add the following lines under Authentication:
AllowUsers ritik root
DenyUsers harry
- Restart the SSH service:
- Test logging in with different users:
ssh [email protected] # Should fail
ssh [email protected] # Should succeed
- A. View logs:
Explain:
System Logs:
-
boot.log: Contains logs related to the system boot process.
-
messages: General system messages that may contain errors, warnings, or general system activity.
-
secure: Contains authentication and authorization logs, such as SSH login attempts, sudo, and other security-related events.
-
cron: Logs related to cron jobs, which are scheduled tasks on the system.
-
lastlog: Contains information about the last login times for all users.
-
wtmp: A binary file that logs all logins and logouts on the system.
-
btmp: Logs failed login attempts.
-
audit: Contains audit logs, which track various security-relevant events on the system.
VMware Logs:
- vmware-network.log, vmware-vmsvc-root.log, etc.: Logs related to VMware virtual machines and services. These files might be used for diagnosing issues with VMware tools or networking.
Application-Specific Logs:
-
dmesg: Kernel logs related to system hardware and driver issues.
-
firewalld: Logs related to the firewall service.
-
sssd: Logs for the System Security Services Daemon, which provides authentication services.
-
rhsm: Red Hat Subscription Manager logs.
-
insights-client: Logs from the Red Hat Insights client, which provides system diagnostics.
Other Logs:
-
tuned: Logs related to the tuning of system settings for performance.
-
cups: Logs from the Common Unix Printing System, related to printer management.
-
xferlog: Logs related to FTP transfers.
-
samba: Logs related to the Samba file-sharing service.
Older Log Files:
- messages-20241124, secure-20241124: These are archived log files, probably for previous dates. They can be helpful for reviewing past events.
-
B. Use journalctl for logs:
journalctl is a command-line utility used to query and display log entries from the systemd journal. This tool is part of the systemd suite and is used to view logs recorded by system services, the kernel, and other system components in a centralized manner.
a) View the last 5 logs:
b) View detailed logs:
journalctl -xe
shows the most recent log entries and adds extra details, making it easier to troubleshoot errors, warnings, or system issues.
c) View logs with specific priority:
-Error logs
journalctl -p err or journalctl -p 3
Check more:
C. Filter logs by PID or service:
- by PID
- by service
- Create a custom log file:
- Configure rsyslog:
Add:
*.debug /var/log/MY_log
- Restart the rsyslog service:
systemctl restart rsyslog.service
- Test by adding logs:
The logger command in Linux is used to write custom messages to the system log (typically managed by rsyslog or journalctl). The command interacts with the syslog system, allowing users or scripts to log messages for troubleshooting, auditing, or informational purposes.
