RHCE Objectives: Network services
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
- Install the packages needed to provide the service
- Configure SELinux to support the service
- Use SELinux port labeling to allow services to use non-standard ports
- Configure the service to start when the system is booted
- Configure the service for basic operation
- Configure host-based and user-based security for the service
- Configure key-based authentication
- Configure additional options described in documentation
Install: yum install sshd (technically it’s already in place but to satisfy the listing above). You’ll need to add it to the firewall if it’s not there already: firewall-cmd –permanent –add-service=ssh; firewall-cmd –reload
Configure SELinux to support: Should already be there
Use SELinux Port labeling: See NTP. You’ll need to change /etc/ssh/sshd_config port command if you use a different port.
Configure the service to start: systemctl enable sshd
Configure the service for basic operation: again, already started.
Configure host-based and user-based security for the service:
http://www.certdepot.net/rhel7-configure-ssh-key-based-authentication/
Configure key-based authentication: Simple enough. In your home directory, create a .ssh directory chmod 700. Run ssh-keygen -t rsa and hit enter through the prompts. On the second machine, create a .ssh directory also chmod 700 and copy the id_rsa.pub file from server 1 to server to:.ssh/authorized_keys
Configure additional options: Edit the /etc/ssh/sshd_config file. The file itself is pretty clearly documented. Commented out commands show the default option. Restart the service after changes (systemctl restart sshd).