Configure new RHEL-5.5 VM on IBM cloud

From Notes_Wiki
Revision as of 05:31, 7 March 2013 by Saurabh (talk | contribs)

<yambe:breadcrumb>New machine configuration</yambe:breadcrumb>

Configuring new RHEL-5.5 VM on IBM cloud

Converting private key to ppk file using puttygen

  1. Download puttygen application from Internet
  2. Run puttygen and use 'Load' option to load supplied private key file.
  3. Then use 'Save private key' file to save private key in some safe location.

Note that by default IBM cloud images have root account disabled and allow only key based authentication for user named 'idcuser'. Hence we have to use the key file provided during VM creation to create PPK file and then use the PPK file to log into server using user 'idcuser'.


Logging into server with help of PPK file

  1. Start putty
  2. Type the VM IP address in the host name box.
  3. Go to 'Connection -> Data'. Type Auto-login username as 'idcsser'
  4. Go to 'Connection -> SSH -> Auth'. Select 'Allow attempted changes of username in SSH-2' Also use Browse button and select PPK file generated using puttygen in above steps.
  5. Again go to Session and type some descriptive name for VM in 'Saved Sessions' box. Click on 'Save' to save current session settings.
  6. Click on 'open' to connect to VM using idcuser.


Enabling login as root user

  1. Change root shell to using 'sudo /usr/sbin/usermod -s /bin/bash root' command.
  2. Try logging into root user using 'sudo su -' command.
  3. Install vim using 'yum install vim-enhanced' command.
  4. Edit '/etc/ssh/sshd_config' file and make following changes:
    PermitRootLogin yes
    PasswordAuthentication yes
    Comment line 'Allowedusers idcuser'
  5. Use 'passwd' command to set new root password.
  6. Use 'service sshd restart' to allow root login using password through ssh
  • Change putty profile and change Auto-login username to 'root' and use 'cp /home/idcuser/.ssh/authorized_keys /root/.ssh/authroized_keys'


Configuring bash profile to keep command history with timestamps

  1. Go to folder '/etc/profile.d'.
  2. Create file named 'history.sh' with following contents
    #!/bin/sh
    HISTTIMEFORMAT="%y %m %d %T "
    HISTSIZE=100000
    HISTFILESIZE=100000
    export HISTTIMEFORMAT HISTSIZE HISTFILESIZE
  3. chmod +x history.sh
  4. Use '<tt. ./history.sh'
  5. Type 'history' command and verify that command history is being stored with timestamps.


Changing VM hostname to something meaningful

  1. Use 'hostname <new_hostname>' command to change machine hostname.
  2. Edit file '/etc/sysconfig/network' and type same hostname in the file.
  3. Edit file '/etc/hosts' and type same hostname for 127.0.0.1. You can ensure that entries for old hostnames are removed.
  4. Exit from vm and connect back to it to verify that hostname has been changed.


Configure denyhosts to prevent ssh bruteforce attempts

Follow steps mentioned on Configuring new denyhosts server from source


Allow ICMP echo packets using firewall

  1. Edit file '/etc/sysconfig/iptables'
  2. Add line '-A INPUT -p icmp --icmp-type echo-request -j ACCEPT'
  3. service iptables restart


Configuring rpmfusion repository

  1. Use 'rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm' to enable epel on system
  2. Then download latest RHEL configuration file from http://www.rpmfusion.org/
  3. Install downloaded rpm using 'rpm -ivh <rpm_file>' command


<yambe:breadcrumb>New machine configuration</yambe:breadcrumb>