In this lab you will setup your account on our remote server in Tokyo.
You will also practice how to setup key-based SSH authentication and tunnel traffic via SSH.
Part 1: Setup account
Everyone has an account on the virtual private server in Tokyo with the same username as your mtech username.
I will tell you what your initial password (which you must change on first login).
The machine does not have a registered domain name, you'll need to access it directly via IP address: 106.187.54.31
Rather that type your password every time, setup key-based authentication instead.
To do this, you will first need to generate an RSA private/public key pair using ssh-keygen on the lab computer.
You can set a passphrase for your key or leave it blank.
Note without a passphrase, anyone with access to your private key file will be able to log into the Tokyo server without a password.
The public key needs to be copied into a .ssh directory off your home directory on the Tokyo server.
It must live in a file named authorized_keys.
SSH key-based authentication will not work if permissions aren't set correctly.
You will need to chmod 600 authorized_keys and chmod 700 .ssh.
Finally setup a script on your lab machine to allow you to quickly log into your account via SSH.
You can specify your private key via the -i command-line switch.
Part 2: Secure upper case server
You want to use the Tokyo server to do some text processing, converting text into uppercase.
You are worried somebody may monitor your top-secret text in route.
Put the TCPServer.py onto the server.
Try running it on some port and connecting to it using TCPClient.py on your lab computer.
Does it work?
Instead of having the two program connect directly via TCP, route the traffic over SSH instead.
Establish a secure tunnel using a command of the format: ssh -i private_key -f user@host -L localport:host:hostport -N
Now establish communication between the client on your lab computer and the server process running in Tokyo.
Part 3: Web browsing
The Tokyo server is running a more-or-less default install of Apache on port 80.
Connect to the web server from the browser on your lab computer.
The Tokyo server is also running a squid HTTP proxy on port 8080.
Attempt to connect to the proxy via your browser.
The error page you should see was generated by the squid proxy on the server.
The proxy only accepts HTTP requests from a source IP of 127.0.0.1 (i.e. only from localhost).
This security measure prevents any yahoo from routing their traffic via our server.
Establish a SSH tunnel that can take traffic on a specific port on your lab computer and route it to the squid proxy.
In addition to establishing the tunnel, you'll also need to change the proxy settings of your web browser.
You can verify you are indeed tunneling your HTTP traffic by visiting a web site that displays your IP address (which should appear as the IP of the Tokyo server and not a tech address).
Once working, try visiting a couple websites like google.com and youtube.com to see what it would be like if you lived in Tokyo!
Submission.
Demonstrate to me before the deadline you have accomplished the tasks outlined in the lab.
