Google IT Cert – Week 18 – Remote Access

This is Week 6 of course III, (week 18) of the Google IT Support Professional Certification course from coursera.org.

.   .   .

Remote Access

Intro

This is the final module in Course III. We’re going to cover “some of the more practical aspects of operating systems” that are commonly used in the IT support world.

Sounds vague and useful!

Remote Connection and SSH

Everyone’s lives are made so much easier because of remote connections. This enables remote tech support, which is going to be a big, big part of any IT support job.

All those fucking QwikLab exercises I have so much fucking trouble logging into every week? Yep, that’s a remote connection from my computer to a virtual Windows machine. So are the Linux SSH connections—they’re just better because they’re Linux and not Windows.

SSH (Secure Socket Shell) works by using an SSH client installed on the computer you are connecting from and an SSH server setup on the computer you are connecting to. The SSH server is a background process (not like a real file server) and is always checking if a client is trying to connect to it.

We’re going to use OpenSSH, but we’ll get more into it later. In Windows, we’ll be using the popular software called PuTTY.

To log into a remote machine, you need, obviously, the IP address (and/or hostname) of the computer you are connecting to, as well as a user account on that computer.

We now get a demo of this in action on a Linux machine:

batman@computer:~$ ssh joker@204.153.131.214

This will prompt you to accept the computer you are connecting to is not authenticated, which, apparently, is just fine for this video. You’ll be prompted for the password for your user account on the remote machine. Then it connects.

Now that you are connected, you will now be sending commands securely to that remote computer:

batman@joker:~$

For an added layer of security, there are SSH Keys, which are either “private” or “public.” They are kind of like keys that can do one thing, either lock or unlock access. A public key can only lock and a private key can only unlock. That means that only people with both public and private keys can access and control a device.

Another form of remote access is a Virtual Private Network, or VPN, which allows you to connect to a private network, like work or home, over the internet.

 Remote Connections on Windows

There is no OpenSSH client for Windows yet, but Microsoft says it is working on an integration with PowerShell. That means we must use a third-party tool for SSH connections in Windows.

One of the most popular is PuTTY, a free and open-source remote connection software that can use multiple network protocols, including SSH.

screenshot of SSH software PuTTY
Screenshot of SSH software PuTTY

PuTTY is pretty easy to use. The GUI has multiple settings listed in categories, starting with session settings. Note the Host Name/IP Address, Port, and Connection Type.

Port 22 is the default port for SSH, which is the default connection type in PuTTY.

To use PuTTY in PowerShell, you can use something like this, with the username and IP address, followed by the port number:

PS C:\Users\Batman\Desktop> putty.exe -ssh joker@104.121.133.225 22
PS C:\Users\Batman\Desktop>

PuTTY also has a built-in tool called Plink, or PuTTY Link, which is “built in to the command line once PuTTY is installed” which can also be used to make remote connections.

PuTTY is an essential tool when you need to make remote connections from Windows machines to Linux machines.

A common way of connecting from Windows to Windows is the Remote Desktop Protocol, or RDP, which is part of Windows. There are also RDP clients for MacOS and Linux.

A computer must have incoming RDP connections enabled in order to connect to it.

Windows uses the Microsoft Terminal Services Client, or mstsc.exe to create RDP connections to remote machines.

To enable remote connections, open the File Explorer and right-click This PC. (The video says “open the Start Menu, right clicking on This PC,” but that is not a thing.) Select Properties and then Remote Settings.

Needless to say, you should only let users do this that you trust. In a commercial setting, anything having to do with remote connections and policies thereof should be dictated by sysadmins and policy directors.

To launch an RDP session, search for RDP in the Start menu or hit Windows Key+R and search “mstsc.exe” and click OK, then enter the computer name or IP Address.

I have been trying this over and over to connect to my other computer, following all the steps, and cannot get it to work. I know the computer is on, I can see it from here. I have enabled remote connections, I can ping the target machine, I am typing the IP address correctly…

Going to have to do the reading on this one. (Why am I not surprised that SSH always works for me and RDP almost never works?) [Update: you can’t use RDP on a Windows 10 Home machine. Should have assumed money was involved.]

 Discussion

Why is remote access useful?

Well, the short answer is that you don’t have to go to the computer. The number of uses this has is nearly unlimited.

Reading: Remote Connections in Windows

Readings from the PowerShell Blog on upcoming SSH integration, comparisons of SSH clients, and the latest PuTTY news.

 Remote Connection File Transfer

There are many ways to transfer files, and remote connections are a very useful way.

Secure Copy (SCP) is a command used in Linux to copy files between networked computers.

An scp command with the target file and the destination:

batman@batcave:$ scp /home/batman/Desktop/myfile.txt batman@105.121.134.221
batman@105.121.134.221’s password:
myfile.txt    100%  0     0.0Kb/s    00:00 batman@batcave:$

Remote Connection File Transfer on Windows

To share files over the network using PuTTY, we have the PuTTY Secure Copy Client (pscp.exe). It is very similar to scp in Linux.

Here’s what it will look like in PowerShell, copying a file from a Windows desktop to the Linux workstation:

PS C:\Users\Batman> pscp.exe C:\Users\Batman\Desktop\the_file.txt batman@103.131.122.221
batman@103.131.122.221’s password:
PS C:\Users\Batman>

It can be arduous to share multiple files using PuTTY, so Windows has a very useful concept knowing as “shared folders.” This means that a folder on a machine can be shared with other users on other machines, and they all have access to the files in it.

Right-click on a folder, hover over Share With (or, on my version 1803 of Win10, Give Access To) and select the users you want to share the folder with from the menu. You can also click on Specific People and enter usernames, or even “Everyone”. This is not a very secure way to do things.

Once the folder is shared you can access it from other computers.

You can also map the folder like a drive directly connected to your computer. In File explorer, go to This PC, and right click on the shared folder. Click on Map Network Drive, and assign it a letter. Now, you can access that drive using a simple file path, just like another drive, which includes two back-slashes, the name of the computer, and the name of the folder. Here, I’ve mapped an actual drive to my other computer on my home network:

\\FLEXO\Seagate 2TB

You can also share folders from the command line, using the net share command. Let’s give everyone on the network access to a folder. We need to use an elevated (admin) PS session:

PS C:\Users\Batman> net share Shareme-C:\Users\batman\Desktop\ShareMe /grant:everyone.full
ShareMe was shared successfully
PS C:\Users\Batman>

Users can now access this folder. The net share command can also list all shared folders on your computer by executing it without any arguments.

 Reading: Remote Sharing in Windows

Managing shared resources in Windows.

Discussion: Remote Desktop

Have I ever used a remote desktop access tool? Yes. Yes I have.

>>>q u i z

This is a one-question quiz. I passed.

If you take shitty notes or can remember five minutes back you will pass this quiz.

Virtualization

Virtual Machines

A virtual machine is exactly that – a software instance (one virtual machine) that emulates the hardware and software of a physical system.

We’re going to use a free program called VirtualBox. We’re going to virtualize an Ubuntu instance in this exercise.

First, you have to have an “image” of the Ubuntu OS that you want to install. Once you have an image to use (a .iso file), open VirtualBox and click on New to create a new VM. You’ll be prompted to give the VM a name and to set resource allocations. You can often keep everything set to the default allocations unless you have a specific need to change them.

Once you are finished it will return to the main menu. Click Start, and VirtualBox will prompt you to select media to “boot” from, just like booting from a USB drive or a DVD.

If you need to change resource allocations later, VirtualBox makes it easy. Right-click the VM, then click Settings. Here you can modify all the settings of your VM, including RAM.

If you want to get rid of a VM, just right-click on it and select Remove. It will ask you if you want to remove it from the list, or remove the VM and all its files.

Reading: Virtual Machines

Readings on VirtualBox, the VirtualBox Manual, and a comparison of VM platforms.

Discussion: Virtual Machines

Logging

System Monitoring

Logging is something I have been looking forward to learning how to read.

“The act of creating log events is called ‘Logging.’” I think this might violate some rule of words used in definitions…

Most systems have a service always running in the background that is constantly logging events. Some logging services are highly customizable.

Logs are an integral part of troubleshooting systems.

The Windows Event Viewer

Events are logged on Windows systems in an application called Event Viewer. Event Viewer can be searched in the Start menu, or you can run eventvwr.msc.

Screenshot of Windows Event Viewer
Windows Event Viewer

On the left there are four items, three of which are expandable menus:

  • Custom Views: Allows you to create filtered reports from across all logs. Select Custom Views on the left and click Create Custom View from the right-hand Actions pane. This brings up the Filter box, where you can select event “level,” source log, and time frame.
  • Windows Logs: This logs events that pertain to the entire OS, and includes System and Security events.
  • Applications and Services Logs: This logs events from single applications and OS components.

Each line in Event Viewer represents a logged event. Events range in “importance” from “information” to “critical.” Selecting an event will show you more details about the event. This is where I find the stuff I Google when I am looking through event logs.

Linux Logs

Linux logs are stored in the /var/log directory. (/var is “Variable” for files that change constantly.)

rusty@shackleford-home:~$ ls /var/log

This may show a kind of intimidating list of files, but each log file can be understood on its own.

  • /var/log/auth.log stores events relating to authorization and security
  • /var/log/kern.log logs kernel messages
  • /var/log/dmesg.log is for system startup messages – check this log if you are having issues at boot-up.
  • /var/log/syslog logs all events except auth events. This should be the first place you check for most troubleshooting scenarios.

Log files take up a lot of space because they are always being generated. A process called log rotation (logrotate in Linux) removes old events, and can be configured to save events that are a certain age. (Check out the upcoming reading.)

There is also something called Centralized Logging which you can read about in the next reading.

View the contents of syslog:

rusty@rusty-machine:~$ less /var/log/syslog

This outputs a ton of stuff (use the less command to page through one page at a time.)

Here’s an example line:

OCT 10 10:14:23 rusty-machine dhclient [1531]: DHCPACK of 100.131.233.23 from 112.201.87.45

First, the timestamp. This may be in readable format, or it may be in UNIX Epoch time, or, the number of seconds since Midnight, January 1, 1970. Long story.

Then, the hostname of the machine where the event occurred (rusty-machine), and the name of the service that the event refers to (DHCLIENT 1531), followed by the event that occurred (DHCPACK).

Reading: Linux Logs

Reading on logrotate in Linux and managing log files.

Working With Logs

Here’s a scenario where we get to use the power of logs!

A user says they leave their computer on all the time, but recently they found it had shut off. Start by looking through the system logs.

You’ll always want to search for specific things, as there is so much information logged that it is hard to read all of it. If your system is getting a lot of errors, search through logs for “error.” If you have an issue with an application, try searching the name of the application.

Often, one event will trigger other events, and fixing that initial error can resolve all of the other errors it created.

Let’s say there is an application that always crashes. If you want to follow along with the logs as the application initializes, use the tail command (we went over it a long time ago.)

rusty@rusty-machine:~$ tail -f /var/log/syslog

This will turn your terminal window into a real-time log.

>>>q u i z

Operating System Deployment

Imaging Software

This is a 56-second video reminding us that to “image” a machine means to install on it a duplicate of another system. This is very useful when you have to do this in a commercial setting.

Operating System Deployment Methods

Methods to deploy an OS and a machine include:

Cloning: there are many different disk cloning tools available, but they all pretty much take a disk and copy the entire image of that disk to another disk. The open-source Clonezilla is a popular cloning tool.

“Disk to Disk” cloning is when you connect a disk to the machine you want to clone, and copy right to that disk, using a HDD/SSD dock or USB-to-SATA cable.

Here, we use the Linux command dd to copy a USB drive and save it as an image file. First, unmount the USB drive:

rusty@rusty-machine:~$ umount /dev/sdd

Then run dd:

rusty@rusty-machine:~$ sudo dd if=/dev/sdd of=~/Desktop/my_usb_image.img bs=100M

There is a lot to read about dd in an upcoming reading.

Another great way to deploy an OS is through the network. Bear in mind that organizations should have some degree of hardware and software standardization, which is critical for mass deployments.

Reading: Deployment Methods

Read about different cloning tools and the dd command in Linux.

>>>Assessments

Screenshot (6)
An unlikely event

Two VM-based assessments again, the Windows one had us track down issues based on errors found in Event Viewer. An example here, an event with a level of specificity that you will never, ever see in a Windows machine.

The Linux assessment was also mostly self-directed. Used chmod to change permissions, used ps -ef to find a malicious process, and kill to kill it. Also removed a file and found a large file using this command:

sudo du -a /home | sort -n -r | head -n 5

The above command, du, lists all files in a directory, pipes that to the sort command, with the flags -n and -r treating the string output as numbers, and pipe that to the head command which prints out only the top results, -n for number, set to 5, or top 5 results.

That is a really useful command!

Course Wrap-Up

Here we get a discussion prompt on what we’ve learned so far, a “motivational” video where someone says to find a mentor and a thing you’re passionate about, and  a 7-second video congratulations message.

And that’s all there is to Course III. Next is Course IV – System Administration and IT Infrastructure Services. You deserve a break.


A Cruel and Shocking Act: The Secret History of the Kennedy Assassination | by Philip Shenon 

Vacationland: True Stories from Painful Beaches | by John Hodgman 

WD 2TB Elements Portable External Hard Drive - USB 3.0  Live Work Work Work Work Die | by Corey Pein  HTML and CSS: Design and Build Websites 1st Edition by Jon Duckett
Advertisements

One thought on “Google IT Cert – Week 18 – Remote Access”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s