Uploaded image for project: 'Product Technical Learning'
  1. Product Technical Learning
  2. PTL-7239

RH362-60: Chapter 06 - GE Managing User Identities

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Major Major
    • RH362 - RHEL 9.1 0, RH362 - RHEL 7.4 1 20180531
    • RH362
    • en-US (English)

      URL:
      Reporter RHNID:
      Section: - Guided Exercise: Managing User Identities
      Language: en-US (English)
      Workaround: As Susan Lauber wrote in the comments, there is a workaround that is works for ILT. Please note that in VT environment, I could not verify the workaround.
      In VT the workaround is to create another user and use it for the SSH-related exercises.

      =================================================
      The setup script is moving .ssh/config to .ssh/config.bak for student which is supposed to stop the usage of any lab pubkeys that are configured for connecting to remote systems.

      Yet keys still seem to be used in some cases. In addition to the mentioned work around of using an new user there are a couple of other options.

      One solution I found was to exit and reestablish my ssh connection to workstation (this would be ILT only). I was then prompted for the password as expected.

      So I thought I just needed to log out in general. But a log out and login of the GUI on the workstation console was of no help. I still found that I connected using some keys.

      Gnome is storing the key - even through a logout! - as /run/user/1000/keyring/ssh remove that socket file and ssh will prompt for the Password:

      Another option is to empty the .ssh directory. Or really, just move out the lab* key pair. mv .ssh/lab* ~ You can move them back in (watch SELinux context and permissions - which is why I am using mv in BOTH directions) to re enable key connections for later units.
      ========================================================

      Description: The GE steps 4.1 up to 4.4 are "broken". 

      By broken I mean that the student's user SSH key is on the client system. Meaning that the idmuser06 will login to the client system no matter what. So, we miss the point of the exercise, demonstrate the ssh -i (at least that's what we understood in the TTT). 

      We need to remote the student's SSH key from the client via the setup script or, create another user in the workstation and ask students to use the new user! 

              rht-pagomez Patrick Gomez
              p.tselios Petros Tselios
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: