Welcome to VCP4.com !

Are u looking to Pass your Vmware VCP-410 Exam? Then you have came to the right place here you will find real exam questions of VCP-410 exam taken from the testing center and aslo links to sites that sell them. So now passing VCP-410 has become much easier than before all you have to do is memorize the questions you will see exactly the same questions in the real exam. In today world time is money so by this not only you save time plus you aslo save yourself the hassale of failing

October 26 2009

Vsphere VCP-410 Lab 8 part 2

Lab Scenario
As a network administrator, you want to SSH the ESX hosts so you can log into each one of them without
needing to specify passwords to getting up to go the computer and access the service console. You want to
enable SSH in ESX and ESXi hosts.
Lab Objectives
Using your personal lab, perform the following tasks:
• Activate root SSH access in an ESX host
• Activate root SSH access in an ESXi host
Lab Solution
Activate root SSH access in an ESX host:
To activate root SSH access. Log on to your ESX host. Enter username and password and go to the command
prompt.
Go to /etc/ssh directory by typing cd /etc/ssh

www.certifyme.com
Edit the sshd_config file by typing nano sshd_config. The sshd_config file will open.
Find the line “Permit rootlogin no“. Change No with Yes.

www.certifyme.com
Save the file by pressing CTRL+X and then pressing ‘Y’ and then pressing ‘Enter’

www.certifyme.com
Now restart the sshd service by typing service sshd restart

To enable the SSH client and SSH service to work properly, we need to open ports for them in firewall. While
on the SSH command prompt, type esxcfg-firewall -e sshServer
Now open the SSH client by typing esxcfg-firewall -e sshClient. The SSH port is open now. We can remotely
login to ESX host using Putty.
Activate root SSH access in an ESXi host:
At the console of ESXi host, press ALT+F1 to access the console command line environment. You will not see
a cursor blinking – just plain black window.

www.certifyme.com
Type unsupported in the console window and press ‘Enter‘. You will not see the typing. The console will
ask for the root password. Type the password and press Enter. You will see the Tech Support text and the
command prompt.
At the command prompt, edit the inetd.conf file by typing vi /etc/inetd.conf. The editor will open the file.

www.certifyme.com
Find the line that begins with #ssh. Delete the # from #ssh.

www.certifyme.com
After deleting # from #ssh, exit vi editor by pressing ESC button and typing “:wq

www.certifyme.com
After closing the vi editor, run the command /sbin/services.sh restart to restart the management services. You
are now able to connect to the ESXi host with a SSH client.

www.certifyme.com
References:
• http://www.vm-help.com/esx/esx3i/ESXi_enable_SSH.php
• http://itknowledgeexchange.techtarget.com/virtualization-pro/how-to-allow-the-root-user-to-login-tovmware-
esx-server-with-ssh/
• www.vladan.fr/how-to-activate-ssh-for-esx-server

Filed Under (VCP 4 Lab 8) by admin
No Comments Read more

October 26 2009

Vsphere VCP-410 Lab 8 part 1

Exam Objective: Configure Service Console availability

Contents
• Introduction
• Technology Background
• Lab Scenario
• Lab Objectives
• Lab Solution
Introduction

www.certifyme.com
The program SSH (Secure Shell) is a secure replacement for telnet and the Berkeley r-utilities (rlogin, rsh, rcp,
and rdist). It provides an encrypted channel for logging into another computer over a network, executing
commands on a remote computer, and moving files from one computer to another. SSH provides strong host-tohost
and user authentication as well as secure encrypted communications over an insecure Internet.
SSH2 is a more secure, efficient, and portable version of SSH that includes SFTP, which is functionally similar
to FTP, but is SSH2 encrypted.
When connecting to a server for the first time SSH presents you with a host key fingerprint for that server and
asks you to confirm that you wish to save the new host key to the local database. Before agreeing, you should
compare this fingerprint with one you obtain by some other means (e.g., by telephone) from the server
administrators to avoid connecting to an imposter server.
Rather than validating identities via passwords, SSH can also use public key encryption to authenticate remote
hosts. For example, if you were to connect to a remote host called sales.acme.com (also running SSH), SSH
would use this system to verify that the remote system is the real sales.acme.com and not a computer set up to
imitate it. If you wish, you can set up SSH to use public key authentication rather than passwords for logging
into your other accounts, much like the ESX login program.
Technology Background
In ESX 4.0 SSH is blocked by default for the root user so you need to activate the root login on the console of
the ESX server. Otherwise you will not be able to use PuTTy or or VEEAM FastSCP. Same is the case with
ESXi. Although, both of the ESX versions come with SSH support, they are disabled by default which generally
means either root user must authenticate as a standard user and then SU to root or log in directly from the
console.
Through commands, you can enable SSH on ESX and ESXi consoles.
You might need SSH in ESX to login remotely to the console without needing to go physically to the computer
to configure or maintain it. You ca use Putty to log in remotely to the ESX/ESXi hosts. You can use SSH
directly to log in to the console without specifying the username and password.
Deny SSH access to all but specific IP addresses
You can configure /etc/hosts.allow with 3 specific IP addresses that can SSH to the ESX hosts in the cluster.
You should also configure /etc/hosts.deny with sshd:all which means all other IP addresses not configured in
the hosts.allow files will not be able to access the host and fail with an error “session terminated unexpectedly”
Only users in the WHEEL group can SU to Root
If the sshd_config file is configured with Permit Root Login = no option, then ROOT is not able to login to
the service console remotely e.g. via Putty. We can also take additional steps and limit which standard users can
SU to root by changing the /etc/pam.d/su file and then adding only specific users to the wheel group. Here’s
what you’ll need to do:
vi /etc/pam.d/su

www.certifyme.com
Then delete the following line
#auth required /lib/security/$ISA/pam_wheel.so use_uid
Once you have done that, you can now go and look at which users are part of the WHEEL group.
cat /etc/group |grep wheel
which should return this comment “wheel:x:10:root”
Now if your standard user is called johnsmith, just add a comma and add johnsmith so it looks like this.
wheel:x:10:root,johnsmith
Now you can add users to the service console, but only user “johnsmith” will be able to SU to root

Filed Under (VCP 4 Lab 8) by admin
No Comments Read more
kambakkht-ishq kambakkht-ishq

Tag Cloud