-----------------------
Lab #08 for NET2003 due March 18, 2008 (Week 10)
-----------------------

Remember - knowing how to find out an answer is more important than
memorizing the answer.  Learn to fish!  RTFM!  (Read The Fine Manual)

Global weight: 5% of your total mark this term.
Due date: before 14h00 (2pm) Tuesday March 18, 2008 (Week 10)

The deliverables for this lab exercise are to be submitted online on
the Course Linux Server using the "netsubmit" method described in the
lab exercise description, below.  No paper; no email; no FTP.

Late-submission date: I will accept without penalty lab exercises that
are submitted late but before 14h00 (2pm) on Wednesday, March 19.
After that late-submission date, the lab exercise is worth zero marks.

Lab exercises submitted by the *due date* will be marked online and your
marks will be sent to you by email after the late-submission date.

Lab Synopsis:
    Update your Ubuntu system.
    Configure the NTP and SSH network services.

NOTE: For full marks, keep your lines shorter than 80 columns in
this course.  Short lines allow for easy printing and side-by-side
comparison of files on a screen.

Where to work: your Ubuntu caddy (you need root permissions to set the time)

Easy access to Course Notes: See previous labs.

The command names required by this script are all in the
unix_command_list.txt file in the Course Notes.

Scripts without your added comments will not be marked.

Follow the commented script format given in earlier labs.  Precede each
script output with the Question number, as you have always done.
Scripts without your added comments will not be marked.

Note: Although no individual comment line can be longer than 80
characters, you may write more than one comment line if you have a
lot to say.  Comments are encouraged!

Part I - Ubuntu maintenance
------

Make sure you have run the Update Manager and installed all current
updates to your Ubuntu 7.10 (Gutsy) system.  Earlier labs tell you how
to make sure you have *all* the updates.

Part II - lab08script1.sh - a shell script
-------------------------

Scripts without your added comments will not be marked.

Note carefully the name of this script.

The steps in this script require you to run the script at various
points.  If you don't do things in the order given, you won't get the
right answers, since some of the steps depend on the output from the
previous steps.

Your Ubuntu/Debian system uses a custom version of the "ntpdate" program.
Before your proceed, find out the name of the Debian version of the
ntpdate program and read its "man" page.  The man page will tell you where
the Debian NTP default config file is located.  Read the config file.

1.  Execute the Debian version of the ntpdate program.  Use the ntpdate
    option that forces the time to be stepped instead of slewed.
    Request verbose output.  The program will print a line containing
    an IP address (the IP address of "ntp.ubuntu.com").

2.  Do a DNS lookup on "ntp.ubuntu.com" and show its IP address.

Run your script to execute the above two commands.  Confirm that the
above IP address matches the NTP output of your script at this point.
Use the IP address of "ntp.ubuntu.com" in the next line:

3.  Do a DNS reverse-lookup on the IP address of "ntp.ubuntu.com",
    the address printed in the ntpdate program output.  The output will
    be the real host name of ntp.ubuntu.com.

4.  Use a command that finds the absolute path to the Debian version of
    the ntpdate executable program.  (The command looks in your $PATH.)

5.  Show what type of file the above executable file is.  (Hint: The
    Debian version of the program is not an ELF binary file.)

Read the POSIX shell script text executable file you found in the above
step.  This script file is the Debian version of the ntpdate program.
At the bottom of the script, it calls the real ntpdate program.

6.  Echo to the screen the four NTP config files that are checked
    for readability by the Debian script version of the ntpdate command.
    (Bonus marks: Data-mine the Debian script file and generate the list
    automatically, instead of hard-coding the four names in your script.)

Before you proceed, confirm that only one of the above four config files
actually exists and has content - the default one.  That's the file you
need for the rest of the script.

7.  Display the content of the Debian default NTP config file on the screen.

8.  If the Debian default config file for ntpdate does *not* contain the
    name of both Canadian NTP time servers, display an error message on
    standard error.  You need one or two working shell IF statements to
    do this correctly.  Review: the argv.sh.txt script tells you how to
    echo a line to standard error.  The file exit_status.txt shows how
    to use IF statements to find things inside files.

Run your script and verify that the error message prints on standard
error, not on standard output.

Edit the file and change the ntpdate time server from the Ubuntu time
server to be the *two* Canadian time servers.

Re-run your script and verify that no error message prints.
Is your clock now correct?

9.  Run the command that displays your PC hardware clock time.  In VMware,
    this will be your "virtual" PC hardware clock, not your actual BIOS
    hardware clock.

Part III - lab08script2.sh - another shell script
--------------------------

Scripts without your added comments will not be marked.

Note carefully the name of this script.  This is a new script.

You will configure SSH.

10. Generate a list of all packages installed on your Ubuntu/Debian
    system and show only the lines containing the pattern "ssh".

Run your script and make sure you have the three packages openssh-client,
openssh-server, and ssh-askpass-gnome.  Install any missing packages.

Enable public-key authorization between your Ubuntu system and the
Course Linux Server [CLS], using ssh-keygen with a type "dsa" key.
Repeat the process and generate a type "rsa" key.  Use the default
answers (file locations) for ssh-keygen, and don't supply any password
when generating the keys.  Copy the public key files to the CLS and add
them both to your authorized keys file on the CLS.  Tutorials:

    http://ubuntu-tutorials.com/2007/02/05/unattended-ssh-login-public-key-ssh-authorization-ssh-automatic-login/
    http://wiki.ubuntu-id.org/SSHHowto

If you have an RSA key, you can use the "ssh-copy-id" program to copy
your RSA key to a remote machine.  RTFM

11. Run a process listing of *all* processes on your machine and show
    only the lines that contain the string "ssh".  There should be no
    ssh sessions visible using port 55555.

12. Use netstat or ss to generate a list of any TCP connections that are
    using port 55555.  None should be listed.

13. Create a background SSH tunnel from your Ubuntu port 55555 to the CLS
    localhost "daytime" port.  (Use the numeric port number, not the
    name.)  The ssh options for a background tunnel-only connection
    are given in the man page as "Do not execute a remote command" and
    "go to background just before command execution".

    The ssh command should not ask for a password if you have your
    public keys set up correctly.  If you use the verbose mode option
    to ssh when you set up the tunnel, you should see this tunnel debug
    information near the end of the debug output:

    [...]
    debug1: Authentication succeeded (publickey).
    debug1: Local connections to LOCALHOST:55555 forwarded to remote address localhost:13
    debug1: Local forwarding listening on 127.0.0.1 port 55555.
    debug1: channel 0: new [port listener]
    debug1: Entering interactive session.

    At this point your SSH tunnel should be working.

14. Run a process listing of *all* processes on your machine and show
    only the lines that contain the string "ssh".  You should see your
    background SSH tunnel with port 55555 listed.

15. Use netcat on your Ubuntu machine to get the CLS "daytime" date from
    your SSH tunnel, using the local Ubuntu port number (not the "daytime"
    port number, which is the daytime port on your Ubuntu machine,
    not the daytime port tunnelled via the SSH tunnel).

16. Use "killall" or "killall -i" to kill your background ssh process by name.
    Note that "killall" will kill *all* your processes named "ssh"; so,
    be careful how you use it if you have ssh sessions going that you
    don't want killed.  RTFM

17. Run a process listing of *all* processes on your machine and show
    only the lines that contain the string "ssh".  Your background ssh
    process should be gone.

18. Use netstat or ss to generate a list of any TCP connections that are
    using port 55555.  None should be listed.

Submission
----------

Scripts without your added comments will not be marked.

For full marks, keep your lines shorter than 80 columns in this course!

Submission Standards:
    See Lab #1 for details.

A.  Make sure all submitted files contain an Exterior Assignment
    Submission label.  For full marks, lines must be shorter than 80 columns.
    Scripts without your added comments will not be marked.

B.  Submit your files for marking as Lab 08 using the following
    *single* netsubmit command line exactly as given here:

       $ netsubmit 08 lab08script1.sh lab08script2.sh

    Always submit *all* files at the same time for every submission.
    Files submitted under the wrong names are worth zero marks.
    Scripts without your added comments will not be marked.

P.S. Did you spell all the assignment label fields and file names correctly?