CYBE230 Lab 10 - SSH / UFW / VPN

In this lab we talked about creating an SSH server to use for SSH tunneling to forward to another virtual machine. After making sure that a user could login on SSH with a password, we set up SSH keys, and disabled password logins to prevent brute force attacks on the SSH server. We then set up a rule in the firewall to allow SSH traffic to the server from the “public” internet.

The next thing that we did was create UFW rules on all the machines we had set up so far. In the process of setting this up, we disabled IPv6. We then created default rules that denied all incoming traffic, and allowed all outgoing traffic. After creating an example rule on the SSH server, we went back through all the machines and created a rule that we created on pfsense for that machine.

After taking a look at SSH tunneling, and how it can easily forward a single port easily. We took a look at another option with how to share your network with someone else. So we went through the setup wizard to create an OpenVPN server of pfsense. Which involves setting up the server, creating a new certificate, encryption settings, and DNS. We then added a user, and exported the VPN configuration for that user. After that, we gave the configuration file to a classmate who used it to query our private LDAP server.