This exercise is a part of [Linux servers (ICT4TN021, spring 2018) // Linux-palvelimet (ICT4TN021, kevät 2018)](http://www.haaga-helia.fi/fi/opinto-opas/opintojaksokuvaukset/ICT4TN021) school course organized as a part of Information Technology studies in Haaga-Helia university of Applied Sciences, Helsinki, Finland. Course lecturer [Tero Karvinen](http://terokarvinen.com/) has defined the original assignment descriptions in Finnish presented in this document in English. Answers and translations have been written by Pekka Helenius (me, ~ Fincer).
*Table of contents:*
--------------
- [a) **SSH Daemon** Install SSH server daemon](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#a-install-ssh-server-daemon)
- [b) **Firewall** Establish a firewall protection to the server computer (Note: allow SSH traffic before that)](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#b-establish-a-firewall-protection-to-the-server-computer-note-allow-ssh-traffic-before-that)
- [EXTRA - root account: more restrictions](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#extra---root-account-more-restrictions)
- [c) **File transfer** Transfer files using SSH protocol](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#c-transfer-files-using-ssh-protocol)
- [d) **SSH auto-login** Automate SSH login with public key method](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#d-automate-ssh-login-with-public-key-method)
- [e) **Analysis of server processes** Install, configure and start sysstat. Use sar command to confirm whether the sysstat package services have been enabled (for instance, log entry "Linux reboot..." exists). Run sysstat a day or two. Afterwards, check computer workload history with sysstat commands sar, iostat, pidstat etc. Analyze the results, i.e. explain the results in detail.](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#e-install-configure-and-start-sysstat-use-sar-command-to-confirm-whether-the-sysstat-package-services-have-been-enabled-for-instance-log-entry-linux-reboot-exists-run-sysstat-a-day-or-two-afterwards-check-computer-workload-history-with-sysstat-commands-sar-iostat-pidstat-etc-analyze-the-results-ie-explain-the-results-in-detail)
- [f) **SSH port configuration** (optional) Change sshd (SSH server process) port](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#f-optional-change-sshd-ssh-server-process-port)
- [EXTRA - Using new port address of SSH server daemon when connecting with a client computer/program](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#extra---using-new-port-address-of-ssh-server-daemon-when-connecting-with-a-client-computerprogram)
- [EXTRA - detecting SSH port change with port scanning techniques (nmap)](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#extra---detecting-ssh-port-change-with-port-scanning-techniques-nmap)
- [EXTRA - Using Port Knocking technique against port scanning](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#extra---using-port-knocking-technique-against-port-scanning)
- [EXTRA - ARP Scan and spoofing your MAC address](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#extra---arp-scan-and-spoofing-your-mac-address)
- [g) **SSH configuration - groups** (optional) Allow SSH login only for users in group 'sshers'. Add your account to this group.](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#g-optional-allow-ssh-login-only-for-users-in-group-sshers-add-your-account-to-this-group)
- [h) **SSH remote dir mounting** (optional) Attach a remote network directory with sshfs.](https://github.com/Fincer/linux_server_setup/blob/master/exercises/h5.md#h-optional-attach-a-remote-network-directory-with-sshfs)
--------------
**a)** Install SSH server daemon
--------------
@ -484,7 +527,7 @@ Additionally, iostat command was run on the background.
### SAR - network statistics, IPv4 traffic
**command: sar -n IP -f sar-stats_2018-02-24_2018-02-26.file**
**command:** `sar -n IP -f sar-stats_2018-02-24_2018-02-26.file`