Hey TB0ne,

Thanks for this - good to know - I always end up slightly less ignorant every time I get involved in a thread here ..

I DO feel for the OP, here, mind you. I've seen examples of his predicament before and it can be stressful and thankless ... I'm sure he appreciates the valuable knowledge you're sharing.

Cheers.

Glad to share, and thanks.

And I only feel for the OP a little bit in this case. Mainly because they're using commercial products and not paying for them, and the fact he's dodging questions. Paying for RHEL and Oracle would get this guy support, and with his level of stated inexperience/knowledge, ignoring those two easily accessible resources is plain foolish, especially for a company. Stuff like sshd_config is covered in detail in the Red Hat knowledgebase.

And he still hasn't/won't answer the question of how he got a job being a Linux administrator for a company with ~60 users, involving ERP and an Oracle database, when as he stated, he has no experience ("new to the Linux environment"). Seems odd that such a hire would have been made.

Hey TB0ne ... I hear you.

My impression after reading through the OP's different posts is that he is a sysadmin for Windows and has recently inherited the task of taking care of this linux server by default. I'm also not sure the decision concerning his employer's compliance with any agreements they have / should have with RedHat and Oracle are under the OP's responsibility. He has stated that he will try to convince his management to strive towards compliance, but in the meantime he is stuck with a difficult task.

That's how I see it. I guess I'm giving the OP the benefit of the doubt, hence my feeling of sympathy for his situation.

... enough philosophizing ... ... Thanks again for all your help.

Cheers.

In addition to all the good advice etc above, for the OP I'd add that a quick way to get an idea of how old the system is, is to run
as root. That should give you the RHEL version, similar to "CentOS release 6.9 (Final)", except of course it will say RHEL instead.

Also try
in the root user's home dir ie /root, & look for
which generally* indicate the initial build date.
* - not guaranteed to be accurate, but usually the case.

@commenters: like Rickkkk, it sounds to me like the OP has been 'chosen' to do this because he's the nearest they have already.
It's not fun being in that position & I definitely sympathise.

1 members found this post helpful.

Yes

[root@linux-server ~]# useradd developer
[root@linux-server ~]# passwd developer
Changing password for user developer.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@linux-server ~]#

In /etc/ssh/sshd_config file

Port 2222
AllowUsers developer
#Protocol 2,1
#Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
...

In /etc/security/access.conf

# User "developer" should get access from all sources.
+ : developer : ALL
#
...

In /etc/sudoers

## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
...



[root@linux-server ~]# usermod -aG wheel developer
[root@linux-server ~]# su developer -
[developer@linux-server ~]# groups
developer wheel

Third party developer is the DBA. So I don't have to worry about that

Noted.


Installation is valid and legit. Since I don't have any experience regarding Linux licencing, I thought the company have to pay additionally for a support agreement. Is my assumption incorrect?


Thank you very much for your support. However after these steps, developer user account still unable to access the console and when that account tries to connect using SSH (using PUTTY) after giving the password, I get an error saying "Server unexpectedly closed network connection". Did I miss any important steps (according to above)? Should I provide a debug log? Looking forward for your reply. Thanks again.

Installation is valid and legit. Since I don't have any experience regarding Linux licencing, I thought the company have to pay additionally for a support agreement. Is my assumption incorrect? I don't have to worry about Oracle since it is handled by third party.


In /etc/ssh/sshd_config file

Port 2222
AllowUsers root oracle
#Protocol 2,1
#Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

Can you please point out what is the incorrect syntax? (since I picked up the syntax from internet) and yes, I restarted the ssh service after the change. Also there is no DenyUsers in the said file.

Thank you very much for your support so far.

Don't know. It was setup like that. I want to change it to port 22, but probably later.



[root@linux-server ~]# su oracle
[oracle@linux-server ~]# whoami
oracle


Thanks.

As I mentioned in a previous reply, there is no one to administrate this Linux server. Technically I am here as the network and Windows server systems administrator. But since there is no one to look after it, I have to do it Also both Red Hat and Oracle installations are legit. Since Oracle admin part handled by a third party I don't have to worry about that. Since I don't have any experience regarding Linux licencing, I thought the company have to pay additionally for a support agreement. Is my assumption incorrect?

Thanks.

Nothing in this sentence makes much sense. If you are paying for RHEL support, then you can call Red Hat support for help. That's it...if your installation is 'valid and legit', there should be no problems. Someone at your company has the licensing details and support contract info. If not, RHEL support can look it up easily. Again, INSTALLING RHEL is fine, but if you don't pay for it, you DO NOT GET updates/fixes/support/patches/etc....in short, your system gets unstable, insecure, and harder to manage from day one. There is NO POINT in using RHEL without paying for it, when you can use CentOS for free, and GET the patches and everything else. If you're self-support, no need to.

Oracle is a licensed product also, regardless of who it's 'handled' by. Again, SOMEONE has the support details...and if you're the new admin, you need to get them. Not paying for Oracle? Then stop where you are and load MySQL instead.
This is **NOT** the same sshd_config file you posted before, is it? Either you've heavily edited it, or one of these two is wrong...which is it? The previous file had an AllowUsers directive, and those directives were explained to you.

AGAIN: you claim your installation is 'valid and legit'...so call Red Hat support. If you are inexperienced, they can walk you through it; simple. You still don't say how you got the job of Linux administrator with zero Linux experience.

You ***DO NOT*** need to grant console access to anyone for Oracle use. Oracle can be installed via command-line, and SSH x forwarding can run X applications via a terminal connection. If your developers are saying this, they're wrong.

Hi susantha,

A couple of comments:

• It looks like you set up the developer user - that's good.
  
  
• I've never actively used the /etc/security/access.conf file for my own needs. If in your context it is a recommended best practice, I'll have to defer to either your own knowledge or to advice you can get from other sources.
  
  
• For the issue of software agreements with RedHat and Oracle - no problem - that is your employer's concern. In answer to your question as to whether support should cost more than the standard licence fee you are paying for RedHat, I would be surprised, but it is best to verify with them how they handle it. They may have several different levels of support available at different price points. Linux is open source and free for anyone to use. When it costs anything at all, it is usually in the context of a business that needs to be able to rely on a certain level of standardized, supplier-delivered support, according to an SLA. So in a nutshell, if you're paying *anything* for linux, you are essentially paying for support.
  
  
• For ssh, I wouldn't recommend changing the port to 22. That is the RFC defined port and known to all. For internal LAN use, choose any non-reserved port .. 2222 is fine. My point was that you seemed to be trying to connect to a client using port 2223 to your server which is listening on port 2222. This won't work. If you were using the command line to connect, for example, and you wanted the session to be for the "developer" user, the command would be:
  
  
  Code:

  ssh -p 2222 developer@xxx.xxx.xxx.xxx

  .... where the xxx's are your server's IP address. Since you're using puTTY, just make sure the appropriate port is specified (2222).
  
  
• Also for ssh, I recommend you look at TB0ne's post from a couple of days back, where he explains the hierarchy of application of various statements in the sshd_config file. I learned some things reading that and it is important you understand them .. Certain statements have priority over others and can have the effect of preventing access to even the root user, as counter-intuitive as that may seem.
  
  
• A general bit of advice I can give you until you are able to obtain formal support from RedHat : take a look at the Arch Linux Wiki (Arch is the linux version I use). It is known for containing very detailed information on quite a wide area of subjects, much of which is applicable to any other linux distro. For example, the entries on Security and User Management are quite extensive - you may find it to be a useful source of information, at least temporarily.

Hope you're managing to get by - let us know how you make out and don't hesitate to come back for help.

Cheers !