289 | | == Step 16. Verify that experimenters 1 and 2 cannot use the control plane to access each other's resources (e.g. via unauthenticated SSH, shared writable filesystem mount) == |
| 289 | == Step 16. Verify that experimenters 1 and 2 cannot use the control plane to access each other's resources == |
| 290 | Verified network access from hostx to host2: |
| 291 | {{{ |
| 292 | hostx:~% ifconfig eth0 |
| 293 | eth0 Link encap:Ethernet HWaddr e8:39:35:b1:ec:9c |
| 294 | inet addr:155.98.34.14 Bcast:155.98.34.255 Mask:255.255.255.0 |
| 295 | inet6 addr: fe80::ea39:35ff:feb1:ec9c/64 Scope:Link |
| 296 | UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 |
| 297 | RX packets:952 errors:0 dropped:0 overruns:0 frame:0 |
| 298 | TX packets:669 errors:0 dropped:0 overruns:0 carrier:0 |
| 299 | collisions:0 txqueuelen:1000 |
| 300 | RX bytes:91246 (91.2 KB) TX bytes:84542 (84.5 KB) |
| 301 | Interrupt:30 Memory:f4000000-f4012800 |
| 302 | |
| 303 | hostx:~% ping -c 1 172.17.5.4 |
| 304 | PING 172.17.5.4 (172.17.5.4) 56(84) bytes of data. |
| 305 | |
| 306 | --- 172.17.5.4 ping statistics --- |
| 307 | 1 packets transmitted, 0 received, 100% packet loss, time 0ms |
| 308 | |
| 309 | hostx:~% |
| 310 | }}} |
| 311 | Verified network access from host2 to hostx: |
| 312 | {{{ |
| 313 | [lnevers@host2 ~]$ /sbin/ifconfig eth999 |
| 314 | eth999 Link encap:Ethernet HWaddr 00:00:AC:11:05:04 |
| 315 | inet addr:172.17.5.4 Bcast:172.31.255.255 Mask:255.240.0.0 |
| 316 | inet6 addr: fe80::200:acff:fe11:504/64 Scope:Link |
| 317 | UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 |
| 318 | RX packets:1977 errors:0 dropped:0 overruns:0 frame:0 |
| 319 | TX packets:1873 errors:0 dropped:0 overruns:0 carrier:0 |
| 320 | collisions:0 txqueuelen:0 |
| 321 | RX bytes:122593 (119.7 KiB) TX bytes:262672 (256.5 KiB) |
| 322 | |
| 323 | [lnevers@host2 ~]$ ping -c 1 155.98.34.14 |
| 324 | PING 155.98.34.14 (155.98.34.14) 56(84) bytes of data. |
| 325 | |
| 326 | --- 155.98.34.14 ping statistics --- |
| 327 | 1 packets transmitted, 0 received, 100% packet loss, time 0ms |
| 328 | |
| 329 | [lnevers@host2 ~]$ |
| 330 | }}} |
| 331 | |
| 332 | |
| 333 | Verified unauthenticated SSH access, as user lnevers1 tried to ssh to control interface for lnevers experiment: |
| 334 | {{{ |
| 335 | hostx:~% ssh pc5.utah.geniracks.net -p 30267 -l lnevers |
| 336 | lnevers@pc5.utah.geniracks.net's password: |
| 337 | Permission denied, please try again. |
| 338 | lnevers@pc5.utah.geniracks.net's password: |
| 339 | Permission denied, please try again. |
| 340 | lnevers@pc5.utah.geniracks.net's password: |
| 341 | Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). |
| 342 | hostx:~% |
| 343 | }}} |
| 344 | |
| 345 | Verified shared writable filesystem mount for each user. As user lnevers accessed shared area: |
| 346 | {{{ |
| 347 | [lnevers@host2 ~]$ id |
| 348 | uid=20001(lnevers) gid=504(pgeni-gpolab-bbn) groups=504(pgeni-gpolab-bbn),0(root) |
| 349 | [lnevers@host2 ~]$ ls -l /proj/pgeni-gpolab-bbn-com/exp/ |
| 350 | total 6 |
| 351 | drwxrwx--- 10 geniuser pgeni-gpolab-bbn 512 May 31 07:57 ecgtest |
| 352 | drwxrwx--- 10 geniuser pgeni-gpolab-bbn 512 Jun 1 08:19 ig-exp2-2vm |
| 353 | drwxrwx--- 10 geniuser pgeni-gpolab-bbn 512 Jun 1 08:25 lnubuntu12b |
| 354 | }}} |
| 355 | |
| 356 | As user lnevers1 accessed shared area: |
| 357 | {{{ |
| 358 | hostx:~% id |
| 359 | uid=20001(lnevers1) gid=504(pgeni-gpolab-bbn) groups=504(pgeni-gpolab-bbn),0(root) |
| 360 | hostx:~% cd /proj/pgeni-gpolab-bbn-com/exp/ |
| 361 | hostx:/proj/pgeni-gpolab-bbn-com/exp% ls -l |
| 362 | total 6 |
| 363 | drwxrwx--- 10 geniuser pgeni-gpolab-bbn 512 May 31 07:57 ecgtest |
| 364 | drwxrwx--- 10 geniuser pgeni-gpolab-bbn 512 Jun 1 08:19 ig-exp2-2vm |
| 365 | drwxrwx--- 10 geniuser pgeni-gpolab-bbn 512 Jun 1 08:25 lnubuntu12b |
| 366 | hostx:/proj/pgeni-gpolab-bbn-com/exp% |
| 367 | }}} |