Task Status - Failed
- 
user ‘ammar’ does not exist on App Server 1. 
 Below are the things performed on app server. Please help!thor@jump_host /$ ssh tony@stapp01 
 The authenticity of host ‘stapp01 (172.16.238.10)’ can’t be established.
 ECDSA key fingerprint is SHA256:MxAb7+RG4gKiYdaL/kXvXHK87USxZyCyMhd15HztY38.
 ECDSA key fingerprint is MD5:74:53:07:16:41:6e:0e:54:ad:9d:e5:97:7c:96:7d:91.
 Are you sure you want to continue connecting (yes/no)? yes
 Warning: Permanently added ‘stapp01,172.16.238.10’ (ECDSA) to the list of known hosts.
 tony@stapp01’s password:
 [tony@stapp01 ~]$ sudo adduser --shell /bin/false amarWe trust you have received the usual lecture from the local System 
 Administrator. It usually boils down to these three things:#1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility.[sudo] password for tony: 
 [tony@stapp01 ~]$ sudo passwd amar Changing password for user amar.
 New password:
 Retype new password:
 passwd: all authentication tokens updated successfully.
 [tony@stapp01 ~]$ sudo mkdir -p /var/www/web
 [tony@stapp01 ~]$ sudo groupadd sftpg
 [tony@stapp01 ~]$ sudo chown amar:sftpg /var/www/web
 [tony@stapp01 ~]$ sudo chown root:root /var/www/
 [tony@stapp01 ~]$ sudo chmod 755 /var/www
 [tony@stapp01 ~]$ sudo vi /etc/ssh/sshd_config
 [tony@stapp01 ~]$ sudo cat /etc/ssh/sshd_config$OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $This is the sshd server system-wide configuration file. Seesshd_config(5) for more information.This sshd was compiled with PATH=/usr/local/bin:/usr/binThe strategy used for options in the default sshd_config shipped withOpenSSH is to specify options with their default value wherepossible, but leave them commented. Uncommented options override thedefault value.If you want to change the port on a SELinux system, you have to tellSELinux about this change.semanage port -a -t ssh_port_t -p tcp #PORTNUMBER#Port 22 
 #AddressFamily any
 #ListenAddress 0.0.0.0
 #ListenAddress ::HostKey /etc/ssh/ssh_host_rsa_key 
 #HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
 HostKey /etc/ssh/ssh_host_ed25519_keyCiphers and keying#RekeyLimit default none Logging#SyslogFacility AUTH 
 SyslogFacility AUTHPRIV
 #LogLevel INFOAuthentication:#LoginGraceTime 2m 
 #PermitRootLogin yes
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10#PubkeyAuthentication yes The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2but this is overridden so installations will only check .ssh/authorized_keysAuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none #AuthorizedKeysCommand none 
 #AuthorizedKeysCommandUser nobodyFor this to work you will also need host keys in /etc/ssh/ssh_known_hosts#HostbasedAuthentication no Change to yes if you don’t trust ~/.ssh/known_hosts forHostbasedAuthentication#IgnoreUserKnownHosts no Don’t read the user’s ~/.rhosts and ~/.shosts files#IgnoreRhosts yes To disable tunneled clear text passwords, change to no here!#PasswordAuthentication yes 
 #PermitEmptyPasswords no
 PasswordAuthentication yesChange to no to disable s/key passwords#ChallengeResponseAuthentication yes 
 ChallengeResponseAuthentication noKerberos options#KerberosAuthentication no 
 #KerberosOrLocalPasswd yes
 #KerberosTicketCleanup yes
 #KerberosGetAFSToken no
 #KerberosUseKuserok yesGSSAPI optionsGSSAPIAuthentication yes 
 GSSAPICleanupCredentials no
 #GSSAPIStrictAcceptorCheck yes
 #GSSAPIKeyExchange no
 #GSSAPIEnablek5users noSet this to ‘yes’ to enable PAM authentication, account processing,and session processing. If this is enabled, PAM authentication willbe allowed through the ChallengeResponseAuthentication andPasswordAuthentication. Depending on your PAM configuration,PAM authentication via ChallengeResponseAuthentication may bypassthe setting of “PermitRootLogin without-password”.If you just want the PAM account and session checks to run withoutPAM authentication, then enable this but set PasswordAuthenticationand ChallengeResponseAuthentication to ‘no’.WARNING: ‘UsePAM no’ is not supported in Red Hat Enterprise Linux and may cause severalproblems.UsePAM no #AllowAgentForwarding yes 
 #AllowTcpForwarding yes
 #GatewayPorts no
 X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PermitTTY yes
 #PrintMotd yes
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
 #UsePrivilegeSeparation sandbox
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0
 #ClientAliveCountMax 3
 #ShowPatchLevel no
 #UseDNS yes
 #PidFile /var/run/sshd.pid
 #MaxStartups 10:30:100
 #PermitTunnel no
 #ChrootDirectory none
 #VersionAddendum noneno default banner path#Banner none Accept locale-related environment variablesAcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
 AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
 AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
 AcceptEnv XMODIFIERSoverride default of no subsystemsSubsystem sftp internal-sftp Example of overriding settings on a per-user basis#Match User anoncvs X11Forwarding noAllowTcpForwarding noPermitTTY noForceCommand cvs serverMatch User amar 
 ForceCommand internal-sftp
 PasswordAuthentication yes
 ChrootDirectory /var/www/web
 PermitTunnel no
 AllowAgentForwarding no
 AllowTcpForwarding no
 X11Forwarding no
 [tony@stapp01 ~]$ sudo systemctl restart sshd.service
 [tony@stapp01 ~]$ sftp amar@localhost
 The authenticity of host ‘localhost (127.0.0.1)’ can’t be established.
 ECDSA key fingerprint is SHA256:MxAb7+RG4gKiYdaL/kXvXHK87USxZyCyMhd15HztY38.
 ECDSA key fingerprint is MD5:74:53:07:16:41:6e:0e:54:ad:9d:e5:97:7c:96:7d:91.
 Are you sure you want to continue connecting (yes/no)? yes
 Warning: Permanently added ‘localhost’ (ECDSA) to the list of known hosts.
 amar@localhost’s password:
 packet_write_wait: Connection to 127.0.0.1 port 22: Broken pipe
 Couldn’t read packet: Connection reset by peer
 [tony@stapp01 ~]$ sftp amar@stapp01
 The authenticity of host ‘stapp01 (172.16.238.10)’ can’t be established.
 ECDSA key fingerprint is SHA256:MxAb7+RG4gKiYdaL/kXvXHK87USxZyCyMhd15HztY38.
 ECDSA key fingerprint is MD5:74:53:07:16:41:6e:0e:54:ad:9d:e5:97:7c:96:7d:91.
 Are you sure you want to continue connecting (yes/no)? yes
 Warning: Permanently added ‘stapp01,172.16.238.10’ (ECDSA) to the list of known hosts.
 amar@stapp01’s password:
 packet_write_wait: Connection to 172.16.238.10 port 22: Broken pipe
 Couldn’t read packet: Connection reset by peer
 [tony@stapp01 ~]$ sftp amar@localhost ssh amar@stapp01
 usage: sftp [-1246aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
 [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit]
 [-o ssh_option] [-P port] [-R num_requests] [-S program]
 [-s subsystem | sftp_server] host
 sftp [user@]host[:file …]
 sftp [user@]host[:dir[/]]
 sftp -b batchfile [user@]host
 [tony@stapp01 ~]$ ssh amar@stapp01
 amar@stapp01’s password:
 Permission denied, please try again.
 amar@stapp01’s password:
 Permission denied, please try again.
 amar@stapp01’s password: