Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentesRévision précédente | |||
| elearning:workbooks:centos:8:admin:l119 [2022/06/05 17:55] – removed admin | elearning:workbooks:centos:8:admin:l119 [2022/06/05 17:58] (Version actuelle) – created admin | ||
|---|---|---|---|
| Ligne 1: | Ligne 1: | ||
| + | ~~PDF: | ||
| + | Version : **2022.01** | ||
| + | |||
| + | Updated : ~~LASTMOD~~ | ||
| + | |||
| + | ======LCE513 - Managing the Network====== | ||
| + | |||
| + | =====Contents===== | ||
| + | |||
| + | * **LCE513 - Managing the Network** | ||
| + | * Contents | ||
| + | * Presentation | ||
| + | * The nmcli Command | ||
| + | * LAB #1 - Configuring the Network | ||
| + | * 1.1 - Connections and Profils | ||
| + | * 1.2 - Name Resolution | ||
| + | * 1.3 - Adding a Second IP Address to a Profile | ||
| + | * 1.4 - The hostname Command | ||
| + | * 1.5 - The ip Command | ||
| + | * 1.6 - Manually Activating and Disactivating a Device | ||
| + | * 1.7 - Static Routing | ||
| + | * The ip Command | ||
| + | * Disactivating/ | ||
| + | * LAB #2 - Diagnostics | ||
| + | * 2.1 - The ping Command | ||
| + | * 2.2 - The netstat Command | ||
| + | * 2.3 - The traceroute Command | ||
| + | * LAB #3 - SSH | ||
| + | * 3.1 - Presentation | ||
| + | * SSH-1 | ||
| + | * SSH-2 | ||
| + | * 3.2 - Configuring the Server | ||
| + | * 3.3 - Configuring the Client | ||
| + | * 3.4 - SCP | ||
| + | * Presentation | ||
| + | * Usage | ||
| + | * 3.5 - Authentication with Asymetric Keys | ||
| + | |||
| + | =====Presentation===== | ||
| + | |||
| + | RHEL/CentOS 8 uses **Network Manager** to manage the network. Network Manager is composed of two things: | ||
| + | |||
| + | * a service that manages the connections and reports on their status, | ||
| + | * front-ends that use an API to configure the service. | ||
| + | |||
| + | <WRAP center round important 60%> | ||
| + | **Important** : Note that IPv6 is activated by default. | ||
| + | </ | ||
| + | |||
| + | Start by checking the status of the service: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# systemctl status NetworkManager.service | ||
| + | ● NetworkManager.service - Network Manager | ||
| + | | ||
| + | | ||
| + | Docs: man: | ||
| + | Main PID: 1002 (NetworkManager) | ||
| + | Tasks: 3 (limit: 23535) | ||
| + | | ||
| + | | ||
| + | | ||
| + | |||
| + | Warning: Journal has been rotated since unit was started. Log output is incomplete or> | ||
| + | lines 1-11/11 (END) | ||
| + | [^q] <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< | ||
| + | </ | ||
| + | |||
| + | ===The nmcli Command=== | ||
| + | |||
| + | The Network Manager Command Line Interface or **nmcli** is used to configure NetworkManager. | ||
| + | |||
| + | The command line switches of the nmcli command are: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli help | ||
| + | Usage: nmcli [OPTIONS] OBJECT { COMMAND | help } | ||
| + | |||
| + | OPTIONS | ||
| + | -a, --ask ask for missing parameters | ||
| + | -c, --colors auto|yes|no | ||
| + | -e, --escape yes|no | ||
| + | -f, --fields < | ||
| + | -g, --get-values < | ||
| + | -h, --help | ||
| + | -m, --mode tabular|multiline | ||
| + | -o, --overview | ||
| + | -p, --pretty | ||
| + | -s, --show-secrets | ||
| + | -t, --terse | ||
| + | -v, --version | ||
| + | -w, --wait < | ||
| + | |||
| + | OBJECT | ||
| + | g[eneral] | ||
| + | n[etworking] | ||
| + | r[adio] | ||
| + | c[onnection] | ||
| + | d[evice] | ||
| + | a[gent] | ||
| + | m[onitor] | ||
| + | </ | ||
| + | |||
| + | =====LAB #1 - Configuring the Network===== | ||
| + | |||
| + | ====1.1 - Connections and Profiles==== | ||
| + | |||
| + | NetworkManager uses **connections** and **profiles** that allow for different configurations of the same interface or **device**. To see the current connections, | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli c show | ||
| + | NAME UUID TYPE DEVICE | ||
| + | ens18 | ||
| + | virbr0 | ||
| + | </ | ||
| + | |||
| + | Now create another profile attached to **ens18** : | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli connection add con-name ip_fixed ifname ens18 type ethernet ip4 10.0.2.46/ | ||
| + | Connection ' | ||
| + | </ | ||
| + | |||
| + | Check that it is visible: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli c show | ||
| + | NAME | ||
| + | ens18 fc4a4d23-b15e-47a7-bcfa-b2e08f49553e | ||
| + | virbr0 | ||
| + | ip_fixed 0f48c74d-5d16-4c37-8220-24644507b589 | ||
| + | </ | ||
| + | |||
| + | Note that the output does not show that the **ip_fixed** profile is associated with **ens18** device because it has not yet been activated: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli d show | ||
| + | GENERAL.DEVICE: | ||
| + | GENERAL.TYPE: | ||
| + | GENERAL.HWADDR: | ||
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | WIRED-PROPERTIES.CARRIER: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP4.ROUTE[2]: | ||
| + | IP4.DNS[1]: | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| + | IP6.ROUTE[2]: | ||
| + | |||
| + | GENERAL.DEVICE: | ||
| + | GENERAL.TYPE: | ||
| + | GENERAL.HWADDR: | ||
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP6.GATEWAY: | ||
| + | |||
| + | GENERAL.DEVICE: | ||
| + | GENERAL.TYPE: | ||
| + | GENERAL.HWADDR: | ||
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| + | |||
| + | GENERAL.DEVICE: | ||
| + | GENERAL.TYPE: | ||
| + | GENERAL.HWADDR: | ||
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | lines 28-50/50 (END) | ||
| + | [q] | ||
| + | </ | ||
| + | |||
| + | To activate the ip_fixed profile, use the following command: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli connection up ip_fixed | ||
| + | |||
| + | </ | ||
| + | |||
| + | Note that because of the IP address change, your terminal is now blocked. | ||
| + | |||
| + | <WRAP center round todo 60%> | ||
| + | **To do** - Reconnect to the VM using the **CentOS8_SSH_10.0.2.46** connection. | ||
| + | </ | ||
| + | |||
| + | The ip_fixed is now activated and the enp0s3 has been disactivated: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli c show | ||
| + | NAME | ||
| + | ip_fixed 0f48c74d-5d16-4c37-8220-24644507b589 | ||
| + | virbr0 | ||
| + | ens18 fc4a4d23-b15e-47a7-bcfa-b2e08f49553e | ||
| + | |||
| + | [root@centos8 ~]# nmcli d show | ||
| + | GENERAL.DEVICE: | ||
| + | GENERAL.TYPE: | ||
| + | GENERAL.HWADDR: | ||
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | WIRED-PROPERTIES.CARRIER: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP4.ROUTE[2]: | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| + | IP6.ROUTE[2]: | ||
| + | |||
| + | GENERAL.DEVICE: | ||
| + | GENERAL.TYPE: | ||
| + | GENERAL.HWADDR: | ||
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP6.GATEWAY: | ||
| + | |||
| + | GENERAL.DEVICE: | ||
| + | GENERAL.TYPE: | ||
| + | GENERAL.HWADDR: | ||
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| + | |||
| + | GENERAL.DEVICE: | ||
| + | GENERAL.TYPE: | ||
| + | GENERAL.HWADDR: | ||
| + | GENERAL.MTU: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.CONNECTION: | ||
| + | GENERAL.CON-PATH: | ||
| + | lines 27-49/49 (END) | ||
| + | [q] | ||
| + | </ | ||
| + | |||
| + | To see the characteristics of **ens18** connection, use the following command: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli -p connection show ens18 | ||
| + | =============================================================================== | ||
| + | Connection profile details (ens18) | ||
| + | =============================================================================== | ||
| + | connection.id: | ||
| + | connection.uuid: | ||
| + | connection.stable-id: | ||
| + | connection.type: | ||
| + | connection.interface-name: | ||
| + | connection.autoconnect: | ||
| + | connection.autoconnect-priority: | ||
| + | connection.autoconnect-retries: | ||
| + | connection.multi-connect: | ||
| + | connection.auth-retries: | ||
| + | connection.timestamp: | ||
| + | connection.read-only: | ||
| + | connection.permissions: | ||
| + | connection.zone: | ||
| + | connection.master: | ||
| + | connection.slave-type: | ||
| + | connection.autoconnect-slaves: | ||
| + | connection.secondaries: | ||
| + | connection.gateway-ping-timeout: | ||
| + | connection.metered: | ||
| + | connection.lldp: | ||
| + | connection.mdns: | ||
| + | connection.llmnr: | ||
| + | connection.wait-device-timeout: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | 802-3-ethernet.port: | ||
| + | 802-3-ethernet.speed: | ||
| + | 802-3-ethernet.duplex: | ||
| + | 802-3-ethernet.auto-negotiate: | ||
| + | 802-3-ethernet.mac-address: | ||
| + | 802-3-ethernet.cloned-mac-address: | ||
| + | 802-3-ethernet.generate-mac-address-mask: | ||
| + | 802-3-ethernet.mac-address-blacklist: | ||
| + | 802-3-ethernet.mtu: | ||
| + | 802-3-ethernet.s390-subchannels: | ||
| + | 802-3-ethernet.s390-nettype: | ||
| + | 802-3-ethernet.s390-options: | ||
| + | 802-3-ethernet.wake-on-lan: | ||
| + | 802-3-ethernet.wake-on-lan-password: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | ipv4.method: | ||
| + | ipv4.dns: | ||
| + | ipv4.dns-search: | ||
| + | ipv4.dns-options: | ||
| + | ipv4.dns-priority: | ||
| + | ipv4.addresses: | ||
| + | ipv4.gateway: | ||
| + | ipv4.routes: | ||
| + | ipv4.route-metric: | ||
| + | ipv4.route-table: | ||
| + | ipv4.routing-rules: | ||
| + | ipv4.ignore-auto-routes: | ||
| + | ipv4.ignore-auto-dns: | ||
| + | ipv4.dhcp-client-id: | ||
| + | ipv4.dhcp-iaid: | ||
| + | ipv4.dhcp-timeout: | ||
| + | ipv4.dhcp-send-hostname: | ||
| + | ipv4.dhcp-hostname: | ||
| + | ipv4.dhcp-fqdn: | ||
| + | ipv4.dhcp-hostname-flags: | ||
| + | ipv4.never-default: | ||
| + | ipv4.may-fail: | ||
| + | ipv4.dad-timeout: | ||
| + | ipv4.dhcp-vendor-class-identifier: | ||
| + | ipv4.dhcp-reject-servers: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | ipv6.method: | ||
| + | ipv6.dns: | ||
| + | ipv6.dns-search: | ||
| + | ipv6.dns-options: | ||
| + | ipv6.dns-priority: | ||
| + | ipv6.addresses: | ||
| + | ipv6.gateway: | ||
| + | ipv6.routes: | ||
| + | ipv6.route-metric: | ||
| + | ipv6.route-table: | ||
| + | ipv6.routing-rules: | ||
| + | ipv6.ignore-auto-routes: | ||
| + | ipv6.ignore-auto-dns: | ||
| + | ipv6.never-default: | ||
| + | ipv6.may-fail: | ||
| + | ipv6.ip6-privacy: | ||
| + | ipv6.addr-gen-mode: | ||
| + | ipv6.ra-timeout: | ||
| + | ipv6.dhcp-duid: | ||
| + | ipv6.dhcp-iaid: | ||
| + | ipv6.dhcp-timeout: | ||
| + | ipv6.dhcp-send-hostname: | ||
| + | ipv6.dhcp-hostname: | ||
| + | ipv6.dhcp-hostname-flags: | ||
| + | ipv6.token: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | proxy.method: | ||
| + | proxy.browser-only: | ||
| + | proxy.pac-url: | ||
| + | proxy.pac-script: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | lines 56-100/100 (END) | ||
| + | [q] | ||
| + | </ | ||
| + | |||
| + | To see the characteristics of the **ip_fixed** profile, use the following command: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli -p connection show ip_fixed | ||
| + | =============================================================================== | ||
| + | | ||
| + | =============================================================================== | ||
| + | connection.id: | ||
| + | connection.uuid: | ||
| + | connection.stable-id: | ||
| + | connection.type: | ||
| + | connection.interface-name: | ||
| + | connection.autoconnect: | ||
| + | connection.autoconnect-priority: | ||
| + | connection.autoconnect-retries: | ||
| + | connection.multi-connect: | ||
| + | connection.auth-retries: | ||
| + | connection.timestamp: | ||
| + | connection.read-only: | ||
| + | connection.permissions: | ||
| + | connection.zone: | ||
| + | connection.master: | ||
| + | connection.slave-type: | ||
| + | connection.autoconnect-slaves: | ||
| + | connection.secondaries: | ||
| + | connection.gateway-ping-timeout: | ||
| + | connection.metered: | ||
| + | connection.lldp: | ||
| + | connection.mdns: | ||
| + | connection.llmnr: | ||
| + | connection.wait-device-timeout: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | 802-3-ethernet.port: | ||
| + | 802-3-ethernet.speed: | ||
| + | 802-3-ethernet.duplex: | ||
| + | 802-3-ethernet.auto-negotiate: | ||
| + | 802-3-ethernet.mac-address: | ||
| + | 802-3-ethernet.cloned-mac-address: | ||
| + | 802-3-ethernet.generate-mac-address-mask: | ||
| + | 802-3-ethernet.mac-address-blacklist: | ||
| + | 802-3-ethernet.mtu: | ||
| + | 802-3-ethernet.s390-subchannels: | ||
| + | 802-3-ethernet.s390-nettype: | ||
| + | 802-3-ethernet.s390-options: | ||
| + | 802-3-ethernet.wake-on-lan: | ||
| + | 802-3-ethernet.wake-on-lan-password: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | ipv4.method: | ||
| + | ipv4.dns: | ||
| + | ipv4.dns-search: | ||
| + | ipv4.dns-options: | ||
| + | ipv4.dns-priority: | ||
| + | ipv4.addresses: | ||
| + | ipv4.gateway: | ||
| + | ipv4.routes: | ||
| + | ipv4.route-metric: | ||
| + | ipv4.route-table: | ||
| + | ipv4.routing-rules: | ||
| + | ipv4.ignore-auto-routes: | ||
| + | ipv4.ignore-auto-dns: | ||
| + | ipv4.dhcp-client-id: | ||
| + | ipv4.dhcp-iaid: | ||
| + | ipv4.dhcp-timeout: | ||
| + | ipv4.dhcp-send-hostname: | ||
| + | ipv4.dhcp-hostname: | ||
| + | ipv4.dhcp-fqdn: | ||
| + | ipv4.dhcp-hostname-flags: | ||
| + | ipv4.never-default: | ||
| + | ipv4.may-fail: | ||
| + | ipv4.dad-timeout: | ||
| + | ipv4.dhcp-vendor-class-identifier: | ||
| + | ipv4.dhcp-reject-servers: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | ipv6.method: | ||
| + | ipv6.dns: | ||
| + | ipv6.dns-search: | ||
| + | ipv6.dns-options: | ||
| + | ipv6.dns-priority: | ||
| + | ipv6.addresses: | ||
| + | ipv6.gateway: | ||
| + | ipv6.routes: | ||
| + | ipv6.route-metric: | ||
| + | ipv6.route-table: | ||
| + | ipv6.routing-rules: | ||
| + | ipv6.ignore-auto-routes: | ||
| + | ipv6.ignore-auto-dns: | ||
| + | ipv6.never-default: | ||
| + | ipv6.may-fail: | ||
| + | ipv6.ip6-privacy: | ||
| + | ipv6.addr-gen-mode: | ||
| + | ipv6.ra-timeout: | ||
| + | ipv6.dhcp-duid: | ||
| + | ipv6.dhcp-iaid: | ||
| + | ipv6.dhcp-timeout: | ||
| + | ipv6.dhcp-send-hostname: | ||
| + | ipv6.dhcp-hostname: | ||
| + | ipv6.dhcp-hostname-flags: | ||
| + | ipv6.token: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | proxy.method: | ||
| + | proxy.browser-only: | ||
| + | proxy.pac-url: | ||
| + | proxy.pac-script: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | =============================================================================== | ||
| + | Activate connection details (0f48c74d-5d16-4c37-8220-24644507b589) | ||
| + | =============================================================================== | ||
| + | GENERAL.NAME: | ||
| + | GENERAL.UUID: | ||
| + | GENERAL.DEVICES: | ||
| + | GENERAL.IP-IFACE: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.DEFAULT: | ||
| + | GENERAL.DEFAULT6: | ||
| + | GENERAL.SPEC-OBJECT: | ||
| + | GENERAL.VPN: | ||
| + | GENERAL.DBUS-PATH: | ||
| + | GENERAL.CON-PATH: | ||
| + | GENERAL.ZONE: | ||
| + | GENERAL.MASTER-PATH: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP4.ROUTE[2]: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| + | IP6.ROUTE[2]: | ||
| + | ------------------------------------------------------------------------------- | ||
| + | lines 83-127/127 (END) | ||
| + | [q] | ||
| + | </ | ||
| + | |||
| + | To see a list of the profiles associated with a device, use the following command: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli -f CONNECTIONS device show ens18 | ||
| + | CONNECTIONS.AVAILABLE-CONNECTION-PATHS: | ||
| + | CONNECTIONS.AVAILABLE-CONNECTIONS[1]: | ||
| + | CONNECTIONS.AVAILABLE-CONNECTIONS[2]: | ||
| + | </ | ||
| + | |||
| + | The configuration files for the **ens18** device can be found in the **/ | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# ls -l / | ||
| + | -rw-r--r--. 1 root root 417 Jun 16 06:39 ifcfg-ens18 | ||
| + | -rw-r--r--. 1 root root 326 Aug 29 03:58 ifcfg-ip_fixed | ||
| + | </ | ||
| + | |||
| + | ====1.2 - Name Resolution==== | ||
| + | |||
| + | Looking at the **/ | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# cat / | ||
| + | TYPE=Ethernet | ||
| + | PROXY_METHOD=none | ||
| + | BROWSER_ONLY=no | ||
| + | BOOTPROTO=none | ||
| + | IPADDR=10.0.2.46 | ||
| + | PREFIX=24 | ||
| + | GATEWAY=10.0.2.1 | ||
| + | DEFROUTE=yes | ||
| + | IPV4_FAILURE_FATAL=no | ||
| + | IPV6INIT=yes | ||
| + | IPV6_AUTOCONF=yes | ||
| + | IPV6_DEFROUTE=yes | ||
| + | IPV6_FAILURE_FATAL=no | ||
| + | IPV6_ADDR_GEN_MODE=stable-privacy | ||
| + | NAME=ip_fixed | ||
| + | UUID=0f48c74d-5d16-4c37-8220-24644507b589 | ||
| + | DEVICE=ens18 | ||
| + | ONBOOT=yes | ||
| + | </ | ||
| + | |||
| + | As a result there is currently no name resolution : | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# ping www.free.fr | ||
| + | ping: www.free.fr: | ||
| + | </ | ||
| + | |||
| + | Modify the **ip_fixed** profile to rectify this: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli connection mod ip_fixed ipv4.dns 8.8.8.8 | ||
| + | </ | ||
| + | |||
| + | Consulting the **/ | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# cat / | ||
| + | TYPE=Ethernet | ||
| + | PROXY_METHOD=none | ||
| + | BROWSER_ONLY=no | ||
| + | BOOTPROTO=none | ||
| + | IPADDR=10.0.2.46 | ||
| + | PREFIX=24 | ||
| + | GATEWAY=10.0.2.1 | ||
| + | DEFROUTE=yes | ||
| + | IPV4_FAILURE_FATAL=no | ||
| + | IPV6INIT=yes | ||
| + | IPV6_AUTOCONF=yes | ||
| + | IPV6_DEFROUTE=yes | ||
| + | IPV6_FAILURE_FATAL=no | ||
| + | IPV6_ADDR_GEN_MODE=stable-privacy | ||
| + | NAME=ip_fixed | ||
| + | UUID=0f48c74d-5d16-4c37-8220-24644507b589 | ||
| + | DEVICE=ens18 | ||
| + | ONBOOT=yes | ||
| + | DNS1=8.8.8.8 | ||
| + | </ | ||
| + | |||
| + | Restart the NetworkManager service to apply this change: | ||
| + | |||
| + | < | ||
| + | root@centos8 ~]# systemctl restart NetworkManager.service | ||
| + | [root@centos8 ~]# systemctl status NetworkManager.service | ||
| + | ● NetworkManager.service - Network Manager | ||
| + | | ||
| + | | ||
| + | Docs: man: | ||
| + | Main PID: 973390 (NetworkManager) | ||
| + | Tasks: 4 (limit: 23535) | ||
| + | | ||
| + | | ||
| + | | ||
| + | |||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | Aug 29 04:15:12 centos8.ittraining.loc NetworkManager[973390]: | ||
| + | lines 1-20/20 (END) | ||
| + | [q] | ||
| + | </ | ||
| + | |||
| + | Now check that the **/ | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# cat / | ||
| + | # Generated by NetworkManager | ||
| + | search ittraining.loc | ||
| + | nameserver 8.8.8.8 | ||
| + | </ | ||
| + | |||
| + | Lastly, check the name resolution: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# ping www.free.fr | ||
| + | PING www.free.fr (212.27.48.10) 56(84) bytes of data. | ||
| + | 64 bytes from www.free.fr (212.27.48.10): | ||
| + | 64 bytes from www.free.fr (212.27.48.10): | ||
| + | 64 bytes from www.free.fr (212.27.48.10): | ||
| + | 64 bytes from www.free.fr (212.27.48.10): | ||
| + | ^C | ||
| + | --- www.free.fr ping statistics --- | ||
| + | 4 packets transmitted, | ||
| + | rtt min/ | ||
| + | </ | ||
| + | |||
| + | <WRAP center round important 60%> | ||
| + | **Important** : Notez qu'il existe un front-end graphique en mode texte, **nmtui**, pour configurer NetworkManager. | ||
| + | </ | ||
| + | |||
| + | ====1.3 - Adding a Second IP Addresse to a Profile==== | ||
| + | |||
| + | To add a second IP address, use the following command: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli connection mod ip_fixed +ipv4.addresses 192.168.1.2/ | ||
| + | </ | ||
| + | |||
| + | Reload the profile: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli con up ip_fixed | ||
| + | </ | ||
| + | |||
| + | Check that the new IP address is visible: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# nmcli connection show ip_fixed | ||
| + | connection.id: | ||
| + | connection.uuid: | ||
| + | connection.stable-id: | ||
| + | connection.type: | ||
| + | connection.interface-name: | ||
| + | connection.autoconnect: | ||
| + | connection.autoconnect-priority: | ||
| + | connection.autoconnect-retries: | ||
| + | connection.multi-connect: | ||
| + | connection.auth-retries: | ||
| + | connection.timestamp: | ||
| + | connection.read-only: | ||
| + | connection.permissions: | ||
| + | connection.zone: | ||
| + | connection.master: | ||
| + | connection.slave-type: | ||
| + | connection.autoconnect-slaves: | ||
| + | connection.secondaries: | ||
| + | connection.gateway-ping-timeout: | ||
| + | connection.metered: | ||
| + | connection.lldp: | ||
| + | connection.mdns: | ||
| + | connection.llmnr: | ||
| + | connection.wait-device-timeout: | ||
| + | 802-3-ethernet.port: | ||
| + | 802-3-ethernet.speed: | ||
| + | 802-3-ethernet.duplex: | ||
| + | 802-3-ethernet.auto-negotiate: | ||
| + | 802-3-ethernet.mac-address: | ||
| + | 802-3-ethernet.cloned-mac-address: | ||
| + | 802-3-ethernet.generate-mac-address-mask: | ||
| + | 802-3-ethernet.mac-address-blacklist: | ||
| + | 802-3-ethernet.mtu: | ||
| + | 802-3-ethernet.s390-subchannels: | ||
| + | 802-3-ethernet.s390-nettype: | ||
| + | 802-3-ethernet.s390-options: | ||
| + | 802-3-ethernet.wake-on-lan: | ||
| + | 802-3-ethernet.wake-on-lan-password: | ||
| + | ipv4.method: | ||
| + | ipv4.dns: | ||
| + | ipv4.dns-search: | ||
| + | ipv4.dns-options: | ||
| + | ipv4.dns-priority: | ||
| + | ipv4.addresses: | ||
| + | ipv4.gateway: | ||
| + | ipv4.routes: | ||
| + | ipv4.route-metric: | ||
| + | ipv4.route-table: | ||
| + | ipv4.routing-rules: | ||
| + | ipv4.ignore-auto-routes: | ||
| + | ipv4.ignore-auto-dns: | ||
| + | ipv4.dhcp-client-id: | ||
| + | ipv4.dhcp-iaid: | ||
| + | ipv4.dhcp-timeout: | ||
| + | ipv4.dhcp-send-hostname: | ||
| + | ipv4.dhcp-hostname: | ||
| + | ipv4.dhcp-fqdn: | ||
| + | ipv4.dhcp-hostname-flags: | ||
| + | ipv4.never-default: | ||
| + | ipv4.may-fail: | ||
| + | ipv4.dad-timeout: | ||
| + | ipv4.dhcp-vendor-class-identifier: | ||
| + | ipv4.dhcp-reject-servers: | ||
| + | ipv6.method: | ||
| + | ipv6.dns: | ||
| + | ipv6.dns-search: | ||
| + | ipv6.dns-options: | ||
| + | ipv6.dns-priority: | ||
| + | ipv6.addresses: | ||
| + | ipv6.gateway: | ||
| + | ipv6.routes: | ||
| + | ipv6.route-metric: | ||
| + | ipv6.route-table: | ||
| + | ipv6.routing-rules: | ||
| + | ipv6.ignore-auto-routes: | ||
| + | ipv6.ignore-auto-dns: | ||
| + | ipv6.never-default: | ||
| + | ipv6.may-fail: | ||
| + | ipv6.ip6-privacy: | ||
| + | ipv6.addr-gen-mode: | ||
| + | ipv6.ra-timeout: | ||
| + | ipv6.dhcp-duid: | ||
| + | ipv6.dhcp-iaid: | ||
| + | ipv6.dhcp-timeout: | ||
| + | ipv6.dhcp-send-hostname: | ||
| + | ipv6.dhcp-hostname: | ||
| + | ipv6.dhcp-hostname-flags: | ||
| + | ipv6.token: | ||
| + | proxy.method: | ||
| + | proxy.browser-only: | ||
| + | proxy.pac-url: | ||
| + | proxy.pac-script: | ||
| + | GENERAL.NAME: | ||
| + | GENERAL.UUID: | ||
| + | GENERAL.DEVICES: | ||
| + | GENERAL.IP-IFACE: | ||
| + | GENERAL.STATE: | ||
| + | GENERAL.DEFAULT: | ||
| + | GENERAL.DEFAULT6: | ||
| + | GENERAL.SPEC-OBJECT: | ||
| + | GENERAL.VPN: | ||
| + | GENERAL.DBUS-PATH: | ||
| + | GENERAL.CON-PATH: | ||
| + | GENERAL.ZONE: | ||
| + | GENERAL.MASTER-PATH: | ||
| + | IP4.ADDRESS[1]: | ||
| + | IP4.ADDRESS[2]: | ||
| + | IP4.GATEWAY: | ||
| + | IP4.ROUTE[1]: | ||
| + | IP4.ROUTE[2]: | ||
| + | IP4.ROUTE[3]: | ||
| + | IP4.DNS[1]: | ||
| + | IP6.ADDRESS[1]: | ||
| + | IP6.GATEWAY: | ||
| + | IP6.ROUTE[1]: | ||
| + | IP6.ROUTE[2]: | ||
| + | lines 72-116/116 (END) | ||
| + | [q] | ||
| + | </ | ||
| + | |||
| + | <WRAP center round important 60%> | ||
| + | **Important** : Note the second address on the **ipv4.addresses: | ||
| + | </ | ||
| + | |||
| + | Now check the **/ | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# cat / | ||
| + | TYPE=Ethernet | ||
| + | PROXY_METHOD=none | ||
| + | BROWSER_ONLY=no | ||
| + | BOOTPROTO=none | ||
| + | IPADDR=10.0.2.46 | ||
| + | PREFIX=24 | ||
| + | GATEWAY=10.0.2.1 | ||
| + | DEFROUTE=yes | ||
| + | IPV4_FAILURE_FATAL=no | ||
| + | IPV6INIT=yes | ||
| + | IPV6_AUTOCONF=yes | ||
| + | IPV6_DEFROUTE=yes | ||
| + | IPV6_FAILURE_FATAL=no | ||
| + | IPV6_ADDR_GEN_MODE=stable-privacy | ||
| + | NAME=ip_fixed | ||
| + | UUID=0f48c74d-5d16-4c37-8220-24644507b589 | ||
| + | DEVICE=ens18 | ||
| + | ONBOOT=yes | ||
| + | DNS1=8.8.8.8 | ||
| + | IPADDR1=192.168.1.2 | ||
| + | PREFIX1=24 | ||
| + | </ | ||
| + | |||
| + | <WRAP center round important 60%> | ||
| + | **Important** : Note the addition of the **IPADDR1=192.168.1.2** line. | ||
| + | </ | ||
| + | |||
| + | ====1.4 - The hostname Command==== | ||
| + | |||
| + | Any change to the hostname is immediate and permanent: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# hostname | ||
| + | centos8.ittraining.loc | ||
| + | |||
| + | [root@centos8 ~]# nmcli general hostname centos.ittraining.loc | ||
| + | |||
| + | [root@centos8 ~]# cat / | ||
| + | centos.ittraining.loc | ||
| + | |||
| + | [root@centos8 ~]# hostname | ||
| + | centos.ittraining.loc | ||
| + | |||
| + | [root@centos8 ~]# nmcli general hostname centos8.ittraining.loc | ||
| + | |||
| + | [root@centos8 ~]# cat / | ||
| + | centos8.ittraining.loc | ||
| + | |||
| + | [root@centos8 ~]# hostname | ||
| + | centos8.ittraining.loc | ||
| + | </ | ||
| + | |||
| + | ====1.5 - The ip Command==== | ||
| + | |||
| + | Use of the **ip** command is now preferred over the use of the ifconfig command: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# ip address | ||
| + | 1: lo: < | ||
| + | link/ | ||
| + | inet 127.0.0.1/8 scope host lo | ||
| + | | ||
| + | inet6 ::1/128 scope host | ||
| + | | ||
| + | 2: ens18: < | ||
| + | link/ether 4e: | ||
| + | inet 10.0.2.46/ | ||
| + | | ||
| + | inet 192.168.1.2/ | ||
| + | | ||
| + | inet6 fe80:: | ||
| + | | ||
| + | 3: virbr0: < | ||
| + | link/ether 52: | ||
| + | inet 192.168.122.1/ | ||
| + | | ||
| + | 4: virbr0-nic: < | ||
| + | link/ether 52: | ||
| + | </ | ||
| + | |||
| + | ===Command Line Switches=== | ||
| + | |||
| + | The command line switches of this command are: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# ip --help | ||
| + | Usage: ip [ OPTIONS ] OBJECT { COMMAND | help } | ||
| + | ip [ -force ] -batch filename | ||
| + | where OBJECT := { link | address | addrlabel | route | rule | neigh | ntable | | ||
| + | | ||
| + | netns | l2tp | fou | macsec | tcp_metrics | token | netconf | ila | | ||
| + | vrf | sr | nexthop | mptcp } | ||
| + | | ||
| + | -h[uman-readable] | -iec | -j[son] | -p[retty] | | ||
| + | -f[amily] { inet | inet6 | mpls | bridge | link } | | ||
| + | -4 | -6 | -I | -D | -M | -B | -0 | | ||
| + | -l[oops] { maximum-addr-flush-attempts } | -br[ief] | | ||
| + | -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] | | ||
| + | -rc[vbuf] [size] | -n[etns] name | -N[umeric] | -a[ll] | | ||
| + | -c[olor]} | ||
| + | |||
| + | </ | ||
| + | |||
| + | ====1.6 - Manually Activating and Disactivating a Device==== | ||
| + | |||
| + | Two commands exist for this purpose: | ||
| + | |||
| + | < | ||
| + | # nmcli device disconnect enp0s3 | ||
| + | # nmcli device connect enp0s3 | ||
| + | </ | ||
| + | |||
| + | <WRAP center round important 60%> | ||
| + | **Important** : Do **NOT** execute these two commands. | ||
| + | </ | ||
| + | |||
| + | ====1.7 - Static Routing==== | ||
| + | |||
| + | ===The ip Command=== | ||
| + | |||
| + | To delete the 192.168.1.0 route, use the following command: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# ip route | ||
| + | default via 10.0.2.1 dev ens18 proto static metric 100 | ||
| + | 10.0.2.0/24 dev ens18 proto kernel scope link src 10.0.2.46 metric 100 | ||
| + | 192.168.1.0/ | ||
| + | 192.168.122.0/ | ||
| + | |||
| + | root@centos8 ~]# ip route del 192.168.1.0/ | ||
| + | [root@centos8 ~]# ip route | ||
| + | default via 10.0.2.1 dev ens18 proto static metric 100 | ||
| + | 10.0.2.0/24 dev ens18 proto kernel scope link src 10.0.2.46 metric 100 | ||
| + | 192.168.122.0/ | ||
| + | </ | ||
| + | |||
| + | To add a route for the 192.168.1.0 network, use the following command: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# ip route add 192.168.1.0/ | ||
| + | [root@centos8 ~]# ip route | ||
| + | default via 10.0.2.1 dev ens18 proto static metric 100 | ||
| + | 10.0.2.0/24 dev ens18 proto kernel scope link src 10.0.2.46 metric 100 | ||
| + | 192.168.1.0/ | ||
| + | 192.168.122.0/ | ||
| + | </ | ||
| + | |||
| + | <WRAP center round important 60%> | ||
| + | **Important** - The command used to add a default gateway is **ip route add default via // | ||
| + | </ | ||
| + | |||
| + | ===Disactivating/ | ||
| + | |||
| + | To disactivate internal routing between interfaces, use the following command: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# cat / | ||
| + | 1 | ||
| + | [root@centos8 ~]# echo 0 > / | ||
| + | [root@centos8 ~]# cat / | ||
| + | 0 | ||
| + | </ | ||
| + | |||
| + | To activate internal routing between interfaces, use the following command: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# echo 1 > / | ||
| + | [root@centos8 ~]# cat / | ||
| + | 1 | ||
| + | </ | ||
| + | |||
| + | =====LAB #2 - Diagnostics===== | ||
| + | |||
| + | ====2.1 - ping==== | ||
| + | |||
| + | To test whether a destination can be reached, use the **ping** command: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# ping -c4 10.0.2.1 | ||
| + | PING 10.0.2.1 (10.0.2.1) 56(84) bytes of data. | ||
| + | 64 bytes from 10.0.2.1: icmp_seq=1 ttl=64 time=0.104 ms | ||
| + | 64 bytes from 10.0.2.1: icmp_seq=2 ttl=64 time=0.325 ms | ||
| + | 64 bytes from 10.0.2.1: icmp_seq=3 ttl=64 time=0.250 ms | ||
| + | 64 bytes from 10.0.2.1: icmp_seq=4 ttl=64 time=0.123 ms | ||
| + | |||
| + | --- 10.0.2.1 ping statistics --- | ||
| + | 4 packets transmitted, | ||
| + | rtt min/ | ||
| + | </ | ||
| + | |||
| + | ===Command Line Switches=== | ||
| + | |||
| + | The command line switches of this command are: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# ping --help | ||
| + | ping: invalid option -- ' | ||
| + | Usage: ping [-aAbBdDfhLnOqrRUvV64] [-c count] [-i interval] [-I interface] | ||
| + | [-m mark] [-M pmtudisc_option] [-l preload] [-p pattern] [-Q tos] | ||
| + | [-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option] | ||
| + | [-w deadline] [-W timeout] [hop1 ...] destination | ||
| + | Usage: ping -6 [-aAbBdDfhLnOqrRUvV] [-c count] [-i interval] [-I interface] | ||
| + | [-l preload] [-m mark] [-M pmtudisc_option] | ||
| + | [-N nodeinfo_option] [-p pattern] [-Q tclass] [-s packetsize] | ||
| + | [-S sndbuf] [-t ttl] [-T timestamp_option] [-w deadline] | ||
| + | [-W timeout] destination | ||
| + | </ | ||
| + | |||
| + | ====2.2 - netstat -i==== | ||
| + | |||
| + | To see networking statistics, use the **netstat** command: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# netstat -i | ||
| + | Kernel Interface table | ||
| + | Iface | ||
| + | ens18 1500 | ||
| + | lo 65536 10936 0 0 0 | ||
| + | virbr0 | ||
| + | </ | ||
| + | |||
| + | ===Command Line Switches=== | ||
| + | |||
| + | The command line switches of this command are: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# netstat --help | ||
| + | usage: netstat [-vWeenNcCF] [< | ||
| + | | ||
| + | | ||
| + | |||
| + | -r, --route | ||
| + | -I, --interfaces=< | ||
| + | -i, --interfaces | ||
| + | -g, --groups | ||
| + | -s, --statistics | ||
| + | -M, --masquerade | ||
| + | |||
| + | -v, --verbose | ||
| + | -W, --wide | ||
| + | -n, --numeric | ||
| + | --numeric-hosts | ||
| + | --numeric-ports | ||
| + | --numeric-users | ||
| + | -N, --symbolic | ||
| + | -e, --extend | ||
| + | -p, --programs | ||
| + | -o, --timers | ||
| + | -c, --continuous | ||
| + | |||
| + | -l, --listening | ||
| + | -a, --all display all sockets (default: connected) | ||
| + | -F, --fib display Forwarding Information Base (default) | ||
| + | -C, --cache | ||
| + | -Z, --context | ||
| + | |||
| + | < | ||
| + | | ||
| + | < | ||
| + | List of possible address families (which support routing): | ||
| + | inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) | ||
| + | netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) | ||
| + | x25 (CCITT X.25) | ||
| + | </ | ||
| + | |||
| + | ====2.3 - traceroute==== | ||
| + | |||
| + | This command is used to discover the route taken to reach a specified destination: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# traceroute www.ittraining.network | ||
| + | bash: traceroute: command not found... | ||
| + | Install package ' | ||
| + | |||
| + | |||
| + | * Waiting in queue... | ||
| + | The following packages have to be installed: | ||
| + | | ||
| + | Proceed with changes? [N/y] y | ||
| + | |||
| + | |||
| + | * Waiting in queue... | ||
| + | * Waiting for authentication... | ||
| + | * Waiting in queue... | ||
| + | * Downloading packages... | ||
| + | * Requesting data... | ||
| + | * Testing changes... | ||
| + | * Installing packages... | ||
| + | traceroute to www.ittraining.network (109.228.56.52), | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | | ||
| + | 10 ae-14.bb-b.fr7.fra.de.oneandone.net (212.227.120.149) | ||
| + | 11 port-channel-3.gw-ngcs-1.dc1.con.glo.gb.oneandone.net (88.208.255.131) | ||
| + | 12 109.228.63.209 (109.228.63.209) | ||
| + | 13 * 109.228.63.209 (109.228.63.209) | ||
| + | 14 * * * | ||
| + | 15 * * * | ||
| + | 16 * * * | ||
| + | 17 * * * | ||
| + | 18 * * * | ||
| + | 19 * * * | ||
| + | 20 * * * | ||
| + | 21 * * * | ||
| + | 22 * * * | ||
| + | 23 * * * | ||
| + | 24 * * * | ||
| + | 25 * * * | ||
| + | 26 * * * | ||
| + | 27 * * * | ||
| + | 28 * * * | ||
| + | 29 * * *^C | ||
| + | </ | ||
| + | |||
| + | ===Command Line Switches=== | ||
| + | |||
| + | The command line switches of this command are: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# traceroute --help | ||
| + | Usage: | ||
| + | traceroute [ -46dFITnreAUDV ] [ -f first_ttl ] [ -g gate,... ] [ -i device ] [ -m max_ttl ] [ -N squeries ] [ -p port ] [ -t tos ] [ -l flow_label ] [ -w MAX, | ||
| + | Options: | ||
| + | -4 Use IPv4 | ||
| + | -6 Use IPv6 | ||
| + | -d --debug | ||
| + | -F --dont-fragment | ||
| + | -f first_ttl | ||
| + | Start from the first_ttl hop (instead from 1) | ||
| + | -g gate, | ||
| + | Route packets through the specified gateway | ||
| + | (maximum 8 for IPv4 and 127 for IPv6) | ||
| + | -I --icmp | ||
| + | -T --tcp Use TCP SYN for tracerouting (default port is 80) | ||
| + | -i device | ||
| + | Specify a network interface to operate with | ||
| + | -m max_ttl | ||
| + | Set the max number of hops (max TTL to be | ||
| + | reached). Default is 30 | ||
| + | -N squeries | ||
| + | Set the number of probes to be tried | ||
| + | simultaneously (default is 16) | ||
| + | -n Do not resolve IP addresses to their domain names | ||
| + | -p port --port=port | ||
| + | initial udp port value for " | ||
| + | (incremented by each probe, default is 33434), or | ||
| + | initial seq for " | ||
| + | default from 1), or some constant destination | ||
| + | port for other methods (with default of 80 for | ||
| + | " | ||
| + | -t tos --tos=tos | ||
| + | traffic class) value for outgoing packets | ||
| + | -l flow_label | ||
| + | Use specified flow_label for IPv6 packets | ||
| + | -w MAX, | ||
| + | Wait for a probe no more than HERE (default 3) | ||
| + | times longer than a response from the same hop, | ||
| + | or no more than NEAR (default 10) times than some | ||
| + | next hop, or MAX (default 5.0) seconds (float | ||
| + | point values allowed too) | ||
| + | -q nqueries | ||
| + | Set the number of probes per each hop. Default is | ||
| + | 3 | ||
| + | -r Bypass the normal routing and send directly to a | ||
| + | host on an attached network | ||
| + | -s src_addr | ||
| + | Use source src_addr for outgoing packets | ||
| + | -z sendwait | ||
| + | Minimal time interval between probes (default 0). | ||
| + | If the value is more than 10, then it specifies a | ||
| + | number in milliseconds, | ||
| + | seconds (float point values allowed too) | ||
| + | -e --extensions | ||
| + | -A --as-path-lookups | ||
| + | print results directly after the corresponding | ||
| + | addresses | ||
| + | -M name --module=name | ||
| + | for traceroute operations. Most methods have | ||
| + | their shortcuts (`-I' means `-M icmp' etc.) | ||
| + | -O OPTS, | ||
| + | Use module-specific option OPTS for the | ||
| + | traceroute module. Several OPTS allowed, | ||
| + | separated by comma. If OPTS is " | ||
| + | about available options | ||
| + | --sport=num | ||
| + | `-N 1' | ||
| + | --fwmark=num | ||
| + | -U --udp Use UDP to particular port for tracerouting | ||
| + | (instead of increasing the port per each probe), | ||
| + | default port is 53 | ||
| + | -UL Use UDPLITE for tracerouting (default dest port | ||
| + | is 53) | ||
| + | -D --dccp | ||
| + | is 33434) | ||
| + | -P prot --protocol=prot | ||
| + | --mtu | ||
| + | `-F -N 1' | ||
| + | --back | ||
| + | print if it differs | ||
| + | -V --version | ||
| + | --help | ||
| + | |||
| + | Arguments: | ||
| + | + | ||
| + | packetlen | ||
| + | header plus 40). Can be ignored or increased to a minimal | ||
| + | allowed value | ||
| + | </ | ||
| + | |||
| + | ===== LAB #3 - SSH==== | ||
| + | |||
| + | ====3.1 - Presentation==== | ||
| + | |||
| + | There are two types of SSH. | ||
| + | |||
| + | ===SSH-1=== | ||
| + | |||
| + | To authenticate there are six possible methods: | ||
| + | |||
| + | * **Kerberos**, | ||
| + | * **Rhosts**, | ||
| + | * **%%RhostsRSA%%**, | ||
| + | * **Asymetric Keys**, | ||
| + | * **TIS**, | ||
| + | * **Password**. | ||
| + | |||
| + | ==SSH-2== | ||
| + | |||
| + | To authenticate there are three possible methods: | ||
| + | |||
| + | * **Asymetric Keys**, | ||
| + | * **%%RhostsRSA%%**, | ||
| + | * **Password** | ||
| + | |||
| + | ===Command Line Switches=== | ||
| + | |||
| + | The command line switches of this command are: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# ssh --help | ||
| + | unknown option -- - | ||
| + | usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] | ||
| + | [-b bind_address] [-c cipher_spec] [-D [bind_address: | ||
| + | [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] | ||
| + | [-i identity_file] [-J [user@]host[: | ||
| + | [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] | ||
| + | [-Q query_option] [-R address] [-S ctl_path] [-W host:port] | ||
| + | [-w local_tun[: | ||
| + | </ | ||
| + | |||
| + | ====3.2 - Configuring the Server==== | ||
| + | |||
| + | The server is configured by editing the **/ | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# cat / | ||
| + | # | ||
| + | |||
| + | # This is the sshd server system-wide configuration file. See | ||
| + | # sshd_config(5) for more information. | ||
| + | |||
| + | # This sshd was compiled with PATH=/ | ||
| + | |||
| + | # The strategy used for options in the default sshd_config shipped with | ||
| + | # OpenSSH is to specify options with their default value where | ||
| + | # possible, but leave them commented. | ||
| + | # default value. | ||
| + | |||
| + | # If you want to change the port on a SELinux system, you have to tell | ||
| + | # SELinux about this change. | ||
| + | # semanage port -a -t ssh_port_t -p tcp #PORTNUMBER | ||
| + | # | ||
| + | #Port 22 | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | |||
| + | HostKey / | ||
| + | HostKey / | ||
| + | HostKey / | ||
| + | |||
| + | # Ciphers and keying | ||
| + | #RekeyLimit default none | ||
| + | |||
| + | # This system is following system-wide crypto policy. The changes to | ||
| + | # crypto properties (Ciphers, MACs, ...) will not have any effect here. | ||
| + | # They will be overridden by command-line options passed to the server | ||
| + | # on command line. | ||
| + | # Please, check manual pages for update-crypto-policies(8) and sshd_config(5). | ||
| + | |||
| + | # Logging | ||
| + | # | ||
| + | SyslogFacility AUTHPRIV | ||
| + | #LogLevel INFO | ||
| + | |||
| + | # Authentication: | ||
| + | |||
| + | # | ||
| + | PermitRootLogin yes | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | |||
| + | # | ||
| + | |||
| + | # The default is to check both .ssh/ | ||
| + | # but this is overridden so installations will only check .ssh/ | ||
| + | AuthorizedKeysFile | ||
| + | |||
| + | # | ||
| + | |||
| + | # | ||
| + | # | ||
| + | |||
| + | # For this to work you will also need host keys in / | ||
| + | # | ||
| + | # Change to yes if you don't trust ~/ | ||
| + | # HostbasedAuthentication | ||
| + | # | ||
| + | # Don't read the user's ~/.rhosts and ~/.shosts files | ||
| + | # | ||
| + | |||
| + | # To disable tunneled clear text passwords, change to no here! | ||
| + | # | ||
| + | # | ||
| + | PasswordAuthentication yes | ||
| + | |||
| + | # Change to no to disable s/key passwords | ||
| + | # | ||
| + | ChallengeResponseAuthentication no | ||
| + | |||
| + | # Kerberos options | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | |||
| + | # GSSAPI options | ||
| + | GSSAPIAuthentication yes | ||
| + | GSSAPICleanupCredentials no | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | |||
| + | # Set this to ' | ||
| + | # and session processing. If this is enabled, PAM authentication will | ||
| + | # be allowed through the ChallengeResponseAuthentication and | ||
| + | # PasswordAuthentication. | ||
| + | # PAM authentication via ChallengeResponseAuthentication may bypass | ||
| + | # the setting of " | ||
| + | # If you just want the PAM account and session checks to run without | ||
| + | # PAM authentication, | ||
| + | # and ChallengeResponseAuthentication to ' | ||
| + | # WARNING: ' | ||
| + | # problems. | ||
| + | UsePAM yes | ||
| + | |||
| + | # | ||
| + | # | ||
| + | # | ||
| + | X11Forwarding yes | ||
| + | # | ||
| + | # | ||
| + | #PermitTTY yes | ||
| + | |||
| + | # It is recommended to use pam_motd in / | ||
| + | # as it is more configurable and versatile than the built-in version. | ||
| + | PrintMotd no | ||
| + | |||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | #UseDNS no | ||
| + | #PidFile / | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | |||
| + | # no default banner path | ||
| + | #Banner none | ||
| + | |||
| + | # Accept locale-related environment variables | ||
| + | AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES | ||
| + | AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT | ||
| + | AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE | ||
| + | AcceptEnv XMODIFIERS | ||
| + | |||
| + | # override default of no subsystems | ||
| + | Subsystem | ||
| + | |||
| + | # Example of overriding settings on a per-user basis | ||
| + | #Match User anoncvs | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | # | ||
| + | </ | ||
| + | |||
| + | To remove all empty and comment lines, use the following command: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# cd /tmp ; grep -E -v ' | ||
| + | [root@centos8 tmp]# cat sshd_config | ||
| + | HostKey / | ||
| + | HostKey / | ||
| + | HostKey / | ||
| + | SyslogFacility AUTHPRIV | ||
| + | PermitRootLogin yes | ||
| + | AuthorizedKeysFile | ||
| + | PasswordAuthentication yes | ||
| + | ChallengeResponseAuthentication no | ||
| + | GSSAPIAuthentication yes | ||
| + | GSSAPICleanupCredentials no | ||
| + | UsePAM yes | ||
| + | X11Forwarding yes | ||
| + | PrintMotd no | ||
| + | AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES | ||
| + | AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT | ||
| + | AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE | ||
| + | AcceptEnv XMODIFIERS | ||
| + | Subsystem | ||
| + | </ | ||
| + | |||
| + | This file now has to be hardened by adding/ | ||
| + | |||
| + | < | ||
| + | AllowGroups adm | ||
| + | Banner / | ||
| + | HostbasedAuthentication no | ||
| + | IgnoreRhosts yes | ||
| + | LoginGraceTime 60 | ||
| + | LogLevel INFO | ||
| + | PermitEmptyPasswords no | ||
| + | PermitRootLogin no | ||
| + | PrintLastLog yes | ||
| + | Protocol 2 | ||
| + | StrictModes yes | ||
| + | X11Forwarding no | ||
| + | </ | ||
| + | |||
| + | The file should look like this: | ||
| + | |||
| + | < | ||
| + | [root@centos8 tmp]# vi sshd_config | ||
| + | [root@centos8 tmp]# cat sshd_config | ||
| + | AllowGroups adm | ||
| + | Banner / | ||
| + | HostbasedAuthentication no | ||
| + | IgnoreRhosts yes | ||
| + | LoginGraceTime 60 | ||
| + | LogLevel INFO | ||
| + | PermitEmptyPasswords no | ||
| + | PermitRootLogin no | ||
| + | PrintLastLog yes | ||
| + | Protocol 2 | ||
| + | StrictModes yes | ||
| + | X11Forwarding no | ||
| + | HostKey / | ||
| + | HostKey / | ||
| + | HostKey / | ||
| + | SyslogFacility AUTHPRIV | ||
| + | PermitRootLogin yes | ||
| + | AuthorizedKeysFile | ||
| + | PasswordAuthentication yes | ||
| + | ChallengeResponseAuthentication no | ||
| + | GSSAPIAuthentication yes | ||
| + | GSSAPICleanupCredentials no | ||
| + | UsePAM yes | ||
| + | PrintMotd no | ||
| + | AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES | ||
| + | AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT | ||
| + | AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE | ||
| + | AcceptEnv XMODIFIERS | ||
| + | Subsystem | ||
| + | </ | ||
| + | |||
| + | Rename the current **/ | ||
| + | |||
| + | < | ||
| + | [root@centos8 tmp]# cp / | ||
| + | </ | ||
| + | |||
| + | Copy the **/ | ||
| + | |||
| + | < | ||
| + | [root@centos8 tmp]# cp / | ||
| + | cp: overwrite '/ | ||
| + | </ | ||
| + | |||
| + | Restart the sshd service: | ||
| + | |||
| + | < | ||
| + | [root@centos8 tmp]# systemctl restart sshd | ||
| + | [root@centos8 tmp]# systemctl status sshd | ||
| + | ● sshd.service - OpenSSH server daemon | ||
| + | | ||
| + | | ||
| + | Docs: man:sshd(8) | ||
| + | | ||
| + | Main PID: 1042039 (sshd) | ||
| + | Tasks: 1 (limit: 23535) | ||
| + | | ||
| + | | ||
| + | | ||
| + | |||
| + | Aug 30 02:17:00 centos8.ittraining.loc systemd[1]: Starting OpenSSH server daemon... | ||
| + | Aug 30 02:17:00 centos8.ittraining.loc sshd[1042039]: | ||
| + | Aug 30 02:17:00 centos8.ittraining.loc sshd[1042039]: | ||
| + | Aug 30 02:17:00 centos8.ittraining.loc systemd[1]: Started OpenSSH server daemon. | ||
| + | [q] | ||
| + | </ | ||
| + | |||
| + | Put **trainee** in the **adm** group: | ||
| + | |||
| + | < | ||
| + | [root@centos8 tmp]# groups trainee | ||
| + | trainee : trainee | ||
| + | [root@centos8 tmp]# usermod -aG adm trainee | ||
| + | [root@centos8 tmp]# groups trainee | ||
| + | trainee : trainee adm | ||
| + | </ | ||
| + | |||
| + | To generate the server keys, execute the following commands as **root**. Note that the passphrase must be **empty**: | ||
| + | |||
| + | < | ||
| + | [root@centos8 tmp]# ssh-keygen -t dsa | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[DSA 1024]----+ | ||
| + | | | | ||
| + | | . | | ||
| + | |.o . o.+ | | ||
| + | |E. o.*.. . | | ||
| + | |+ooo.o +S o o | | ||
| + | |X==++ o o o | | ||
| + | |B/ | ||
| + | |Ooo++ | ||
| + | |. .o | | ||
| + | +----[SHA256]-----+ | ||
| + | </ | ||
| + | |||
| + | < | ||
| + | [root@centos8 tmp]# ssh-keygen -t rsa | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[RSA 3072]----+ | ||
| + | | | ||
| + | | o oo o=+ . | | ||
| + | |.. oo=+=o . + | | ||
| + | |oo .+E++.+ = * | | ||
| + | |o.. +.S B * . | | ||
| + | |. B + = | | ||
| + | | = | | ||
| + | | | ||
| + | | . | | ||
| + | +----[SHA256]-----+ | ||
| + | [root@centos8 tmp]# ssh-keygen -t ecdsa | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[ECDSA 256]---+ | ||
| + | |++*=+ | ||
| + | |oX.=o+ o o | | ||
| + | |o %.B + + | | ||
| + | |...O.= o | ||
| + | |..E.o . S o | | ||
| + | |. . o = | | ||
| + | | . * . | | ||
| + | | . ... o | | ||
| + | | ..ooo.. | ||
| + | +----[SHA256]-----+ | ||
| + | [root@centos8 tmp]# ssh-keygen -t ed25519 | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +--[ED25519 256]--+ | ||
| + | | | ||
| + | | . .. . o| | ||
| + | | . . . +.| | ||
| + | | o . oB ..o.=| | ||
| + | | o o S*+=o* *+| | ||
| + | | . . .o.*o*.+.B| | ||
| + | | . o o +o++| | ||
| + | | o =o| | ||
| + | | . o| | ||
| + | +----[SHA256]-----+ | ||
| + | </ | ||
| + | |||
| + | Public keys have a **.pub** extension: | ||
| + | |||
| + | < | ||
| + | [root@centos8 tmp]# ls /etc/ssh | ||
| + | moduli | ||
| + | ssh_config | ||
| + | </ | ||
| + | |||
| + | Restart the sshd service: | ||
| + | |||
| + | < | ||
| + | [root@centos8 tmp]# systemctl restart sshd.service | ||
| + | [root@centos8 tmp]# systemctl status sshd.service | ||
| + | ● sshd.service - OpenSSH server daemon | ||
| + | | ||
| + | | ||
| + | Docs: man:sshd(8) | ||
| + | | ||
| + | Main PID: 1042204 (sshd) | ||
| + | Tasks: 1 (limit: 23535) | ||
| + | | ||
| + | | ||
| + | | ||
| + | |||
| + | Aug 30 02:24:57 centos8.ittraining.loc systemd[1]: Starting OpenSSH server daemon... | ||
| + | Aug 30 02:24:57 centos8.ittraining.loc sshd[1042204]: | ||
| + | Aug 30 02:24:57 centos8.ittraining.loc sshd[1042204]: | ||
| + | Aug 30 02:24:57 centos8.ittraining.loc systemd[1]: Started OpenSSH server daemon. | ||
| + | [q] | ||
| + | </ | ||
| + | |||
| + | ====3.3 - Configuring the Client==== | ||
| + | |||
| + | To generate the client keys, execute the following commands as **trainee**. Note that the passphrase must be **empty**: | ||
| + | |||
| + | < | ||
| + | [root@centos8 tmp]# exit | ||
| + | logout | ||
| + | [trainee@centos8 ~]$ ssh-keygen -t dsa | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Created directory '/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[DSA 1024]----+ | ||
| + | | =o+o.o+OB| | ||
| + | | o +o=o oo=| | ||
| + | | . +.+oB+ | | ||
| + | | o o.&+o.| | ||
| + | | S o o.*.o| | ||
| + | | o o o.| | ||
| + | | . + + | | ||
| + | | + . o | | ||
| + | | E .| | ||
| + | +----[SHA256]-----+ | ||
| + | [trainee@centos8 ~]$ ssh-keygen -t rsa | ||
| + | Generating public/ | ||
| + | |||
| + | Enter file in which to save the key (/ | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[RSA 3072]----+ | ||
| + | |o+o++oo | ||
| + | |=+o.oo . .=B . | | ||
| + | |=. ..o o+... | | ||
| + | |. =.o o.. . | | ||
| + | | oS= = o | | ||
| + | | .. = = | | ||
| + | | | ||
| + | | +...E | | ||
| + | | . o+... | | ||
| + | +----[SHA256]-----+ | ||
| + | [trainee@centos8 ~]$ ssh-keygen -t ecdsa | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +---[ECDSA 256]---+ | ||
| + | |o.. | | ||
| + | |.oo | | ||
| + | |.*o . . | | ||
| + | |+.++ B | | ||
| + | |+o =B + S | | ||
| + | |=*oo.* = | | ||
| + | |B.* o O . | | ||
| + | |.= = = o.. | | ||
| + | |. E o oo+. | | ||
| + | +----[SHA256]-----+ | ||
| + | [trainee@centos8 ~]$ ssh-keygen -t ed25519 | ||
| + | Generating public/ | ||
| + | Enter file in which to save the key (/ | ||
| + | Enter passphrase (empty for no passphrase): | ||
| + | Enter same passphrase again: | ||
| + | Your identification has been saved in / | ||
| + | Your public key has been saved in / | ||
| + | The key fingerprint is: | ||
| + | SHA256: | ||
| + | The key's randomart image is: | ||
| + | +--[ED25519 256]--+ | ||
| + | | | ||
| + | | o==O+Boo | | ||
| + | | o ooE.O. | | ||
| + | | | ||
| + | | S + ...| | ||
| + | | | ||
| + | | . + o.o| | ||
| + | | + +.oo| | ||
| + | | o..o.| | ||
| + | +----[SHA256]-----+ | ||
| + | </ | ||
| + | |||
| + | The keys can be found in the **~/.ssh/** directory: | ||
| + | |||
| + | < | ||
| + | [trainee@centos8 ~]$ ls .ssh | ||
| + | id_dsa | ||
| + | </ | ||
| + | |||
| + | ====3.4 - Authentication using Asymetric Keys==== | ||
| + | |||
| + | Connect to your own virtual machine as if it were the server: | ||
| + | |||
| + | < | ||
| + | [root@centos8 ~]# ssh -l trainee 127.0.0.1 | ||
| + | \S | ||
| + | Kernel \r on an \m | ||
| + | trainee@127.0.0.1' | ||
| + | Activate the web console with: systemctl enable --now cockpit.socket | ||
| + | |||
| + | [trainee@centos8 ~]$ ls -la | grep .ssh | ||
| + | drwx------. | ||
| + | </ | ||
| + | |||
| + | Now transfer the client' | ||
| + | |||
| + | < | ||
| + | [trainee@centos8 ~]$ exit | ||
| + | logout | ||
| + | Connection to 127.0.0.1 closed. | ||
| + | |||
| + | [root@centos8 ~]# exit | ||
| + | logout | ||
| + | |||
| + | [trainee@centos8 ~]$ scp .ssh/ | ||
| + | The authenticity of host ' | ||
| + | ECDSA key fingerprint is SHA256: | ||
| + | Are you sure you want to continue connecting (yes/ | ||
| + | Warning: Permanently added ' | ||
| + | \S | ||
| + | Kernel \r on an \m | ||
| + | trainee@127.0.0.1' | ||
| + | id_ecdsa.pub | ||
| + | </ | ||
| + | |||
| + | Re-connect to your own virtual machine as if it were the server: | ||
| + | |||
| + | < | ||
| + | [trainee@centos8 ~]$ ssh -l trainee localhost | ||
| + | The authenticity of host ' | ||
| + | ECDSA key fingerprint is SHA256: | ||
| + | Are you sure you want to continue connecting (yes/ | ||
| + | Warning: Permanently added ' | ||
| + | \S | ||
| + | Kernel \r on an \m | ||
| + | Activate the web console with: systemctl enable --now cockpit.socket | ||
| + | |||
| + | Last login: Mon Aug 30 03:57:14 2021 from 127.0.0.1 | ||
| + | [trainee@centos8 ~]$ | ||
| + | </ | ||
| + | |||
| + | <WRAP center round important 60%> | ||
| + | **Important** - Note that no password is required. | ||
| + | </ | ||
| + | |||
| + | ----- | ||
| + | Copyright © 2022 Hugh Norris | ||
