Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
| elearning:workbooks:redhat:rh124en:l112 [2024/11/12 12:37] – admin | elearning:workbooks:redhat:rh124en:l112 [2024/11/29 08:45] (Version actuelle) – admin | ||
|---|---|---|---|
| Ligne 12: | Ligne 12: | ||
| * Contents | * Contents | ||
| * Understanding IPv4 | * Understanding IPv4 | ||
| - | * TCP header | + | * TCP headers |
| - | * UDP Header | + | * UDP Headers |
| * Fragmentation and Re-encapsulation | * Fragmentation and Re-encapsulation | ||
| * Addressing | * Addressing | ||
| - | * Subnet | + | * Subnet |
| * VLSM | * VLSM | ||
| - | * Ports and sockets | + | * Ports and Sockets |
| - | * / | + | * The / |
| - | * Ethernet | + | * Ethernet |
| * Understanding IPv6 | * Understanding IPv6 | ||
| * Overview | * Overview | ||
| * IPv6 addresses | * IPv6 addresses | ||
| - | * Subnet | + | * Subnet |
| * IPv6 Reserved Addresses | * IPv6 Reserved Addresses | ||
| - | * Link-local | + | * Link-local |
| * DHCPv6 | * DHCPv6 | ||
| * Configuring the Network | * Configuring the Network | ||
| Ligne 34: | Ligne 34: | ||
| * 1.2 - Name Resolution | * 1.2 - Name Resolution | ||
| * 1.3 - Adding a Second IP Address to a Profile | * 1.3 - Adding a Second IP Address to a Profile | ||
| - | * 1.4 - The hostname | + | * 1.4 - The hostname |
| - | * 1.5 - The ip command | + | * 1.5 - The ip Command |
| - | * 1.6 - Manually | + | * 1.6 - Manually |
| - | * 1.7 - Static | + | * 1.7 - Static |
| - | * The ip command | + | * The ip Command |
| - | * Enabling/ | + | * Enable Routing |
| * LAB #2 - Network diagnostics | * LAB #2 - Network diagnostics | ||
| * 2.1 - ping | * 2.1 - ping | ||
| Ligne 53: | Ligne 53: | ||
| * SSH-1 | * SSH-1 | ||
| * SSH-2 | * SSH-2 | ||
| - | * Password | + | * Password |
| - | * Asymmetric key authentication | + | * Asymmetric key Authentication |
| - | * Server | + | * Server |
| - | * Client | + | * Client |
| - | * SSH tunnels | + | * SSH Tunnels |
| * 3.5 - SCP | * 3.5 - SCP | ||
| * Overview | * Overview | ||
| * Usage | * Usage | ||
| - | * 3.6 - Setting up asymmetric keys | + | * 3.6 - Setting up Asymmetric Keys |
| =====Understanding IPv4===== | =====Understanding IPv4===== | ||
| Ligne 67: | Ligne 67: | ||
| ==== TCP headers ==== | ==== TCP headers ==== | ||
| - | The TCP header is encoded | + | The TCP header is encoded |
| ^ 1st byte ^ 2nd byte ^ 3rd byte ^ 4th byte ^ | ^ 1st byte ^ 2nd byte ^ 3rd byte ^ 4th byte ^ | ||
| Ligne 97: | Ligne 97: | ||
| The **Padding** is a field that can be filled with zero values so that the size of the header is a multiple of 32. | The **Padding** is a field that can be filled with zero values so that the size of the header is a multiple of 32. | ||
| - | ==== UDP header | + | ==== UDP headers |
| - | The UDP header is encoded | + | The UDP header is encoded |
| ^ 1st byte ^ 2nd byte ^ 3rd byte ^ 4th byte ^ | ^ 1st byte ^ 2nd byte ^ 3rd byte ^ 4th byte ^ | ||
| Ligne 106: | Ligne 106: | ||
| | Data |||| | | Data |||| | ||
| - | The UDP header is 8 bytes long. | + | ==== Fragmentation and Re-encapsulation ==== |
| - | + | ||
| - | ==== Fragmentation and re-encapsulation ==== | + | |
| The maximum size of a TCP packet, including the header, is **65,535 bytes**. However, each network is qualified by its MTU (Maximum Tranfer Unit). This is the maximum packet size allowed. The unit is in **bytes**. For an Ethernet network its value is 1500. When a packet must be sent over a network with an MTU smaller than its own size, the packet must be **fragmented**. On leaving the network, the packet is reconstituted. This reconstitution is called **re-encapsulation**. | The maximum size of a TCP packet, including the header, is **65,535 bytes**. However, each network is qualified by its MTU (Maximum Tranfer Unit). This is the maximum packet size allowed. The unit is in **bytes**. For an Ethernet network its value is 1500. When a packet must be sent over a network with an MTU smaller than its own size, the packet must be **fragmented**. On leaving the network, the packet is reconstituted. This reconstitution is called **re-encapsulation**. | ||
| Ligne 157: | Ligne 155: | ||
| | IP address | | IP address | ||
| | Binary | | Binary | ||
| - | | Calculation of network address | + | | Calculation of the network address |
| | Binary | | Binary | ||
| | Network address | | Network address | ||
| - | | Calculation of broadcast address | + | | Calculation of the broadcast address |
| | Binary | 11000000 | 10101000 | | Binary | 11000000 | 10101000 | ||
| | Broadcast address | | Broadcast address | ||
| - | ==== Subnet | + | ==== Subnet |
| - | Like the IP address, the subnet mask has 4 octets | + | Like the IP address, the subnet mask has 4 bytes or 32 bits. Subnet masks are used to identify the Net ID and Host ID: |
| ^ Class ^ Mask ^ CIDR notation | ^ Class ^ Mask ^ CIDR notation | ||
| Ligne 203: | Ligne 201: | ||
| | Network address | | Network address | ||
| - | Since the network address is identical in both cases, the sending host assumes that the destination host is on its network and sends the packets directly to the network | + | Since the network address is identical in both cases, the sending host assumes that the destination host is on its network and sends the packets directly to the network. |
| The sending host is now trying to communicate with a host with an IP address of 192.168.2.1. It therefore performs the same calculation by applying **its own subnet mask** to the IP address of the destination host: | The sending host is now trying to communicate with a host with an IP address of 192.168.2.1. It therefore performs the same calculation by applying **its own subnet mask** to the IP address of the destination host: | ||
| Ligne 215: | Ligne 213: | ||
| | Network address | | Network address | ||
| - | In this case, the sending host finds that the destination network 192.168.2.0 is not identical to its own network 192.168.10.0. It therefore | + | In this case, the sending host finds that the destination network 192.168.2.0 is not identical to its own network 192.168.10.0. It therefore |
| ==== VLSM ==== | ==== VLSM ==== | ||
| Ligne 227: | Ligne 225: | ||
| Suppose we want to divide our network into 2 sub-networks. To code 2 sub-networks, | Suppose we want to divide our network into 2 sub-networks. To code 2 sub-networks, | ||
| - | * 00 | + | |
| - | * 01 | + | * 01 |
| - | * 10 | + | * 10 |
| - | * 11 | + | * 11 |
| The binary values of the fourth byte of our subnet addresses will therefore be : | The binary values of the fourth byte of our subnet addresses will therefore be : | ||
| - | * 192.168.1.00XXXXXX | + | |
| - | * 192.168.1.01XXXXXX | + | * 192.168.1.01XXXXXX |
| - | * 192.168.1.10XXXXXX | + | * 192.168.1.10XXXXXX |
| - | * 192.168.1.11XXXXXX | + | * 192.168.1.11XXXXXX |
| where the XXXXXX represent the bits we reserve to describe the hosts in each of the subnets. | where the XXXXXX represent the bits we reserve to describe the hosts in each of the subnets. | ||
| Ligne 243: | Ligne 241: | ||
| We cannot use the following two subnets: | We cannot use the following two subnets: | ||
| - | * 192.168.1.00XXXXXX | + | |
| - | * 192.168.1.11XXXXXX | + | * 192.168.1.11XXXXXX |
| because these correspond to the beginnings of the network address 192.168.1.0 and the broadcast address 192.168.1.255. | because these correspond to the beginnings of the network address 192.168.1.0 and the broadcast address 192.168.1.255. | ||
| Ligne 250: | Ligne 248: | ||
| We can use the following two subnets: | We can use the following two subnets: | ||
| - | * 192.168.1.01XXXXXX | + | |
| - | * 192.168.1.10XXXXXX | + | * 192.168.1.10XXXXXX |
| For the first subnet, the network address and broadcast address are : | For the first subnet, the network address and broadcast address are : | ||
| - | | Subnet #1 | 192 | 168 | 1 | 01XXXXXX | | + | | Subnet #1 | |
| - | Calculation of the network address ||||| | + | | |
| - | | Binary | 11000000 | 10101000 | 00000001 | 01**000000** | | + | | Binary |
| - | | Network address | 192 | 168 | 1 | **64** | | + | | Network address | |
| - | Calculation of broadcast address ||||| | + | | |
| - | | Binary | 11000000 | 10101000 | 00000001 | 01**111111** | | + | | Binary | |
| - | | Broadcast address | 192 | 168 | 1 | **127** | | + | | Broadcast address| |
| - | + | ||
| - | * The network' | + | |
| - | + | ||
| - | * The subnet mask is therefore 11111111.11111111.11111111.11000000 or 255.255.255.192. | + | |
| - | + | ||
| - | * We can have 2< | + | |
| - | * The valid range of IP addresses is 192.168.1.65 to 192.168.1.126. | + | * The network' |
| + | * The subnet mask is therefore 11111111.11111111.11111111.11000000 or 255.255.255.192. | ||
| + | * We can have 2< | ||
| + | | ||
| For the second subnet, the network address and broadcast address are : | For the second subnet, the network address and broadcast address are : | ||
| - | | Subnet #2 | 192 | 168 | 1 | 10XXXXXX | | + | | Subnet #2 | |
| - | Calculation of the network address ||||| | + | | |
| - | | Binary | 11000000 | 10101000 | 00000001 | 10**000000** | | + | | Binary |
| - | | Network address 192 | 168 | 1 | **128** | | + | | Network address |
| - | Calculation of broadcast address ||||| | + | | |
| - | | Binary | 11000000 | 10101000 | 00000001 | 10**111111** | | + | | Binary | |
| - | | Broadcast address | 192 | 168 | 1 | **191** | | + | | Broadcast address| |
| - | + | ||
| - | * The network' | + | |
| - | + | ||
| - | * The subnet mask is therefore 11111111.11111111.11111111.11000000 or 255.255.255.192. | + | |
| - | + | ||
| - | * We can have 2< | + | |
| - | + | ||
| - | * The valid range of IP addresses is 192.168.1.129 to 192.168.1.190. | + | |
| + | * The network' | ||
| + | * The subnet mask is therefore 11111111.11111111.11111111.11000000 or 255.255.255.192. | ||
| + | * We can have 2< | ||
| + | * The valid range of IP addresses is 192.168.1.129 to 192.168.1.190. | ||
| The value separating the subnets is 64. This value has the name **increment**. | The value separating the subnets is 64. This value has the name **increment**. | ||
| - | ==== Ports and sockets | + | ==== Ports and Sockets |
| TCP uses port numbers on the transport layer to ensure that data reaches the applications it is intended for. Port numbers are divided into three groups: | TCP uses port numbers on the transport layer to ensure that data reaches the applications it is intended for. Port numbers are divided into three groups: | ||
| - | * **Well Known Ports** | + | |
| - | * From 1 to 1023 | + | * From 1 to 1023 |
| - | * Registered Ports | + | * Registered Ports |
| - | * From 1024 to 49151 | + | * From 1024 to 49151 |
| - | * **Dynamic** and/or **Private Ports**. | + | * **Dynamic** and/or **Private Ports**. |
| - | * From 49152 to 65535 | + | * From 49152 to 65535 |
| The **IP number:port number** pair is called a **socket**. | The **IP number:port number** pair is called a **socket**. | ||
| - | ==== / | + | ==== The / |
| The most commonly used ports are detailed in the **/ | The most commonly used ports are detailed in the **/ | ||
| Ligne 320: | Ligne 311: | ||
| # port number for both TCP and UDP; hence, most entries here have two entries | # port number for both TCP and UDP; hence, most entries here have two entries | ||
| # even if the protocol doesn' | # even if the protocol doesn' | ||
| - | # Updated from RFC 1700, ``Assigned Numbers‘’ | + | # Updated from RFC 1700, ``Assigned Numbers'' |
| # are included, only the more common ones. | # are included, only the more common ones. | ||
| # | # | ||
| # The latest IANA port assignments can be gotten from | # The latest IANA port assignments can be gotten from | ||
| - | # http:// | + | # |
| # The Well Known Ports are those from 0 through 1023. | # The Well Known Ports are those from 0 through 1023. | ||
| # The Registered Ports are those from 1024 through 49151 | # The Registered Ports are those from 1024 through 49151 | ||
| Ligne 331: | Ligne 322: | ||
| # Each line describes one service, and is of the form: | # Each line describes one service, and is of the form: | ||
| # | # | ||
| - | # service-name port/ | + | # service-name |
| - | tcpmux 1/tcp # TCP port service multiplexer | + | tcpmux |
| - | tcpmux 1/udp # TCP port service multiplexer | + | tcpmux |
| - | rje 5/tcp # Remote Job Entry | + | rje |
| - | rje 5/udp # Remote Job Entry | + | rje |
| - | echo 7/tcp | + | echo 7/tcp |
| - | echo 7/udp | + | echo 7/udp |
| - | discard 9/tcp sink null | + | discard |
| - | discard 9/udp sink null | + | discard |
| - | systat 11/tcp users | + | systat |
| - | systat 11/udp users | + | systat |
| - | daytime 13/tcp | + | daytime |
| - | daytime 13/udp | + | daytime |
| - | qotd 17/tcp quote | + | qotd 17/ |
| - | qotd 17/udp quote | + | qotd 17/ |
| - | chargen 19/tcp ttytst source | + | chargen |
| - | chargen 19/udp ttytst source | + | chargen |
| - | ftp-data 20/tcp | + | ftp-data |
| - | ftp-data 20/udp | + | ftp-data |
| # 21 is registered to ftp, but also used by fsp | # 21 is registered to ftp, but also used by fsp | ||
| - | ftp 21/tcp | + | ftp |
| - | ftp 21/udp fsp fspd | + | ftp |
| - | ssh 22/tcp # The Secure Shell (SSH) Protocol | + | ssh |
| - | ssh 22/udp # The Secure Shell (SSH) Protocol | + | ssh |
| - | telnet 23/tcp | + | telnet |
| - | telnet 23/udp | + | telnet |
| # 24 - private mail system | # 24 - private mail system | ||
| - | lmtp 24/tcp # LMTP Mail Delivery | + | lmtp 24/ |
| - | lmtp 24/udp # LMTP Mail Delivery | + | lmtp 24/ |
| - | smtp 25/tcp mail | + | smtp 25/ |
| - | smtp 25/udp mail | + | smtp 25/ |
| - | time 37/tcp timserver | + | time 37/ |
| - | time 37/udp timserver | + | time 37/ |
| - | rlp 39/tcp resource # resource location | + | rlp |
| --More--(0%) | --More--(0%) | ||
| [q] | [q] | ||
| Ligne 372: | Ligne 363: | ||
| Note that ports are listed in pairs: | Note that ports are listed in pairs: | ||
| - | * the TCP port | + | |
| - | * UDP port | + | * the UDP port |
| The most complete list can be found at **https:// | The most complete list can be found at **https:// | ||
| Ligne 382: | Ligne 373: | ||
| [root@redhat9 ~]# netstat -an | more | [root@redhat9 ~]# netstat -an | more | ||
| Active Internet connections (servers and established) | Active Internet connections (servers and established) | ||
| - | Proto Recv-Q Send-Q Local Address Foreign Address State | + | Proto Recv-Q Send-Q Local Address |
| - | tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN | + | tcp 0 0 0.0.0.0: |
| - | tcp 0 0 127.0.0.1: | + | tcp 0 0 127.0.0.1: |
| - | tcp 0 0 127.0.0.1: | + | tcp 0 0 127.0.0.1: |
| - | tcp 0 0 10.0.2.102: | + | tcp 0 0 10.0.2.102: |
| - | tcp6 0 0 ::1:15023 :::* LISTEN | + | tcp6 |
| - | tcp6 0 0 :::22 :::* LISTEN | + | tcp6 |
| - | tcp6 0 0 :::23 :::* LISTEN | + | tcp6 |
| - | tcp6 0 0 :::80 :::* LISTEN | + | tcp6 |
| - | tcp6 0 0 ::1:631 :::* LISTEN | + | tcp6 |
| - | tcp6 0 0 ::1:55794 ::1:22 ESTABLISHED | + | tcp6 |
| - | tcp6 0 0 ::1:22 ::1:55794 ESTABLISHED | + | tcp6 |
| - | udp 0 0 127.0.0.1: | + | udp 0 0 127.0.0.1: |
| - | udp 0 0 0.0.0.0: | + | udp 0 0 0.0.0.0: |
| - | udp 0 0 0.0.0.0: | + | udp 0 0 0.0.0.0: |
| - | udp6 0 0 ::1:323 :::* | + | udp6 |
| - | udp6 0 0 :::58479 :::* | + | udp6 |
| - | udp6 0 0 ::::5353 :::* | + | udp6 |
| - | raw6 0 0 :::58 :::* 7 | + | raw6 |
| Active UNIX domain sockets (servers and established) | Active UNIX domain sockets (servers and established) | ||
| - | Proto RefCnt Flags Type State I-Node Path | + | Proto RefCnt Flags |
| - | unix 2 [ ACC ] STREAM LISTENING 22852 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 22853 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23975 @/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23732 @/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ] DGRAM 40557 / | + | unix 2 [ ] |
| - | unix 2 [ ] DGRAM 23906 / | + | unix 2 [ ] |
| - | unix 2 [ ACC ] STREAM LISTENING 40560 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23909 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 40570 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23930 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 40572 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23932 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 40574 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23934 / | + | unix 2 [ ACC ] |
| - | unix 3 [ ] DGRAM CONNECTED 2446 / | + | unix 3 [ ] |
| - | unix 2 [ ACC ] STREAM LISTENING 40576 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23936 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 2451 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 2452 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ] DGRAM CONNECTED 25598 / | + | unix 2 [ ] |
| - | unix 18 [ ] DGRAM CONNECTED 2459 / | + | unix 18 |
| - | unix 9 [ ] DGRAM CONNECTED 2461 / | + | unix 9 [ ] |
| - | unix 2 [ ACC ] STREAM LISTENING 22376 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 2463 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23731 @/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 22391 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23976 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 22756 @ISCSID_UIP_ABSTRACT_NAMESPACE | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 31411 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 25894 @/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 22373 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 22375 / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23734 @/ | + | unix 2 [ ACC ] |
| --More-- | --More-- | ||
| [q] | [q] | ||
| Ligne 445: | Ligne 436: | ||
| [root@redhat9 ~]# netstat -anp | more | [root@redhat9 ~]# netstat -anp | more | ||
| Active Internet connections (servers and established) | Active Internet connections (servers and established) | ||
| - | Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name | + | Proto Recv-Q Send-Q Local Address |
| - | tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5583/sshd: /usr/sbi | + | tcp 0 0 0.0.0.0: |
| - | tcp 0 0 127.0.0.1: | + | tcp 0 0 127.0.0.1: |
| - | tcp 0 0 127.0.0.1: | + | tcp 0 0 127.0.0.1: |
| - | tcp 0 0 10.0.2.102: | + | tcp 0 0 10.0.2.102: |
| - | tcp6 0 0 ::1:15023 :::* LISTEN 5603/ssh | + | tcp6 |
| - | tcp6 0 0 :::22 :::* LISTEN 5583/sshd: /usr/sbi | + | tcp6 |
| - | tcp6 0 0 :::23 :::* LISTEN 1/systemd | + | tcp6 |
| - | tcp6 0 0 :::80 :::* LISTEN 1083/httpd | + | tcp6 |
| - | tcp6 0 0 ::1:631 :::* LISTEN 878/cupsd | + | tcp6 |
| - | tcp6 0 0 ::1:55794 ::1:22 ESTABLISHED 5603/ssh | + | tcp6 |
| - | tcp6 0 0 ::1:22 ::1:55794 ESTABLISHED 5596/sshd: trainee | + | tcp6 |
| - | udp 0 0 127.0.0.1: | + | udp 0 0 127.0.0.1: |
| - | udp 0 0 0.0.0.0: | + | udp 0 0 0.0.0.0: |
| - | udp 0 0 0.0.0.0: | + | udp 0 0 0.0.0.0: |
| - | udp6 0 0 ::1:323 :::* 2675/ | + | udp6 |
| - | udp6 0 0 :::58479 :::* 752/ | + | udp6 |
| - | udp6 0 0 :::5353 :::* 752/ | + | udp6 |
| - | raw6 0 0 :::58 :::* 7 4456/ | + | raw6 |
| Active UNIX domain sockets (servers and established) | Active UNIX domain sockets (servers and established) | ||
| - | Proto RefCnt Flags Type State I-Node PID/Program name Path | + | Proto RefCnt Flags |
| - | unix 2 [ ACC ] STREAM LISTENING 22852 755/lsmd / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 22853 755/lsmd / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23975 1794/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23732 1140/gdm @/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ] DGRAM 40557 4129/ | + | unix 2 [ ] |
| - | unix 2 [ ] DGRAM 23906 1340/ | + | unix 2 [ ] |
| - | unix 2 [ ACC ] STREAM LISTENING 40560 4129/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23909 1340/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 40570 4129/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23930 1340/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 40572 4129/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23932 1340/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 40574 4129/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23934 1340/ | + | unix 2 [ ACC ] |
| - | unix 3 [ ] DGRAM CONNECTED 2446 1/systemd / | + | unix 3 [ ] |
| - | unix 2 [ ACC ] STREAM LISTENING 40576 4129/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23936 1340/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 2451 1/systemd / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 2452 1/systemd / | + | unix 2 [ ACC ] |
| - | unix 2 [ ] DGRAM CONNECTED 25598 2675/ | + | unix 2 [ ] |
| - | unix 18 [ ] DGRAM CONNECTED 2459 1/systemd / | + | unix 18 |
| - | unix 9 [ ] DGRAM CONNECTED 2461 1/systemd / | + | unix 9 [ ] |
| - | unix 2 [ ACC ] STREAM LISTENING 22376 1802/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 2463 1/systemd / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23731 1140/gdm @/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 22391 1825/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23976 1794/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 22756 1/systemd @ISCSID_UIP_ABSTRACT_NAMESPACE | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 31411 3121/httpd / | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 25894 2130/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 22373 1831/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 22375 1802/ | + | unix 2 [ ACC ] |
| - | unix 2 [ ACC ] STREAM LISTENING 23734 1140/gdm @/ | + | unix 2 [ ACC ] |
| --More-- | --More-- | ||
| [q] | [q] | ||
| Ligne 507: | Ligne 498: | ||
| < | < | ||
| [root@redhat9 ~]# ss -ta | [root@redhat9 ~]# ss -ta | ||
| - | State Recv-Q Send-Q Local Address: | + | State |
| - | LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:* | + | LISTEN |
| - | LISTEN 0 128 127.0.0.1: | + | LISTEN |
| - | LISTEN 0 4096 127.0.0.1: | + | LISTEN |
| - | ESTAB 0 0 10.0.2.102: | + | ESTAB |
| - | LISTEN 0 128 [::1]:15023 [::]:* | + | LISTEN |
| - | LISTEN 0 128 [::]:ssh [::]:* | + | LISTEN |
| - | LISTEN 0 4096 *:telnet *:* | + | LISTEN |
| - | LISTEN 0 511 *:http *:* | + | LISTEN |
| - | LISTEN 0 4096 [::1]:ipp [::]:* | + | LISTEN |
| - | ESTAB 0 0 [::1]:55794 [::1]:ssh | + | ESTAB |
| - | ESTAB 0 0 [::1]:ssh [:: | + | ESTAB |
| </ | </ | ||
| - | ==== Ethernet | + | ==== Ethernet |
| Each protocol can be encapsulated in an Ethernet **frame**. When the frame has to be transported from the sender to the recipient, the sender must know the Ethernet address of the recipient. The Ethernet address is also known as the **Physical** or **MAC** address. | Each protocol can be encapsulated in an Ethernet **frame**. When the frame has to be transported from the sender to the recipient, the sender must know the Ethernet address of the recipient. The Ethernet address is also known as the **Physical** or **MAC** address. | ||
| Ligne 532: | Ligne 523: | ||
| </ | </ | ||
| - | The options | + | The command line switches |
| < | < | ||
| [root@redhat9 ~]# arp --help | [root@redhat9 ~]# arp --help | ||
| Usage: | Usage: | ||
| - | arp [-vn] [< | + | |
| - | arp [-v] [-i <if>] -d < | + | arp [-v] [-i <if>] -d < |
| - | arp [-vnD] [< | + | arp [-vnD] [< |
| - | arp [-v] [< | + | arp [-v] |
| - | arp [-v] [< | + | arp [-v] |
| - | -a display (all) hosts in alternative (BSD) style | + | |
| - | -e display (all) hosts in default (Linux) style | + | -e |
| - | -s, --set set a new ARP entry | + | -s, --set set a new ARP entry |
| - | -d, --delete delete a specified entry | + | -d, --delete |
| - | -v, --verbose be verbose | + | -v, --verbose |
| - | -n, --numeric don't resolve names | + | -n, --numeric |
| - | -i, --device specify network interface (e.g. eth0) | + | -i, --device |
| - | -D, --use-device read < | + | -D, --use-device |
| - | -A, -p, --protocol specify protocol family | + | -A, -p, --protocol |
| - | -f, --file read new entries from file or from /etc/ethers | + | -f, --file |
| - | < | + | |
| - | List of possible hardware types (which support ARP): | + | List of possible hardware types (which support ARP): |
| - | ash (Ash) ether (Ethernet) ax25 (AMPR AX.25) | + | ash (Ash) ether (Ethernet) ax25 (AMPR AX.25) |
| - | netrom (AMPR NET/ROM) rose (AMPR ROSE) arcnet (ARCnet) | + | netrom (AMPR NET/ROM) rose (AMPR ROSE) arcnet (ARCnet) |
| - | dlci (Frame Relay DLCI) fddi (Fiber Distributed Data Interface) hippi (HIPPI) | + | dlci (Frame Relay DLCI) fddi (Fiber Distributed Data Interface) hippi (HIPPI) |
| - | irda (IrLAP) x25 (generic X.25) infiniband (InfiniBand) | + | irda (IrLAP) x25 (generic X.25) infiniband (InfiniBand) |
| - | eui64 (Generic EUI-64) | + | eui64 (Generic EUI-64) |
| </ | </ | ||
| =====Understanding IPv6===== | =====Understanding IPv6===== | ||
| - | ====Presentation==== | + | ====Overview==== |
| IPv6 can be used in parallel with IPv4 in a dual-stack model. In this configuration, | IPv6 can be used in parallel with IPv4 in a dual-stack model. In this configuration, | ||
| Ligne 573: | Ligne 564: | ||
| An IPv6 address is a 128-bit number, normally expressed as eight groups of four hexadecimal **nibbles** (half-bytes) separated by a colon. Each nibble represents four bits of the IPv6 address, so that each group represents 16 bits of the IPv6 address. | An IPv6 address is a 128-bit number, normally expressed as eight groups of four hexadecimal **nibbles** (half-bytes) separated by a colon. Each nibble represents four bits of the IPv6 address, so that each group represents 16 bits of the IPv6 address. | ||
| - | 2001: | + | |
| - | To make it easier to write IPv6 addresses, it is not necessary to write zeros at the head of a group separated by a colon. However, at least one hexadecimal digit must be written in each group separated by a colon: | + | To make it easier to write IPv6 addresses, it is not necessary to write zeros at the start of a group separated by a colon. However, at least one hexadecimal digit must be written in each group separated by a colon: |
| - | 2001: | + | |
| Under these rules, 2001: | Under these rules, 2001: | ||
| Ligne 583: | Ligne 574: | ||
| Tips for writing readable addresses in a consistent way are: | Tips for writing readable addresses in a consistent way are: | ||
| - | * Remove leading zeros in a group. | + | |
| - | * Use : : to shorten as much as possible. | + | * Use : : to shorten |
| - | * If an address contains two consecutive groups of zeros of the same length, it is preferable to shorten the leftmost groups of zeros to : : and the rightmost groups | + | * If an address contains two consecutive groups of zeros of the same length, it is preferable to shorten the leftmost groups of zeros to : : and the rightmost groups |
| - | * Although permitted, do not use :: to shorten a group of zeros. Instead, use :0 : and keep : : for consecutive groups of zeros. | + | * Although permitted, do not use :: to shorten a group of zeros. Instead, use :0 : and keep : : for consecutive groups of zeros. |
| - | * Always use lower case letters for hexadecimal numbers from a to f. | + | * Always use lower case letters for hexadecimal numbers from a to f. |
| For example : | For example : | ||
| - | 2001: | + | |
| Lastly, an IPv6 socket must contain the characters [ ] around the IPv6 address: | Lastly, an IPv6 socket must contain the characters [ ] around the IPv6 address: | ||
| - | [2001: | + | |
| A normal IPv6 unicast address is divided into two parts: | A normal IPv6 unicast address is divided into two parts: | ||
| - | * The network prefix, | + | |
| - | * The prefix identifies the subnet. | + | * The prefix identifies the subnet. |
| - | * The interface identifier, | + | * The interface identifier, |
| - | * Two network interfaces on the same subnet cannot have the same identifier, | + | * Two network interfaces on the same subnet cannot have the same identifier, |
| - | * An interface identifier identifies a particular interface on the subnet. | + | * An interface identifier identifies a particular interface on the subnet. |
| - | ====Subnet | + | ====Subnet |
| Unlike IPv4, IPv6 has a standard subnet mask of /64, which is used for almost all normal addresses. This means that a single subnet can contain as many hosts as required. Typically, the network provider will assign a shorter prefix to an organisation, | Unlike IPv4, IPv6 has a standard subnet mask of /64, which is used for almost all normal addresses. This means that a single subnet can contain as many hosts as required. Typically, the network provider will assign a shorter prefix to an organisation, | ||
| Ligne 613: | Ligne 604: | ||
| Looking at the NetID, the **2001: | Looking at the NetID, the **2001: | ||
| - | ====Reserved IPv6 addresses==== | + | ====Reserved IPv6 Addresses==== |
| IPv6 addresses reserved for a specific use are : | IPv6 addresses reserved for a specific use are : | ||
| Ligne 619: | Ligne 610: | ||
| ^ Address ^ Description ^ | ^ Address ^ Description ^ | ||
| | ::1/128 | The loopback address similar to 127.0.0.1/8 | | | ::1/128 | The loopback address similar to 127.0.0.1/8 | | ||
| - | | Global listening address similar to 0.0.0.0 | | + | | :: | Global listening address similar to 0.0.0.0 | |
| | ::/0 | Default route similar to 0.0.0.0/0 | | | ::/0 | Default route similar to 0.0.0.0/0 | | ||
| | 2000::/3 | This address space concerns the network addresses allocated by IANA, ranging from 2000::/16 to 3fff::/16 | | | 2000::/3 | This address space concerns the network addresses allocated by IANA, ranging from 2000::/16 to 3fff::/16 | | ||
| - | | fd00::/8 | Stemming from RFC 4193, this is similar to RFC 1918, i.e. a private address space. | | + | | fd00::/8 | From RFC 4193, this is similar to RFC 1918, i.e. a private address space. | |
| | fe80::/10 | Link-local addresses | | | fe80::/10 | Link-local addresses | | ||
| | ff00::/8 | Multicast addresses | | | ff00::/8 | Multicast addresses | | ||
| - | ==== Link-local | + | ==== Link-local |
| Each interface on a network is automatically configured with a Link-local address: | Each interface on a network is automatically configured with a Link-local address: | ||
| Ligne 632: | Ligne 623: | ||
| < | < | ||
| [root@redhat9 ~]# ifconfig | [root@redhat9 ~]# ifconfig | ||
| - | ens18: flags=4163< | + | ens18: flags=4163< |
| - | inet 10.0.2.102 netmask 255.255.255.0 broadcast 10.0.2.255 | + | inet 10.0.2.102 |
| - | inet6 fe80:: | + | inet6 fe80:: |
| - | ether 92: | + | ether 92: |
| - | RX packets 21754 bytes 51437196 (49.0 MiB) | + | RX packets 21754 bytes 51437196 (49.0 MiB) |
| - | RX errors 0 dropped 0 overruns 0 frame 0 | + | RX errors 0 dropped 0 overruns 0 frame 0 |
| - | TX packets 14363 bytes 1838520 (1.7 MiB) | + | TX packets 14363 bytes 1838520 (1.7 MiB) |
| - | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | + | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
| - | lo: flags=73< | + | lo: flags=73< |
| - | inet 127.0.0.1 netmask 255.0.0.0 | + | inet 127.0.0.1 |
| - | inet6 ::1 prefixlen 128 scopeid 0x10< | + | inet6 ::1 prefixlen 128 scopeid 0x10< |
| - | loop txqueuelen 1000 (Local Loopback) | + | loop txqueuelen 1000 (Local Loopback) |
| - | RX packets 944 bytes 110925 (108.3 KiB) | + | RX packets 944 bytes 110925 (108.3 KiB) |
| - | RX errors 0 dropped 0 overruns 0 frame 0 | + | RX errors 0 dropped 0 overruns 0 frame 0 |
| - | TX packets 944 bytes 110925 (108.3 KiB) | + | TX packets 944 bytes 110925 (108.3 KiB) |
| - | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | + | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 |
| </ | </ | ||
| Ligne 666: | Ligne 657: | ||
| </ | </ | ||
| - | < | + | < |
| **Important**: | **Important**: | ||
| </ | </ | ||
| Ligne 676: | Ligne 667: | ||
| In summary, the host sends a DHCPv6 request to the multicast address **all-dhcp-servers**, | In summary, the host sends a DHCPv6 request to the multicast address **all-dhcp-servers**, | ||
| - | =====Configure | + | =====Configuring the Network===== |
| RHEL 9 uses **Network Manager** to manage the network. Network Manager has two components: | RHEL 9 uses **Network Manager** to manage the network. Network Manager has two components: | ||
| - | * a service that manages network connections and reports their status, | + | |
| - | * front-ends that use an API to configure the service. | + | * front-ends that use an API to configure the service. |
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| Ligne 692: | Ligne 683: | ||
| [root@redhat9 ~]# systemctl status NetworkManager.service | [root@redhat9 ~]# systemctl status NetworkManager.service | ||
| ● NetworkManager.service - Network Manager | ● NetworkManager.service - Network Manager | ||
| - | Loaded: loaded (/ | + | Loaded: loaded (/ |
| - | Active: active (running) since Sat 2024-09-28 15:37:17 CEST; 20h ago | + | |
| - | Docs: man: | + | |
| - | Main PID: 857 (NetworkManager) | + | |
| - | Tasks: 3 (limit: 48800) | + | Tasks: 3 (limit: 48800) |
| - | Memory: 12.0M | + | |
| - | CPU: 1.834s | + | CPU: 1.834s |
| - | CGroup: / | + | |
| - | └─857 / | + | |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:29 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:29 redhat9.ittraining.loc NetworkManager[857]: |
| </ | </ | ||
| Ligne 718: | Ligne 709: | ||
| The **nmcli** (Network Manager Command Line Interface) command is used to configure NetworkManager. | The **nmcli** (Network Manager Command Line Interface) command is used to configure NetworkManager. | ||
| - | Options | + | Command line switches |
| < | < | ||
| Ligne 725: | Ligne 716: | ||
| OPTIONS | OPTIONS | ||
| - | -a, --ask ask for missing parameters | + | |
| - | -c, --colors auto|yes|no whether to use colors in output | + | -c, --colors auto|yes|no |
| - | -e, --escape yes|no escape columns separators in values | + | -e, --escape yes|no |
| - | -f, --fields < | + | -f, --fields < |
| - | -g, --get-values < | + | -g, --get-values < |
| - | -h, --help print this help | + | -h, --help |
| - | -m, --mode tabular|multiline output mode | + | -m, --mode tabular|multiline |
| - | -o, --overview overview mode | + | -o, --overview |
| - | -p, --pretty pretty output | + | -p, --pretty |
| - | -s, --show-secrets allow displaying passwords | + | -s, --show-secrets |
| - | -t, --terse terse output | + | -t, --terse |
| - | -v, --version show program version | + | -v, --version |
| - | -w, --wait < | + | -w, --wait < |
| OBJECT | OBJECT | ||
| - | g[eneral] NetworkManager' | + | |
| - | n[etworking] overall networking control | + | n[etworking] |
| - | r[adio] NetworkManager radio switches | + | r[adio] |
| - | c[onnection] NetworkManager' | + | c[onnection] |
| - | d[evice] devices managed by NetworkManager | + | d[evice] |
| - | a[gent] NetworkManager secret agent or polkit agent | + | a[gent] |
| - | m[onitor] monitor NetworkManager changes | + | m[onitor] |
| </ | </ | ||
| =====LAB #1 - Network Configuration===== | =====LAB #1 - Network Configuration===== | ||
| - | 001.1 - Connections and Profiles==== | + | ====1.1 - Connections and Profiles==== |
| NetworkManager includes the notion of **connections** or **profiles** allowing different configurations depending on the location. To view the current connections, | NetworkManager includes the notion of **connections** or **profiles** allowing different configurations depending on the location. To view the current connections, | ||
| Ligne 757: | Ligne 748: | ||
| < | < | ||
| [root@redhat9 ~]# nmcli c show | [root@redhat9 ~]# nmcli c show | ||
| - | NAME UUID TYPE DEVICE | + | NAME |
| - | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 ethernet ens18 | + | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 |
| - | lo 8df82174-1d45-4506-9248-6bfcd2d20240 loopback lo | + | lo |
| </ | </ | ||
| - | Create | + | Now create |
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection add con-name | + | [root@redhat9 ~]# nmcli connection add con-name |
| - | Connection | + | Connection |
| </ | </ | ||
| Ligne 773: | Ligne 764: | ||
| < | < | ||
| [root@redhat9 ~]# nmcli c show | [root@redhat9 ~]# nmcli c show | ||
| - | NAME UUID TYPE DEVICE | + | NAME |
| - | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 ethernet ens18 | + | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 |
| - | lo 8df82174-1d45-4506-9248-6bfcd2d20240 loopback lo | + | lo |
| - | ip_fix | + | ip_fixed |
| </ | </ | ||
| - | Note that the output does not indicate that the **ip_fix** profile is associated with the **ens18** device because the **ip_fix** profile is not enabled: | + | Note that the output does not indicate that the **ip_fixed** profile is associated with the **ens18** device because the **ip_fixed** profile is not enabled: |
| < | < | ||
| [root@redhat9 ~]# nmcli d show | [root@redhat9 ~]# nmcli d show | ||
| - | GENERAL.DEVICE: | + | GENERAL.DEVICE: |
| - | GENERAL.TYPE: | + | GENERAL.TYPE: |
| - | GENERAL.HWADDR: | + | GENERAL.HWADDR: |
| - | GENERAL.MTU: | + | GENERAL.MTU: |
| - | GENERAL.STATE: | + | GENERAL.STATE: |
| - | GENERAL.CONNECTION: | + | GENERAL.CONNECTION: |
| - | GENERAL.CON-PATH: | + | GENERAL.CON-PATH: |
| - | WIRED-PROPERTIES.CARRIER: | + | WIRED-PROPERTIES.CARRIER: |
| - | IP4.ADDRESS[1]: | + | IP4.ADDRESS[1]: |
| - | IP4.GATEWAY: | + | IP4.GATEWAY: |
| - | IP4.ROUTE[1]: | + | IP4.ROUTE[1]: |
| - | IP4.ROUTE[2]: | + | IP4.ROUTE[2]: |
| - | IP4.DNS[1]: 8.8.8.8 | + | IP4.DNS[1]: |
| - | IP6.ADDRESS[1]: | + | IP6.ADDRESS[1]: |
| - | IP6.GATEWAY: | + | IP6.GATEWAY: |
| - | IP6.ROUTE[1]: | + | IP6.ROUTE[1]: |
| - | GENERAL.DEVICE: | + | GENERAL.DEVICE: |
| - | GENERAL.TYPE: | + | GENERAL.TYPE: |
| - | GENERAL.HWADDR: | + | GENERAL.HWADDR: |
| - | GENERAL.MTU: | + | GENERAL.MTU: |
| - | GENERAL.STATE: | + | GENERAL.STATE: |
| - | GENERAL.CONNECTION: | + | GENERAL.CONNECTION: |
| - | GENERAL.CON-PATH: | + | GENERAL.CON-PATH: |
| - | IP4.ADDRESS[1]: | + | IP4.ADDRESS[1]: |
| - | IP4.GATEWAY: | + | IP4.GATEWAY: |
| - | IP6.ADDRESS[1]: | + | IP6.ADDRESS[1]: |
| - | IP6.GATEWAY: | + | IP6.GATEWAY: |
| - | IP6.ROUTE[1]: | + | IP6.ROUTE[1]: |
| </ | </ | ||
| - | To activate the ip_fix | + | To activate the ip_fixed |
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection up ip_fixe | + | [root@redhat9 ~]# nmcli connection up ip_fixed |
| </ | </ | ||
| Ligne 824: | Ligne 815: | ||
| <WRAP center round todo 60%> | <WRAP center round todo 60%> | ||
| - | **To do** - Return to the Guacamole home page and reconnect to the VM as a trainee using the **RedHat9_SSH_10.0.2.102** connection. | + | **To do** - Return to the Guacamole home page and reconnect to the VM as a trainee using the **RedHat9_10.0.2.102_SSH** connection. |
| </ | </ | ||
| - | The ip_fix | + | The ip_fixed |
| < | < | ||
| [root@redhat9 ~]# nmcli c show | [root@redhat9 ~]# nmcli c show | ||
| - | NAME UUID TYPE DEVICE | + | NAME |
| - | ip_fix | + | ip_fixed |
| - | lo 8df82174-1d45-4506-9248-6bfcd2d20240 loopback lo | + | lo |
| - | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 ethernet -- | + | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 |
| + | | ||
| [root@redhat9 ~]# nmcli d show | [root@redhat9 ~]# nmcli d show | ||
| - | GENERAL.DEVICE: | + | GENERAL.DEVICE: |
| - | GENERAL.TYPE: | + | GENERAL.TYPE: |
| - | GENERAL.HWADDR: | + | GENERAL.HWADDR: |
| - | GENERAL.MTU: | + | GENERAL.MTU: |
| - | GENERAL.STATE: | + | GENERAL.STATE: |
| - | GENERAL.CONNECTION: | + | GENERAL.CONNECTION: |
| - | GENERAL.CON-PATH: | + | GENERAL.CON-PATH: |
| - | WIRED-PROPERTIES.CARRIER: | + | WIRED-PROPERTIES.CARRIER: |
| - | IP4.ADDRESS[1]: | + | IP4.ADDRESS[1]: |
| - | IP4.GATEWAY: | + | IP4.GATEWAY: |
| - | IP4.ROUTE[1]: | + | IP4.ROUTE[1]: |
| - | IP4.ROUTE[2]: | + | IP4.ROUTE[2]: |
| - | IP6.ADDRESS[1]: | + | IP6.ADDRESS[1]: |
| - | IP6.GATEWAY: | + | IP6.GATEWAY: |
| - | IP6.ROUTE[1]: | + | IP6.ROUTE[1]: |
| - | GENERAL.DEVICE: | + | GENERAL.DEVICE: |
| - | GENERAL.TYPE: | + | GENERAL.TYPE: |
| - | GENERAL.HWADDR: | + | GENERAL.HWADDR: |
| - | GENERAL.MTU: | + | GENERAL.MTU: |
| - | GENERAL.STATE: | + | GENERAL.STATE: |
| - | GENERAL.CONNECTION: | + | GENERAL.CONNECTION: |
| - | GENERAL.CON-PATH: | + | GENERAL.CON-PATH: |
| - | IP4.ADDRESS[1]: | + | IP4.ADDRESS[1]: |
| - | IP4.GATEWAY: | + | IP4.GATEWAY: |
| - | IP6.ADDRESS[1]: | + | IP6.ADDRESS[1]: |
| - | IP6.GATEWAY: | + | IP6.GATEWAY: |
| - | IP6.ROUTE[1]: | + | IP6.ROUTE[1]: |
| </ | </ | ||
| Ligne 872: | Ligne 863: | ||
| [root@redhat9 ~]# nmcli -p connection show ens18 | [root@redhat9 ~]# nmcli -p connection show ens18 | ||
| =============================================================================== | =============================================================================== | ||
| - | Connection profile details (ens18) | + | |
| =============================================================================== | =============================================================================== | ||
| - | connection.id: | + | connection.id: |
| - | connection.uuid: | + | connection.uuid: |
| - | connection.stable-id: | + | connection.stable-id: |
| - | connection.type: | + | connection.type: |
| - | connection.interface-name: | + | connection.interface-name: |
| - | connection.autoconnect: | + | connection.autoconnect: |
| - | connection.autoconnect-priority: | + | connection.autoconnect-priority: |
| - | connection.autoconnect-retries: | + | connection.autoconnect-retries: |
| - | connection.multi-connect: | + | connection.multi-connect: |
| - | connection.auth-retries: | + | connection.auth-retries: |
| - | connection.timestamp: | + | connection.timestamp: |
| - | connection.permissions: | + | connection.permissions: |
| - | connection.zone: | + | connection.zone: |
| - | connection.controller: | + | connection.controller: |
| - | connection.master: | + | connection.master: |
| - | connection.slave-type: | + | connection.slave-type: |
| - | connection.port-type: | + | connection.port-type: |
| - | connection.autoconnect-slaves: | + | connection.autoconnect-slaves: |
| - | connection.autoconnect-ports: | + | connection.autoconnect-ports: |
| - | connection.secondaries: | + | connection.secondaries: |
| - | connection.gateway-ping-timeout: | + | connection.gateway-ping-timeout: |
| - | connection.metered: | + | connection.metered: |
| - | connection.lldp: | + | connection.lldp: |
| - | connection.mdns: | + | connection.mdns: |
| - | connection.llmnr: | + | connection.llmnr: |
| - | connection.dns-over-tls: | + | connection.dns-over-tls: |
| - | connection.mptcp-flags: | + | connection.mptcp-flags: |
| - | connection.wait-device-timeout: | + | connection.wait-device-timeout: |
| - | connection.wait-activation-delay: | + | connection.wait-activation-delay: |
| ------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ||
| - | 802-3-ethernet.port: | + | 802-3-ethernet.port: |
| - | 802-3-ethernet.speed: | + | 802-3-ethernet.speed: |
| - | 802-3-ethernet.duplex: | + | 802-3-ethernet.duplex: |
| - | 802-3-ethernet.auto-negotiate: | + | 802-3-ethernet.auto-negotiate: |
| - | 802-3-ethernet.mac-address: | + | 802-3-ethernet.mac-address: |
| - | 802-3-ethernet.cloned-mac-address: | + | 802-3-ethernet.cloned-mac-address: |
| 802-3-ethernet.generate-mac-address-mask: | 802-3-ethernet.generate-mac-address-mask: | ||
| - | 802-3-ethernet.mac-address-blacklist: | + | 802-3-ethernet.mac-address-blacklist: |
| - | 802-3-ethernet.mtu: | + | 802-3-ethernet.mtu: |
| - | 802-3-ethernet.s390-subchannels: | + | 802-3-ethernet.s390-subchannels: |
| - | 802-3-ethernet.s390-nettype: | + | 802-3-ethernet.s390-nettype: |
| - | 802-3-ethernet.s390-options: | + | 802-3-ethernet.s390-options: |
| - | 802-3-ethernet.wake-on-lan: | + | 802-3-ethernet.wake-on-lan: |
| - | 802-3-ethernet.wake-on-lan-password: | + | 802-3-ethernet.wake-on-lan-password: |
| 802-3-ethernet.accept-all-mac-addresses: | 802-3-ethernet.accept-all-mac-addresses: | ||
| ------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ||
| - | ipv4.method: | + | ipv4.method: |
| - | ipv4.dns: 8.8.8.8 | + | ipv4.dns: |
| - | ipv4.dns-search: | + | ipv4.dns-search: |
| - | ipv4.dns-options: | + | ipv4.dns-options: |
| - | ipv4.dns-priority: | + | ipv4.dns-priority: |
| - | ipv4.addresses: | + | ipv4.addresses: |
| lines 1-55 | lines 1-55 | ||
| [q] | [q] | ||
| </ | </ | ||
| - | + | Similarly, to view the **ip_fixed** profile parameters, use the following command: | |
| - | Similarly, to view the **ip_fixe** profile parameters, use the following command: | + | |
| < | < | ||
| - | [root@redhat9 ~]# nmcli -p connection show ip_fixe | + | [root@redhat9 ~]# nmcli -p connection show ip_fixed |
| =============================================================================== | =============================================================================== | ||
| - | Connection profile details (ip_fix) | + | Connection profile details (ip_fixed) |
| =============================================================================== | =============================================================================== | ||
| - | connection.id: | + | connection.id: |
| - | connection.uuid: | + | connection.uuid: |
| - | connection.stable-id: | + | connection.stable-id: |
| - | connection.type: | + | connection.type: |
| - | connection.interface-name: | + | connection.interface-name: |
| - | connection.autoconnect: | + | connection.autoconnect: |
| - | connection.autoconnect-priority: | + | connection.autoconnect-priority: |
| - | connection.autoconnect-retries: | + | connection.autoconnect-retries: |
| - | connection.multi-connect: | + | connection.multi-connect: |
| - | connection.auth-retries: | + | connection.auth-retries: |
| - | connection.timestamp: | + | connection.timestamp: |
| - | connection.permissions: | + | connection.permissions: |
| - | connection.zone: | + | connection.zone: |
| - | connection.controller: | + | connection.controller: |
| - | connection.master: | + | connection.master: |
| - | connection.slave-type: | + | connection.slave-type: |
| - | connection.port-type: | + | connection.port-type: |
| - | connection.autoconnect-slaves: | + | connection.autoconnect-slaves: |
| - | connection.autoconnect-ports: | + | connection.autoconnect-ports: |
| - | connection.secondaries: | + | connection.secondaries: |
| - | connection.gateway-ping-timeout: | + | connection.gateway-ping-timeout: |
| - | connection.metered: | + | connection.metered: |
| - | connection.lldp: | + | connection.lldp: |
| - | connection.mdns: | + | connection.mdns: |
| - | connection.llmnr: | + | connection.llmnr: |
| - | connection.dns-over-tls: | + | connection.dns-over-tls: |
| - | connection.mptcp-flags: | + | connection.mptcp-flags: |
| - | connection.wait-device-timeout: | + | connection.wait-device-timeout: |
| - | connection.wait-activation-delay: | + | connection.wait-activation-delay: |
| ------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ||
| - | 802-3-ethernet.port: | + | 802-3-ethernet.port: |
| - | 802-3-ethernet.speed: | + | 802-3-ethernet.speed: |
| - | 802-3-ethernet.duplex: | + | 802-3-ethernet.duplex: |
| - | 802-3-ethernet.auto-negotiate: | + | 802-3-ethernet.auto-negotiate: |
| - | 802-3-ethernet.mac-address: | + | 802-3-ethernet.mac-address: |
| - | 802-3-ethernet.cloned-mac-address: | + | 802-3-ethernet.cloned-mac-address: |
| 802-3-ethernet.generate-mac-address-mask: | 802-3-ethernet.generate-mac-address-mask: | ||
| - | 802-3-ethernet.mac-address-blacklist: | + | 802-3-ethernet.mac-address-blacklist: |
| - | 802-3-ethernet.mtu: | + | 802-3-ethernet.mtu: |
| - | 802-3-ethernet.s390-subchannels: | + | 802-3-ethernet.s390-subchannels: |
| - | 802-3-ethernet.s390-nettype: | + | 802-3-ethernet.s390-nettype: |
| - | 802-3-ethernet.s390-options: | + | 802-3-ethernet.s390-options: |
| - | 802-3-ethernet.wake-on-lan: | + | 802-3-ethernet.wake-on-lan: |
| - | 802-3-ethernet.wake-on-lan-password: | + | 802-3-ethernet.wake-on-lan-password: |
| 802-3-ethernet.accept-all-mac-addresses: | 802-3-ethernet.accept-all-mac-addresses: | ||
| ------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ||
| - | ipv4.method: | + | ipv4.method: |
| - | ipv4.dns: -- | + | ipv4.dns: |
| - | ipv4.dns-search: | + | ipv4.dns-search: |
| - | ipv4.dns-options: | + | ipv4.dns-options: |
| - | ipv4.dns-priority: | + | ipv4.dns-priority: |
| - | ipv4.addresses: | + | ipv4.addresses: |
| lines 1-55 | lines 1-55 | ||
| [q] | [q] | ||
| Ligne 998: | Ligne 988: | ||
| [root@redhat9 ~]# nmcli -f CONNECTIONS device show ens18 | [root@redhat9 ~]# nmcli -f CONNECTIONS device show ens18 | ||
| CONNECTIONS.AVAILABLE-CONNECTION-PATHS: | CONNECTIONS.AVAILABLE-CONNECTION-PATHS: | ||
| - | CONNECTIONS.AVAILABLE-CONNECTIONS[1]: | + | CONNECTIONS.AVAILABLE-CONNECTIONS[1]: |
| - | CONNECTIONS.AVAILABLE-CONNECTIONS[2]: | + | CONNECTIONS.AVAILABLE-CONNECTIONS[2]: |
| </ | </ | ||
| Ligne 1007: | Ligne 997: | ||
| [root@redhat9 ~]# ls -l / | [root@redhat9 ~]# ls -l / | ||
| total 8 | total 8 | ||
| - | -rw-------. 1 root root 253 Oct 19 2023 ens18.nmconnection | + | -rw-------. 1 root root 253 Oct 19 2023 ens18.nmconnection |
| - | -rw-------. 1 root root 218 Sep 29 12:21 ip_fix.nmconnection | + | -rw-------. 1 root root 218 Sep 29 12:21 ip_fixed.nmconnection |
| </ | </ | ||
| - | ====.2 - Name resolution==== | + | ====1.2 - Name resolution==== |
| - | A study of the **/ | + | A study of the **/ |
| < | < | ||
| - | [root@redhat9 ~]# cat / | + | [root@redhat9 ~]# cat / |
| [connection] | [connection] | ||
| - | id=ip_fixe | + | id=ip_fixed |
| uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | ||
| type=ethernet | type=ethernet | ||
| Ligne 1043: | Ligne 1033: | ||
| </ | </ | ||
| - | Modify the configuration of the **ip_fixe** profile: | + | Modify the configuration of the **ip_fixed** profile: |
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection mod ip_fix | + | [root@redhat9 ~]# nmcli connection mod ip_fixed |
| </ | </ | ||
| - | A look at the **/ | + | A look at the **/ |
| < | < | ||
| - | [root@redhat9 ~]# cat / | + | [root@redhat9 ~]# cat / |
| [connection] | [connection] | ||
| - | id=ip_fixe | + | id=ip_fixed |
| uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | ||
| type=ethernet | type=ethernet | ||
| Ligne 1081: | Ligne 1071: | ||
| [root@redhat9 ~]# systemctl status NetworkManager.service | [root@redhat9 ~]# systemctl status NetworkManager.service | ||
| ● NetworkManager.service - Network Manager | ● NetworkManager.service - Network Manager | ||
| - | Loaded: loaded (/ | + | Loaded: loaded (/ |
| - | Active: active (running) since Sun 2024-09-29 12:36:35 CEST; 11s ago | + | |
| - | Docs: man: | + | |
| - | Main PID: 4456 (NetworkManager) | + | |
| - | Tasks: 4 (limit: 48800) | + | Tasks: 4 (limit: 48800) |
| - | Memory: 5.5M | + | |
| - | CPU: 82ms | + | CPU: 82ms |
| - | CGroup: / | + | |
| - | └─4456 / | + | |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:36 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:36 redhat9.ittraining.loc NetworkManager[4456]: |
| </ | </ | ||
| Ligne 1126: | Ligne 1116: | ||
| </ | </ | ||
| - | < | + | < |
| - | **Important** : Note that there is a text-mode | + | **Important** : Note that there is a graphical front-end, **nmtui**, for configuring NetworkManager. |
| </ | </ | ||
| - | ====.3 - Adding a Second IP Address to a Profile==== | + | ====1.3 - Adding a Second IP Address to a Profile==== |
| To add a second IP address to a profile under RHEL 9, use the following command: | To add a second IP address to a profile under RHEL 9, use the following command: | ||
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection mod ip_fix | + | [root@redhat9 ~]# nmcli connection mod ip_fixed |
| </ | </ | ||
| Ligne 1141: | Ligne 1131: | ||
| < | < | ||
| - | [root@redhat9 ~]# nmcli con up ip_fixe | + | [root@redhat9 ~]# nmcli con up ip_fixed |
| Connection successfully activated (D-Bus active path: / | Connection successfully activated (D-Bus active path: / | ||
| </ | </ | ||
| Ligne 1148: | Ligne 1138: | ||
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection show ip_fixe | + | [root@redhat9 ~]# nmcli connection show ip_fixed |
| - | connection.id: | + | connection.id: |
| - | connection.uuid: | + | connection.uuid: |
| - | connection.stable-id: | + | connection.stable-id: |
| - | connection.type: | + | connection.type: |
| - | connection.interface-name: | + | connection.interface-name: |
| - | connection.autoconnect: | + | connection.autoconnect: |
| - | connection.autoconnect-priority: | + | connection.autoconnect-priority: |
| - | connection.autoconnect-retries: | + | connection.autoconnect-retries: |
| - | connection.multi-connect: | + | connection.multi-connect: |
| - | connection.auth-retries: | + | connection.auth-retries: |
| - | connection.timestamp: | + | connection.timestamp: |
| - | connection.permissions: | + | connection.permissions: |
| - | connection.zone: | + | connection.zone: |
| - | connection.controller: | + | connection.controller: |
| - | connection.master: | + | connection.master: |
| - | connection.slave-type: | + | connection.slave-type: |
| - | connection.port-type: | + | connection.port-type: |
| - | connection.autoconnect-slaves: | + | connection.autoconnect-slaves: |
| - | connection.autoconnect-ports: | + | connection.autoconnect-ports: |
| - | connection.secondaries: | + | connection.secondaries: |
| - | connection.gateway-ping-timeout: | + | connection.gateway-ping-timeout: |
| - | connection.metered: | + | connection.metered: |
| - | connection.lldp: | + | connection.lldp: |
| - | connection.mdns: | + | connection.mdns: |
| - | connection.llmnr: | + | connection.llmnr: |
| - | connection.dns-over-tls: | + | connection.dns-over-tls: |
| - | connection.mptcp-flags: | + | connection.mptcp-flags: |
| - | connection.wait-device-timeout: | + | connection.wait-device-timeout: |
| - | connection.wait-activation-delay: | + | connection.wait-activation-delay: |
| - | 802-3-ethernet.port: | + | 802-3-ethernet.port: |
| - | 802-3-ethernet.speed: | + | 802-3-ethernet.speed: |
| - | 802-3-ethernet.duplex: | + | 802-3-ethernet.duplex: |
| - | 802-3-ethernet.auto-negotiate: | + | 802-3-ethernet.auto-negotiate: |
| - | 802-3-ethernet.mac-address: | + | 802-3-ethernet.mac-address: |
| - | 802-3-ethernet.cloned-mac-address: | + | 802-3-ethernet.cloned-mac-address: |
| 802-3-ethernet.generate-mac-address-mask: | 802-3-ethernet.generate-mac-address-mask: | ||
| - | 802-3-ethernet.mac-address-blacklist: | + | 802-3-ethernet.mac-address-blacklist: |
| - | 802-3-ethernet.mtu: | + | 802-3-ethernet.mtu: |
| - | 802-3-ethernet.s390-subchannels: | + | 802-3-ethernet.s390-subchannels: |
| - | 802-3-ethernet.s390-nettype: | + | 802-3-ethernet.s390-nettype: |
| - | 802-3-ethernet.s390-options: | + | 802-3-ethernet.s390-options: |
| - | 802-3-ethernet.wake-on-lan: | + | 802-3-ethernet.wake-on-lan: |
| - | 802-3-ethernet.wake-on-lan-password: | + | 802-3-ethernet.wake-on-lan-password: |
| 802-3-ethernet.accept-all-mac-addresses: | 802-3-ethernet.accept-all-mac-addresses: | ||
| - | ipv4.method: | + | ipv4.method: |
| - | ipv4.dns: 8.8.8.8 | + | ipv4.dns: |
| - | ipv4.dns-search: | + | ipv4.dns-search: |
| - | ipv4.dns-options: | + | ipv4.dns-options: |
| - | ipv4.dns-priority: | + | ipv4.dns-priority: |
| - | ipv4.addresses: | + | ipv4.addresses: |
| - | ipv4.gateway: | + | ipv4.gateway: |
| - | ipv4.routes: | + | ipv4.routes: |
| - | ipv4.route-metric: | + | ipv4.route-metric: |
| - | ipv4.route-table: | + | ipv4.route-table: |
| - | ipv4.routing-rules: | + | ipv4.routing-rules: |
| - | ipv4.replace-local-rule: | + | ipv4.replace-local-rule: |
| - | ipv4.ignore-auto-routes: | + | ipv4.ignore-auto-routes: |
| - | ipv4.ignore-auto-dns: | + | ipv4.ignore-auto-dns: |
| - | ipv4.dhcp-client-id: | + | ipv4.dhcp-client-id: |
| - | ipv4.dhcp-iaid: | + | ipv4.dhcp-iaid: |
| - | ipv4.dhcp-dscp: | + | ipv4.dhcp-dscp: |
| - | ipv4.dhcp-timeout: | + | ipv4.dhcp-timeout: |
| - | ipv4.dhcp-send-hostname: | + | ipv4.dhcp-send-hostname: |
| - | ipv4.dhcp-hostname: | + | ipv4.dhcp-hostname: |
| - | ipv4.dhcp-fqdn: | + | ipv4.dhcp-fqdn: |
| - | ipv4.dhcp-hostname-flags: | + | ipv4.dhcp-hostname-flags: |
| - | ipv4.never-default: | + | ipv4.never-default: |
| - | ipv4.may-fail: | + | ipv4.may-fail: |
| - | ipv4.required-timeout: | + | ipv4.required-timeout: |
| - | ipv4.dad-timeout: | + | ipv4.dad-timeout: |
| - | ipv4.dhcp-vendor-class-identifier: | + | ipv4.dhcp-vendor-class-identifier: |
| - | ipv4.link-local: | + | ipv4.link-local: |
| - | ipv4.dhcp-reject-servers: | + | ipv4.dhcp-reject-servers: |
| - | ipv4.auto-route-ext-gw: | + | ipv4.auto-route-ext-gw: |
| - | ipv6.method: | + | ipv6.method: |
| - | ipv6.dns: -- | + | ipv6.dns: |
| - | ipv6.dns-search: | + | ipv6.dns-search: |
| - | ipv6.dns-options: | + | ipv6.dns-options: |
| - | ipv6.dns-priority: | + | ipv6.dns-priority: |
| - | ipv6.addresses: | + | ipv6.addresses: |
| - | ipv6.gateway: | + | ipv6.gateway: |
| - | ipv6.routes: | + | ipv6.routes: |
| - | ipv6.route-metric: | + | ipv6.route-metric: |
| - | ipv6.route-table: | + | ipv6.route-table: |
| - | ipv6.routing-rules: | + | ipv6.routing-rules: |
| - | ipv6.replace-local-rule: | + | ipv6.replace-local-rule: |
| - | ipv6.ignore-auto-routes: | + | ipv6.ignore-auto-routes: |
| - | ipv6.ignore-auto-dns: | + | ipv6.ignore-auto-dns: |
| - | ipv6.never-default: | + | ipv6.never-default: |
| - | ipv6.may-fail: | + | ipv6.may-fail: |
| - | ipv6.required-timeout: | + | ipv6.required-timeout: |
| - | ipv6.ip6-privacy: | + | ipv6.ip6-privacy: |
| - | ipv6.addr-gen-mode: | + | ipv6.addr-gen-mode: |
| - | ipv6.ra-timeout: | + | ipv6.ra-timeout: |
| - | ipv6.mtu: auto | + | ipv6.mtu: |
| - | ipv6.dhcp-pd-hint: | + | ipv6.dhcp-pd-hint: |
| - | ipv6.dhcp-duid: | + | ipv6.dhcp-duid: |
| - | ipv6.dhcp-iaid: | + | ipv6.dhcp-iaid: |
| - | ipv6.dhcp-timeout: | + | ipv6.dhcp-timeout: |
| - | ipv6.dhcp-send-hostname: | + | ipv6.dhcp-send-hostname: |
| - | ipv6.dhcp-hostname: | + | ipv6.dhcp-hostname: |
| - | ipv6.dhcp-hostname-flags: | + | ipv6.dhcp-hostname-flags: |
| - | ipv6.auto-route-ext-gw: | + | ipv6.auto-route-ext-gw: |
| - | ipv6.token: -- | + | ipv6.token: |
| - | proxy.method: | + | proxy.method: |
| - | proxy.browser-only: | + | proxy.browser-only: |
| - | proxy.pac-url: | + | proxy.pac-url: |
| - | proxy.pac-script: | + | proxy.pac-script: |
| - | GENERAL.NAME: | + | GENERAL.NAME: |
| - | GENERAL.UUID: | + | GENERAL.UUID: |
| - | GENERAL.DEVICES: | + | GENERAL.DEVICES: |
| - | GENERAL.IP-IFACE: | + | GENERAL.IP-IFACE: |
| - | GENERAL.STATE: | + | GENERAL.STATE: |
| - | GENERAL.DEFAULT: | + | GENERAL.DEFAULT: |
| - | GENERAL.DEFAULT6: | + | GENERAL.DEFAULT6: |
| - | GENERAL.SPEC-OBJECT: | + | GENERAL.SPEC-OBJECT: |
| - | GENERAL.VPN: | + | GENERAL.VPN: |
| - | GENERAL.DBUS-PATH: | + | GENERAL.DBUS-PATH: |
| - | GENERAL.CON-PATH: | + | GENERAL.CON-PATH: |
| - | GENERAL.ZONE: | + | GENERAL.ZONE: |
| - | GENERAL.MASTER-PATH: | + | GENERAL.MASTER-PATH: |
| - | IP4.ADDRESS[1]: | + | IP4.ADDRESS[1]: |
| - | IP4.ADDRESS[2]: | + | IP4.ADDRESS[2]: |
| - | IP4.GATEWAY: | + | IP4.GATEWAY: |
| - | IP4.ROUTE[1]: | + | IP4.ROUTE[1]: |
| - | IP4.ROUTE[2]: | + | IP4.ROUTE[2]: |
| - | IP4.ROUTE[3]: | + | IP4.ROUTE[3]: |
| - | IP4.DNS[1]: 8.8.8.8 | + | IP4.DNS[1]: |
| - | IP6.ADDRESS[1]: | + | IP6.ADDRESS[1]: |
| - | IP6.GATEWAY: | + | IP6.GATEWAY: |
| - | IP6.ROUTE[1]: | + | IP6.ROUTE[1]: |
| lines 77-131/131 (END) | lines 77-131/131 (END) | ||
| [q] | [q] | ||
| </ | </ | ||
| - | < | + | < |
| **Important** : Note the addition of the secondary address to the **ipv4.addresses: | **Important** : Note the addition of the secondary address to the **ipv4.addresses: | ||
| </ | </ | ||
| - | Now look at the contents of the **/ | + | Now look at the contents of the **/ |
| < | < | ||
| - | [root@redhat9 ~]# cat / | + | [root@redhat9 ~]# cat / |
| [connection] | [connection] | ||
| - | id=ip_fixe | + | id=ip_fixed |
| uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | ||
| type=ethernet | type=ethernet | ||
| Ligne 1318: | Ligne 1308: | ||
| </ | </ | ||
| - | ====.4 - The hostname==== | + | ====1.4 - The hostname |
| The hostname modification procedure is simplified and takes effect immediately: | The hostname modification procedure is simplified and takes effect immediately: | ||
| Ligne 1343: | Ligne 1333: | ||
| </ | </ | ||
| - | ====.5 - The ip==== | + | ====1.5 - The ip Command==== |
| Under RHEL 9 the **ip** command is preferred to the ifconfig command: | Under RHEL 9 the **ip** command is preferred to the ifconfig command: | ||
| Ligne 1350: | Ligne 1340: | ||
| [root@redhat9 ~]# ip address | [root@redhat9 ~]# ip address | ||
| 1: lo: < | 1: lo: < | ||
| - | link/ | + | |
| - | inet 127.0.0.1/8 scope host lo | + | inet 127.0.0.1/8 scope host lo |
| - | valid_lft forever preferred_lft forever | + | |
| - | inet6 ::1/128 scope host | + | inet6 ::1/128 scope host |
| - | valid_lft forever preferred_lft forever | + | |
| 2: ens18: < | 2: ens18: < | ||
| - | link/ether 92: | + | |
| - | altname enp0s18 | + | altname enp0s18 |
| - | inet 10.0.2.102/ | + | inet 10.0.2.102/ |
| - | valid_lft forever preferred_lft forever | + | |
| - | inet 192.168.1.2/ | + | inet 192.168.1.2/ |
| - | valid_lft forever preferred_lft forever | + | |
| - | inet6 fe80:: | + | inet6 fe80:: |
| - | valid_lft forever preferred_lft forever | + | |
| </ | </ | ||
| - | ===Command | + | ===Command |
| - | The options | + | The command line switches |
| < | < | ||
| [root@redhat9 ~]# ip --help | [root@redhat9 ~]# ip --help | ||
| Usage: ip [ OPTIONS ] OBJECT { COMMAND | help } | Usage: ip [ OPTIONS ] OBJECT { COMMAND | help } | ||
| - | ip [ -force ] -batch filename | + | ip [ -force ] -batch filename |
| - | where OBJECT := { address | addrlabel | amt | fou | help | ila | ioam | l2tp | | + | where OBJECT := { address | addrlabel | amt | fou | help | ila | ioam | l2tp | |
| - | link | macsec | maddress | monitor | mptcp | mroute | mrule | | + | |
| - | neighbor | neighbour | netconf | netns | nexthop | ntable | | + | |
| - | ntbl | route | rule | sr | tap | tcpmetrics | | + | |
| - | token | tunnel | tuntap | vrf | xfrm } | + | |
| - | OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] | | + | |
| - | -h[uman-readable] | -iec | -j[son] | -p[retty] | | + | -h[uman-readable] | -iec | -j[son] | -p[retty] | |
| - | -f[amily] { inet | inet6 | mpls | bridge | link } | | + | -f[amily] { inet | inet6 | mpls | bridge | link } | |
| - | -4 | -6 | -M | -B | -0 | | + | -4 | -6 | -M | -B | -0 | |
| - | -l[oops] { maximum-addr-flush-attempts } | -br[ief] | | + | -l[oops] { maximum-addr-flush-attempts } | -br[ief] | |
| - | -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] | | + | -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] | |
| - | -rc[vbuf] [size] | -n[etns] name | -N[umeric] | -a[ll] | | + | -rc[vbuf] [size] | -n[etns] name | -N[umeric] | -a[ll] | |
| - | -c[olor]} | + | -c[olor]} |
| </ | </ | ||
| - | ====.6 - Manually | + | ====1.6 - Manually |
| There are two commands for manually deactivating and activating a network interface: | There are two commands for manually deactivating and activating a network interface: | ||
| Ligne 1403: | Ligne 1393: | ||
| </ | </ | ||
| - | ====.7 - Static Routing==== | + | ====1.7 - Static Routing==== |
| - | ===The ip command=== | + | ===The ip Command=== |
| Under RHEL 9, to delete the route to the 192.168.1.0 network, use the ip command and not the route command: | Under RHEL 9, to delete the route to the 192.168.1.0 network, use the ip command and not the route command: | ||
| Ligne 1437: | Ligne 1427: | ||
| </ | </ | ||
| - | ===Enable | + | ===Enable |
| To enable IPv4 routing on the server, packet retransmission must be enabled: | To enable IPv4 routing on the server, packet retransmission must be enabled: | ||
| Ligne 1481: | Ligne 1471: | ||
| </ | </ | ||
| - | ===Options | + | ===Command Line Switches |
| - | The options | + | The command line switches |
| < | < | ||
| [root@redhat9 ~]# ping --help | [root@redhat9 ~]# ping --help | ||
| - | ping: invalid option -- ‘-’ | + | ping: invalid option -- '-' |
| Usage | Usage | ||
| - | ping [options] < | + | |
| Options: | Options: | ||
| - | < | + | |
| - | -a use audible ping | + | -a |
| - | -A use adaptive ping | + | -A |
| - | -B sticky source address | + | -B |
| - | -C < | + | -c < |
| - | -D print timestamps | + | -D |
| - | -d use SO_DEBUG socket option | + | -d |
| - | -f flood ping | + | -f |
| - | -h print help and exit | + | -h |
| - | -I < | + | -I < |
| - | -i < | + | -i < |
| - | -L suppress loopback of multicast packets | + | -L |
| - | -l < | + | -l < |
| - | -m < | + | -m < |
| - | -M <pmtud opt> define mtu discovery, can be one of < | + | -M <pmtud opt> |
| - | -n no dns name resolution | + | -n |
| - | -O report outstanding replies | + | -O |
| - | -p < | + | -p < |
| - | -q quiet output | + | -q |
| - | -Q < | + | -Q < |
| - | -s < | + | -s < |
| - | -S < | + | -S < |
| - | -t <ttl> define time to live | + | -t < |
| - | -U print user-to-user latency | + | -U |
| - | -v verbose output | + | -v |
| - | -V print version and exit | + | -V |
| - | -w < | + | -w < |
| - | -W < | + | -W < |
| IPv4 options: | IPv4 options: | ||
| - | -4 use IPv4 | + | |
| - | -b allow pinging broadcast | + | -b |
| - | -R record route | + | -R |
| - | -T < | + | -T < |
| IPv6 options: | IPv6 options: | ||
| - | -6 use IPv6 | + | |
| - | -F < | + | -F < |
| - | -N < | + | -N < |
| For more details see ping(8). | For more details see ping(8). | ||
| Ligne 1543: | Ligne 1533: | ||
| [root@redhat9 ~]# netstat -i | [root@redhat9 ~]# netstat -i | ||
| Kernel Interface table | Kernel Interface table | ||
| - | Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg | + | Iface |
| - | ens18 1500 18785 0 0 0 12157 0 0 0 BMRU | + | ens18 1500 18785 0 0 0 |
| - | lo 65536 105 0 0 0 105 0 0 0 LRU | + | lo 65536 105 0 0 0 |
| </ | </ | ||
| - | ===Command | + | ===Command |
| - | The options | + | The command line switches |
| < | < | ||
| [root@redhat9 ~]# netstat --help | [root@redhat9 ~]# netstat --help | ||
| - | usage: netstat [-vWeenNcCF] [< | + | usage: netstat [-vWeenNcCF] [< |
| - | netstat [-vWnNcaeol] [< | + | |
| - | netstat { [-vWeenNac] -I[< | + | |
| - | -r, --route display routing table | + | |
| - | -I, --interfaces=< | + | -I, --interfaces=< |
| - | -i, --interfaces display interface table | + | -i, --interfaces |
| - | -g, --groups display multicast group memberships | + | -g, --groups |
| - | -s, --statistics display networking statistics (like SNMP) | + | -s, --statistics |
| - | -M, --masquerade display masqueraded connections | + | -M, --masquerade |
| - | -v, --verbose be verbose | + | |
| - | -W, --wide don't truncate IP addresses | + | -W, --wide |
| - | -n, --numeric don't resolve names | + | -n, --numeric |
| - | --numeric-hosts don't resolve host names | + | --numeric-hosts |
| - | --numeric-ports don't resolve port names | + | --numeric-ports |
| - | --numeric-users don't resolve user names | + | --numeric-users |
| - | -N, --symbolic resolve hardware names | + | -N, --symbolic |
| - | -e, --extend display other/more information | + | -e, --extend |
| - | -p, --programs display PID/Program name for sockets | + | -p, --programs |
| - | -o, --timers display timers | + | -o, --timers |
| - | -c, --continuous continuous listing | + | -c, --continuous |
| - | -l, --listening display listening server sockets | + | |
| - | -a, --all display all sockets (default: connected) | + | -a, --all display all sockets (default: connected) |
| - | -F, --fib display Forwarding Information Base (default) | + | -F, --fib display Forwarding Information Base (default) |
| - | -C, --cache display routing cache instead of FIB | + | -C, --cache |
| - | -Z, --context display SELinux security context for sockets | + | -Z, --context |
| - | < | + | |
| - | {-x|--unix} --ax25 --ipx --netrom | + | |
| - | < | + | < |
| - | List of possible address families (which support routing): | + | List of possible address families (which support routing): |
| - | inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) | + | inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) |
| - | netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) | + | netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) |
| - | x25 (CCITT X.25) | + | x25 (CCITT X.25) |
| </ | </ | ||
| ====2.3 - traceroute==== | ====2.3 - traceroute==== | ||
| - | The ping command is the basis of the **traceroute** command. This command is used to find out the route taken to access | + | The ping command is the basis of the **traceroute** command. This command is used to find out the route taken to reach a given host: |
| < | < | ||
| [root@redhat9 ~]# traceroute www.ittraining.team | [root@redhat9 ~]# traceroute www.ittraining.team | ||
| bash: traceroute: command not found... | bash: traceroute: command not found... | ||
| - | Install package | + | Install package |
| - | * Waiting in queue... | + | * Waiting in queue... |
| - | * Loading list of packages.... | + | * Loading list of packages.... |
| The following packages have to be installed: | The following packages have to be installed: | ||
| - | traceroute-3: | + | traceroute-3: |
| Proceed with changes? [N/y] y | Proceed with changes? [N/y] y | ||
| - | * Waiting in queue... | + | * Waiting in queue... |
| - | * Waiting for authentication... | + | * Waiting for authentication... |
| - | * Waiting in queue... | + | * Waiting in queue... |
| - | * Downloading packages... | + | * Downloading packages... |
| - | * Requesting data... | + | * Requesting data... |
| - | * Testing changes... | + | * Testing changes... |
| - | * Installing packages... | + | * Installing packages... |
| traceroute to www.ittraining.team (136.143.190.199), | traceroute to www.ittraining.team (136.143.190.199), | ||
| - | 1 _gateway (10.0.2.1) 0.437 ms 0.396 ms 0.380 ms | + | 1 _gateway (10.0.2.1) |
| - | 2 51.79.19.252 (51.79.19.252) 0.554 ms 0.689 ms 0.818 ms | + | |
| - | 3 10.161.82.50 (10.161.82.50) 0.372 ms 10.161.82.52 (10.161.82.52) 0.444 ms 10.161.82.50 (10.161.82.50) 0.372 ms | + | |
| - | 4 10.34.98.50 (10.34.98.50) 0.483 ms 0.580 ms 0.973 ms | + | |
| - | 5 10.74.8.92 (10.74.8.92) 0.232 ms 10.74.8.90 (10.74.8.90) 9.825 ms 10.74.8.94 (10.74.8.94) 0.206 ms | + | |
| - | 6 10.95.81.10 (10.95.81.10) 0.712 ms 10.95.81.8 (10.95.81.8) 1.103 ms 10.95.81.10 (10.95.81.10) 1.435 ms | + | |
| - | 7 be101.chi-ch2-sbb1-8k.il.us (198.27.73.207) 17.425 ms be101.chi-ch2-sbb2-8k.il.us (192.99.146.141) 17.089 ms be101.chi-ch2-sbb1-8k.il.us (198.27.73.207) 17.055 ms | + | |
| - | 8 * * * | + | |
| - | 9 10.200.1.1 (10.200.1.1) 66.593 ms 68.592 ms * | + | |
| - | 10 * 10.200.1.1 (10.200.1.1) 68.518 ms * | + | 10 * 10.200.1.1 (10.200.1.1) |
| - | 11 * * * | + | 11 * * * |
| - | 12 * * * | + | 12 * * * |
| - | 13 * * * | + | 13 * * * |
| - | 14 * * * | + | 14 * * * |
| - | 15 * * * | + | 15 * * * |
| - | 16 * * * | + | 16 * * * |
| - | 17 * * * | + | 17 * * * |
| - | 18 * * * | + | 18 * * * |
| - | 19 * * * | + | 19 * * * |
| - | 20 * * * | + | 20 * * * |
| - | 21 * *^C | + | 21 * *^C |
| </ | </ | ||
| - | ===Options for the traceroute command=== | + | ===Command Line Switches=== |
| - | The options | + | The command line switches |
| < | < | ||
| [root@redhat9 ~]# traceroute --help | [root@redhat9 ~]# traceroute --help | ||
| Usage: | Usage: | ||
| - | traceroute [ -46dFITnreAUDV ] [ -f first_ttl ] [ -g gate,... ] [ -i device ] [ -m max_ttl ] [ -N squeries ] [ -p port ] [ -t tos ] [ -l flow_label ] [ -w MAX, | + | |
| Options: | Options: | ||
| - | -4 Use IPv4 | + | |
| - | -6 Use IPv6 | + | -6 Use IPv6 |
| - | -d --debug Enable socket level debugging | + | -d --debug |
| - | -F --dont-fragment Do not fragment packets | + | -F --dont-fragment |
| - | -f first_ttl --first=first_ttl | + | -f first_ttl |
| - | Start from the first_ttl hop (instead from 1) | + | Start from the first_ttl hop (instead from 1) |
| - | -g gate,... --gateway=gate, | + | -g gate, |
| - | Route packets through the specified gateway | + | Route packets through the specified gateway |
| - | (maximum 8 for IPv4 and 127 for IPv6) | + | (maximum 8 for IPv4 and 127 for IPv6) |
| - | -I --icmp Use ICMP ECHO for tracerouting | + | -I --icmp |
| - | -T --tcp Use TCP SYN for tracerouting (default port is 80) | + | -T --tcp |
| - | -i device --interface=device | + | -i device |
| - | Specify a network interface to operate with | + | Specify a network interface to operate with |
| - | -m max_ttl --max-hops=max_ttl | + | -m max_ttl |
| - | Set the max number of hops (max TTL to be | + | Set the max number of hops (max TTL to be |
| - | reached). Default is 30 | + | reached). Default is 30 |
| - | -N squeries --sim-queries=squeries | + | -N squeries |
| - | Set the number of probes to be tried | + | Set the number of probes to be tried |
| - | simultaneously (default is 16) | + | simultaneously (default is 16) |
| - | -n Do not resolve IP addresses to their domain names | + | -n Do not resolve IP addresses to their domain names |
| - | -p port --port=port Set the destination port to use. It is either | + | -p port --port=port |
| - | initial udp port value for ‘default’ method | + | initial udp port value for "default" |
| - | (incremented by each probe, default is 33434), or | + | (incremented by each probe, default is 33434), or |
| - | initial seq for ‘icmp’ (incremented as well, | + | initial seq for "icmp" |
| - | default from 1), or some constant destination | + | default from 1), or some constant destination |
| - | port for other methods (with default of 80 for | + | port for other methods (with default of 80 for |
| - | ‘tcp’, 53 for “udp”, etc.) | + | " |
| - | -t tos --tos=tos Set the TOS (IPv4 type of service) or TC (IPv6 | + | -t tos --tos=tos |
| - | traffic class) value for outgoing packets | + | traffic class) value for outgoing packets |
| - | -l flow_label --flowlabel=flow_label | + | -l flow_label |
| - | Use specified flow_label for IPv6 packets | + | Use specified flow_label for IPv6 packets |
| - | -w MAX, | + | -w MAX, |
| - | Wait for a probe no more than HERE (default 3) | + | Wait for a probe no more than HERE (default 3) |
| - | times longer than a response from the same hop, | + | times longer than a response from the same hop, |
| - | or no more than NEAR (default 10) times than some | + | or no more than NEAR (default 10) times than some |
| - | next hop, or MAX (default 5.0) seconds (float | + | next hop, or MAX (default 5.0) seconds (float |
| - | point values allowed too) | + | point values allowed too) |
| - | -q nqueries --queries=nqueries | + | -q nqueries |
| - | Set the number of probes per each hop. Default is | + | Set the number of probes per each hop. Default is |
| - | 3 | + | 3 |
| - | -r Bypass the normal routing and send directly to a | + | -r Bypass the normal routing and send directly to a |
| - | host on an attached network | + | host on an attached network |
| - | -s src_addr --source=src_addr | + | -s src_addr |
| - | Use source src_addr for outgoing packets | + | Use source src_addr for outgoing packets |
| - | -z sendwait --sendwait=sendwait | + | -z sendwait |
| - | Minimal time interval between probes (default 0). | + | Minimal time interval between probes (default 0). |
| - | If the value is more than 10, then it specifies a | + | If the value is more than 10, then it specifies a |
| - | number in milliseconds, | + | number in milliseconds, |
| - | seconds (float point values allowed too) | + | seconds (float point values allowed too) |
| - | -e --extensions Show ICMP extensions (if present), including MPLS | + | -e --extensions |
| - | -A --as-path-lookups Perform AS path lookups in routing registries and | + | -A --as-path-lookups |
| - | print results directly after the corresponding | + | print results directly after the corresponding |
| - | addresses | + | addresses |
| - | -M name --module=name Use specified module (either builtin or external) | + | -M name --module=name |
| - | for traceroute operations. Most methods have | + | for traceroute operations. Most methods have |
| - | their shortcuts (`-I‘ means `-M icmp’ etc.) | + | their shortcuts (`-I' |
| - | -O OPTS,... --options=OPTS, | + | -O OPTS, |
| - | Use module-specific option OPTS for the | + | Use module-specific option OPTS for the |
| - | traceroute module. Several OPTS allowed, | + | traceroute module. Several OPTS allowed, |
| - | separated by comma. If OPTS is ‘help’, print info | + | separated by comma. If OPTS is "help", print info |
| - | about available options | + | about available options |
| - | --sport=num Use source port num for outgoing packets. Implies | + | --sport=num |
| - | `-N 1' | + | `-N 1' |
| - | --fwmark=num Set firewall mark for outgoing packets | + | --fwmark=num |
| - | -U --udp Use UDP to particular port for tracerouting | + | -U --udp |
| - | (instead of increasing the port per each probe), | + | (instead of increasing the port per each probe), |
| - | default port is 53 | + | default port is 53 |
| - | -UL Use UDPLITE for tracerouting (default dest port | + | -UL |
| - | is 53) | + | is 53) |
| - | -D --dccp Use DCCP Request for tracerouting (default port | + | -D --dccp |
| - | is 33434) | + | is 33434) |
| - | -P prot --protocol=prot Use raw packet of protocol prot for tracerouting | + | -P prot --protocol=prot |
| - | --mtu Discover MTU along the path being traced. Implies | + | --mtu |
| - | `-F -N 1' | + | `-F -N 1' |
| - | --back Guess the number of hops in the backward path and | + | --back |
| - | print if it differs | + | print if it differs |
| - | -V --version Print version info and exit | + | -V --version |
| - | --help Read this help and exit | + | --help |
| Arguments: | Arguments: | ||
| - | + host The host to traceroute to | + | + |
| - | packetlen The full packet length (default is the length of an IP | + | packetlen |
| - | header plus 40). Can be ignored or increased to a minimal | + | header plus 40). Can be ignored or increased to a minimal |
| - | allowed value | + | allowed value |
| </ | </ | ||
| Ligne 1741: | Ligne 1731: | ||
| < | < | ||
| [root@redhat9 ~]# tracepath www.ittraining.team | [root@redhat9 ~]# tracepath www.ittraining.team | ||
| - | 1?: [LOCALHOST] pmtu 1500 | + | 1?: [LOCALHOST] |
| - | 1: _gateway 0.199ms | + | |
| - | 1: _gateway 0.138ms | + | |
| - | 2: 51.79.19.252 0.651ms | + | |
| - | 3: 10.161.82.52 0.704ms | + | |
| - | 4: 10.34.98.56 0.628ms | + | |
| - | 5: 10.74.8.88 0.301ms | + | |
| - | 6: 10.95.81.8 36.365ms | + | |
| - | 7: be101.chi-ch2-sbb2-8k.il.us 17.152ms | + | |
| - | 8: be101.chi-ch2-sbb2-8k.il.us 17.442ms asymm 7 | + | |
| - | 9: 10.200.1.1 69.375ms | + | |
| - | 10: 10.200.1.1 68.618ms asymm 9 | + | 10: 10.200.1.1 |
| - | 11: no reply | + | 11: no reply |
| - | 12: no reply | + | 12: no reply |
| - | 13: no reply | + | 13: no reply |
| - | 14: no reply | + | 14: no reply |
| ^C | ^C | ||
| </ | </ | ||
| - | ===Options for the tracepath command=== | + | ===Command Line Switches=== |
| - | The options | + | The command line switches |
| < | < | ||
| [root@redhat9 ~]# tracepath --help | [root@redhat9 ~]# tracepath --help | ||
| - | tracepath: invalid option -- ‘-’ | + | tracepath: invalid option -- '-' |
| Usage | Usage | ||
| - | tracepath [options] < | + | |
| Options: | Options: | ||
| - | -4 use IPv4 | + | |
| - | -6 use IPv6 | + | -6 |
| - | -b print both name and ip | + | -b |
| - | -l < | + | -l < |
| - | -m < | + | -m < |
| - | -n no dns name resolution | + | -n |
| - | -p < | + | -p < |
| - | -V print version and exit | + | -V |
| - | < | + | < |
| For more details see tracepath(8). | For more details see tracepath(8). | ||
| Ligne 1789: | Ligne 1779: | ||
| ==== 3.1 - Telnet ==== | ==== 3.1 - Telnet ==== | ||
| - | < | + | < |
| - | **Important** - If the **telnet** command is not installed | + | **Important** - If the **telnet** command is not installed, install it using the **dnf install telnet** command as root. |
| </ | </ | ||
| Ligne 1803: | Ligne 1793: | ||
| </ | </ | ||
| - | ===Options for the telnet command=== | + | ===Command Line Switches=== |
| - | The options | + | The command line switches |
| < | < | ||
| [root@redhat9 ~]# telnet --help | [root@redhat9 ~]# telnet --help | ||
| - | telnet: invalid option -- ‘-’ | + | telnet: invalid option -- '-' |
| Usage: telnet [-4] [-6] [-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user] | Usage: telnet [-4] [-6] [-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user] | ||
| - | [-n tracefile] [-b hostalias ] [-r] | + | |
| - | [host-name [port]] | + | |
| </ | </ | ||
| Ligne 1821: | Ligne 1811: | ||
| < | < | ||
| [root@redhat9 ~]# wget https:// | [root@redhat9 ~]# wget https:// | ||
| - | --2024-09-29 13:56:10-- https:// | + | --2024-09-29 13: |
| Resolving www.dropbox.com (www.dropbox.com)... 162.125.11.18, | Resolving www.dropbox.com (www.dropbox.com)... 162.125.11.18, | ||
| Connecting to www.dropbox.com (www.dropbox.com)|162.125.11.18|: | Connecting to www.dropbox.com (www.dropbox.com)|162.125.11.18|: | ||
| HTTP request sent, awaiting response... 302 Found | HTTP request sent, awaiting response... 302 Found | ||
| Location: https:// | Location: https:// | ||
| - | --2024-09-29 13:56:11-- https:// | + | --2024-09-29 13: |
| Resolving uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com (uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com)... 162.125.11.15, | Resolving uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com (uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com)... 162.125.11.15, | ||
| Connecting to uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com (uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com)|162.125.11.15|: | Connecting to uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com (uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com)|162.125.11.15|: | ||
| Ligne 1833: | Ligne 1823: | ||
| Saving to: ‘wget_file.txt? | Saving to: ‘wget_file.txt? | ||
| - | wget_file.txt? | + | wget_file.txt? |
| 2024-09-29 13:56:11 (40.9 MB/s) - ‘wget_file.txt? | 2024-09-29 13:56:11 (40.9 MB/s) - ‘wget_file.txt? | ||
| Ligne 1841: | Ligne 1831: | ||
| </ | </ | ||
| - | ===Options for the wget command=== | + | ===Command Line Switches=== |
| - | The options | + | The command line switches |
| < | < | ||
| Ligne 1853: | Ligne 1843: | ||
| Startup: | Startup: | ||
| - | -V, --version display the version of Wget and exit | + | |
| - | -h, --help print this help | + | -h, --help |
| - | -b, --background go to background after startup | + | -b, --background |
| - | -e, --execute=COMMAND execute a `.wgetrc' | + | -e, --execute=COMMAND |
| Logging and input file: | Logging and input file: | ||
| - | -o, --output-file=FILE log messages to FILE | + | |
| - | -a, --append-output=FILE append messages to FILE | + | -a, --append-output=FILE |
| - | -d, --debug print lots of debugging information | + | -d, --debug |
| - | -q, --quiet quiet (no output) | + | -q, --quiet |
| - | -v, --verbose be verbose (this is the default) | + | -v, --verbose |
| - | -nv, --no-verbose turn off verboseness, | + | -nv, --no-verbose |
| - | --report-speed=TYPE output bandwidth as TYPE. TYPE can be bits | + | |
| - | -i, --input-file=FILE download URLs found in local or external FILE | + | -i, --input-file=FILE |
| - | -F, --force-html treat input file as HTML | + | -F, --force-html |
| - | -B, --base=URL resolves HTML input-file links (-i -F) | + | -B, --base=URL |
| - | relative to URL | + | |
| - | --config=FILE specify config file to use | + | |
| - | --no-config do not read any config file | + | |
| - | --rejected-log=FILE log reasons for URL rejection to FILE | + | |
| Download: | Download: | ||
| - | -t, --tries=NUMBER set number of retries to NUMBER (0 unlimits) | + | |
| - | --retry-connrefused retry even if connection is refused | + | |
| - | --retry-on-http-error=ERRORS comma-separated list of HTTP errors to retry | + | |
| - | -O, --output-document=FILE write documents to FILE | + | -O, --output-document=FILE |
| - | -nc, --no-clobber skip downloads that would download to | + | -nc, --no-clobber |
| - | existing files (overwriting them) | + | |
| - | --no-netrc don't try to obtain credentials from .netrc | + | |
| - | -c, --continue resume getting a partially-downloaded file | + | -c, --continue |
| - | --start-pos=OFFSET start downloading from zero-based position OFFSET | + | |
| - | --progress=TYPE select progress gauge type | + | |
| - | --show-progress display the progress bar in any verbosity mode | + | |
| - | -N, --timestamping don't re-retrieve files unless newer than | + | -N, --timestamping |
| - | local | + | |
| - | --no-if-modified-since don't use conditional if-modified-since get | + | |
| - | requests in timestamping mode | + | |
| - | --no-use-server-timestamps don't set the local file's timestamp by | + | |
| - | the one on the server | + | |
| - | -S, --server-response print server response | + | -S, --server-response |
| - | --spider don't download anything | + | |
| - | -T, --timeout=SECONDS set all timeout values to SECONDS | + | -T, --timeout=SECONDS |
| - | --dns-timeout=SECS set the DNS lookup timeout to SECS | + | |
| - | --connect-timeout=SECS set the connect timeout to SECS | + | |
| - | --read-timeout=SECS set the read timeout to SECS | + | |
| - | -w, --wait=SECONDS wait SECONDS between retrievals | + | -w, --wait=SECONDS |
| - | (applies if more then 1 URL is to be retrieved) | + | |
| - | --waitretry=SECONDS wait 1..SECONDS between retries of a retrieval | + | |
| - | (applies if more then 1 URL is to be retrieved) | + | |
| - | --random-wait wait from 0.5*WAIT...1.5*WAIT secs between retrievals | + | |
| - | (applies if more then 1 URL is to be retrieved) | + | |
| - | --no-proxy explicitly turn off proxy | + | |
| - | -Q, --quota=NUMBER set retrieval quota to NUMBER | + | -Q, --quota=NUMBER |
| - | --bind-address=ADDRESS bind to ADDRESS (hostname or IP) on local host | + | |
| - | --limit-rate=RATE limit download rate to RATE | + | |
| - | --no-dns-cache disable caching DNS lookups | + | |
| - | --restrict-file-names=OS restrict chars in file names to ones OS allows | + | |
| - | --ignore-case ignore case when matching files/ | + | |
| - | -4, --inet4-only connect only to IPv4 addresses | + | -4, --inet4-only |
| - | -6, --inet6-only connect only to IPv6 addresses | + | -6, --inet6-only |
| - | --prefer-family=FAMILY connect first to addresses of specified family, | + | |
| - | one of IPv6, IPv4, or none | + | |
| - | --user=USER set both ftp and http user to USER | + | |
| - | --password=PASS set both ftp and http password to PASS | + | |
| - | --ask-password prompt for passwords | + | |
| - | --use-askpass=COMMAND specify credential handler for requesting | + | |
| - | username and password. If no COMMAND is | + | |
| - | specified the WGET_ASKPASS or the SSH_ASKPASS | + | |
| - | environment variable is used. | + | |
| - | --no-iri turn off IRI support | + | |
| - | --local-encoding=ENC use ENC as the local encoding for IRIs | + | |
| - | --remote-encoding=ENC use ENC as the default remote encoding | + | |
| - | --unlink remove file before clobber | + | |
| - | --xattr turn on storage of metadata in extended file attributes | + | |
| Directories: | Directories: | ||
| - | -nd, --no-directories don't create directories | + | |
| - | -x, --force-directories force creation of directories | + | -x, --force-directories |
| - | -nH, --no-host-directories don't create host directories | + | -nH, --no-host-directories |
| - | --protocol-directories use protocol name in directories | + | |
| - | -P, --directory-prefix=PREFIX save files to PREFIX/... | + | -P, --directory-prefix=PREFIX |
| - | --cut-dirs=NUMBER ignore NUMBER remote directory components | + | |
| HTTP options: | HTTP options: | ||
| - | --http-user=USER set http user to USER | + | --http-user=USER |
| - | --http-password=PASS set http password to PASS | + | |
| - | --no-cache disallow server-cached data | + | |
| - | --default-page=NAME change the default page name (normally | + | |
| - | this is ‘index.html’.) | + | |
| - | -E, --adjust-extension save HTML/CSS documents with proper extensions | + | -E, --adjust-extension |
| - | --ignore-length ignore | + | |
| - | --header=STRING insert STRING among the headers | + | |
| - | --compression=TYPE choose compression, | + | |
| - | --max-redirect maximum redirections allowed per page | + | |
| - | --proxy-user=USER set USER as proxy username | + | |
| - | --proxy-password=PASS set PASS as proxy password | + | |
| - | --referer=URL include | + | |
| - | --save-headers save the HTTP headers to file | + | |
| - | -U, --user-agent=AGENT identify as AGENT instead of Wget/ | + | -U, --user-agent=AGENT |
| - | --no-http-keep-alive disable HTTP keep-alive (persistent connections) | + | |
| - | --no-cookies don't use cookies | + | |
| - | --load-cookies=FILE load cookies from FILE before session | + | |
| - | --save-cookies=FILE save cookies to FILE after session | + | |
| - | --keep-session-cookies load and save session (non-permanent) cookies | + | |
| - | --post-data=STRING use the POST method; send STRING as the data | + | |
| - | --post-file=FILE use the POST method; send contents of FILE | + | |
| - | --method=HTTPMethod use method | + | |
| - | --body-data=STRING send STRING as data. --method MUST be set | + | |
| - | --body-file=FILE send contents of FILE. --method MUST be set | + | |
| - | --content-disposition honor the Content-Disposition header when | + | |
| - | choosing local file names (EXPERIMENTAL) | + | |
| - | --content-on-error output the received content on server errors | + | |
| - | --auth-no-challenge send Basic HTTP authentication information | + | |
| - | without first waiting for the server' | + | |
| - | challenge | + | |
| HTTPS (SSL/TLS) options: | HTTPS (SSL/TLS) options: | ||
| - | --secure-protocol=PR choose secure protocol, one of auto, SSLv2, | + | --secure-protocol=PR |
| - | SSLv3, TLSv1, TLSv1_1, TLSv1_2 and PFS | + | |
| - | --https-only follow secure HTTPS links | + | |
| - | --no-check-certificate don't validate the server' | + | |
| - | --certificate=FILE client certificate file | + | |
| - | --certificate-type=TYPE client certificate type, PEM or DER | + | |
| - | --private-key=FILE private key file | + | |
| - | --private-key-type=TYPE private key type, PEM or DER | + | |
| - | --ca-certificate=FILE file with the bundle of CAs | + | |
| - | --ca-directory=DIR directory where hash list of CAs is stored | + | |
| - | --crl-file=FILE file with bundle of CRLs | + | |
| - | --pinnedpubkey=FILE/ | + | |
| - | of base64 encoded sha256 hashes preceded by | + | |
| - | ‘sha256//’ and separated by ‘;’, to verify | + | 'sha256//' |
| - | peer against | + | |
| - | --ciphers=STR Set the priority string (GnuTLS) or cipher list string (OpenSSL) directly. | + | --ciphers=STR |
| - | Use with care. This option overrides --secure-protocol. | + | |
| - | The format and syntax of this string depend on the specific SSL/TLS engine. | + | |
| HSTS options: | HSTS options: | ||
| - | --no-hsts disable HSTS | + | --no-hsts |
| - | --hsts-file path of HSTS database (will override default) | + | |
| FTP options: | FTP options: | ||
| - | --ftp-user=USER set ftp user to USER | + | --ftp-user=USER |
| - | --ftp-password=PASS set ftp password to PASS | + | |
| - | --no-remove-listing don't remove | + | |
| - | --no-glob turn off FTP file name globbing | + | |
| - | --no-passive-ftp disable the ‘passive’ transfer mode | + | |
| - | --preserve-permissions preserve remote file permissions | + | |
| - | --retr-symlinks when recursing, get linked-to files (not dir) | + | |
| FTPS options: | FTPS options: | ||
| - | --ftps-implicit use implicit FTPS (default port is 990) | + | --ftps-implicit |
| - | --ftps-resume-ssl resume the SSL/TLS session started in the control connection when | + | |
| - | opening a data connection | + | |
| - | --ftps-clear-data-connection cipher the control channel only; all the data will be in plaintext | + | |
| - | --ftps-fallback-to-ftp fall back to FTP if FTPS is not supported in the target server | + | |
| WARC options: | WARC options: | ||
| - | --warc-file=FILENAME save request/ | + | --warc-file=FILENAME |
| - | --warc-header=STRING insert STRING into the warcinfo record | + | |
| - | --warc-max-size=NUMBER set maximum size of WARC files to NUMBER | + | |
| - | --warc-cdx write CDX index files | + | |
| - | --warc-dedup=FILENAME do not store records listed in this CDX file | + | |
| - | --no-warc-compression do not compress WARC files with GZIP | + | |
| - | --no-warc-digests do not calculate SHA1 digests | + | |
| - | --no-warc-keep-log do not store the log file in a WARC record | + | |
| - | --warc-tempdir=DIRECTORY location for temporary files created by the | + | |
| - | WARC writer | + | |
| Recursive download: | Recursive download: | ||
| - | -r, --recursive specify recursive download | + | |
| - | -l, --level=NUMBER maximum recursion depth (inf or 0 for infinite) | + | -l, --level=NUMBER |
| - | --delete-after delete files locally after downloading them | + | |
| - | -k, --convert-links make links in downloaded HTML or CSS point to | + | -k, --convert-links |
| - | local files | + | |
| - | --convert-file-only convert the file part of the URLs only (usually known as the basename) | + | |
| - | --backups=N before writing file X, rotate up to N backup files | + | |
| - | -K, --backup-converted before converting file X, back up as X.orig | + | -K, --backup-converted |
| - | -m, --mirror shortcut for -N -r -l inf --no-remove-listing | + | -m, --mirror |
| - | -p, --page-requisites get all images, etc. needed to display HTML page | + | -p, --page-requisites |
| - | --strict-comments turn on strict (SGML) handling of HTML comments | + | |
| Recursive accept/ | Recursive accept/ | ||
| - | -A, --accept=LIST comma-separated list of accepted extensions | + | |
| - | -R, --reject=LIST comma-separated list of rejected extensions | + | -R, --reject=LIST |
| - | --accept-regex=REGEX regex matching accepted URLs | + | |
| - | --reject-regex=REGEX regex matching rejected URLs | + | |
| - | --regex-type=TYPE regex type (posix|pcre) | + | |
| - | -D, --domains=LIST comma-separated list of accepted domains | + | -D, --domains=LIST |
| - | --exclude-domains=LIST comma-separated list of rejected domains | + | |
| - | --follow-ftp follow FTP links from HTML documents | + | |
| - | --follow-tags=LIST comma-separated list of followed HTML tags | + | |
| - | --ignore-tags=LIST comma-separated list of ignored HTML tags | + | |
| - | -H, --span-hosts go to foreign hosts when recursive | + | -H, --span-hosts |
| - | -L, --relative follow relative links only | + | -L, --relative |
| - | -I, --include-directories=LIST list of allowed directories | + | -I, --include-directories=LIST |
| - | --trust-server-names use the name specified by the redirection | + | |
| - | URL's last component | + | |
| - | -X, --exclude-directories=LIST list of excluded directories | + | -X, --exclude-directories=LIST |
| - | -np, --no-parent don't ascend to the parent directory | + | -np, --no-parent |
| Email bug reports, questions, discussions to < | Email bug reports, questions, discussions to < | ||
| Ligne 2059: | Ligne 2049: | ||
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| - | **Important** - If the **ftp** command is not installed | + | **Important** - If the **ftp** command is not installed, install it using the **dnf install ftp** command as root. |
| </ | </ | ||
| Ligne 2067: | Ligne 2057: | ||
| [root@redhat9 ~]# ftp | [root@redhat9 ~]# ftp | ||
| ftp> help | ftp> help | ||
| - | Commands may be abbreviated. Commands are: | + | Commands may be abbreviated. |
| - | ! debug mdir sendport site | + | ! |
| - | dir mget put size | + | $ dir |
| - | account disconnect mkdir pwd status | + | account |
| - | append exit mls quit struct | + | append |
| - | ascii form mode quote system | + | ascii |
| - | bell get modtime recv sunique | + | bell get |
| - | binary glob mput reget tenex | + | binary |
| - | bye hash newer rstatus tick | + | bye |
| - | case help nmap rhelp trace | + | case help nmap rhelp |
| - | cd idle nlist rename type | + | cd idle nlist |
| - | cdup image ntrans reset user | + | cdup image |
| - | chmod lcd open restart umask | + | chmod |
| - | close ls prompt rmdir verbose | + | close |
| - | cr macdef passive runique ? | + | cr macdef |
| - | delete mdelete proxy send | + | delete |
| ftp> | ftp> | ||
| </ | </ | ||
| Ligne 2130: | Ligne 2120: | ||
| ====3.4 - SSH==== | ====3.4 - SSH==== | ||
| - | ===Introduction=== | + | ===Overview=== |
| The **[[wpfr> | The **[[wpfr> | ||
| - | * the **SSH server** | + | |
| - | * The sshd daemon, which handles client authentication and authorisation, | + | * The sshd daemon, which handles client authentication and authorisation, |
| - | * The **SSH client**. | + | * The **SSH client**. |
| - | * ssh or scp, which connects and talks to the server, | + | * ssh or scp, which connects and talks to the server, |
| - | * The **session**, | + | * The **session**, |
| - | * The **keys** | + | * The **keys** |
| - | * Asymmetric** and persistent user key pairs which ensure a user's identity and which are stored on the hard disk, | + | * **Asymmetric** and persistent user key pairs which ensure a user's identity and which are stored on the hard disk, |
| - | * **Asymmetric and persistent** host key guaranteeing the identity of the server and stored on hard disk. | + | * **Asymmetric and persistent** host key guaranteeing the identity of the server and stored on the hard disk. |
| - | * Temporary asymmetric server key** used by the SSH1 protocol to encrypt the session key, | + | * **Temporary asymmetric server key** used by the SSH1 protocol to encrypt the session key, |
| - | * Symmetric session key** which is generated at random and is used to encrypt the communication between the client and the server. It is destroyed at the end of the session. SSH-1 uses a single key, while SSH-2 uses one key for each direction of communication, | + | * **Symmetric session key** which is generated at random and is used to encrypt the communication between the client and the server. It is destroyed at the end of the session. SSH-1 uses a single key, while SSH-2 uses one key for each direction of communication, |
| - | * The **known hosts database** which stores the keys of previous connections. | + | * The **known hosts database** which stores the keys of previous connections. |
| SSH works as follows to set up a secure channel: | SSH works as follows to set up a secure channel: | ||
| - | * The client contacts the server on port 22, | + | |
| - | * The client and server exchange their versions of SSH. If the two versions do not match, one of them terminates the process, | + | * The client and server exchange their versions of SSH. If the two versions do not match, one of them terminates the process, |
| - | * The SSH server identifies itself to the client by providing : | + | * The SSH server identifies itself to the client by providing : |
| - | * Its host key, | + | * Its host key, |
| - | * Its server key, | + | * Its server key, |
| - | * A random sequence of eight bytes to be included in future client responses, | + | * A random sequence of eight bytes to be included in future client responses, |
| - | * A list of encryption, compression and authentication methods, | + | * A list of encryption, compression and authentication methods, |
| - | * The client and server produce an identical identifier, a 128-bit MD5 hash containing the host key, the server key and the random sequence, | + | * The client and server produce an identical identifier, a 128-bit MD5 hash containing the host key, the server key and the random sequence, |
| - | * The client generates its symmetrical session key and encrypts it twice, once with the server' | + | * The client generates its symmetrical session key and encrypts it twice, once with the server' |
| - | * The server decrypts the session key, | + | * The server decrypts the session key, |
| - | * The client and server set up the secure channel. | + | * The client and server set up the secure channel. |
| ==SSH-1== | ==SSH-1== | ||
| Ligne 2166: | Ligne 2156: | ||
| In order to identify itself, the client tries each of the following six methods: | In order to identify itself, the client tries each of the following six methods: | ||
| - | * **Kerberos**, | + | |
| - | **Rhosts**, | + | |
| - | **%%RhostsRSA%%**, | + | |
| - | * By **asymmetric | + | * Using **asymmetric |
| - | * **TIS**, | + | * **TIS**, |
| - | * By **password**. | + | * Using a **password**. |
| ==SSH-2== | ==SSH-2== | ||
| Ligne 2177: | Ligne 2167: | ||
| SSH-2 uses **DSA** or **RSA**. It ensures data integrity using the **HMAC** algorithm. SSH-2 is organised into three **layers**: | SSH-2 uses **DSA** or **RSA**. It ensures data integrity using the **HMAC** algorithm. SSH-2 is organised into three **layers**: | ||
| - | **SSH-TRANS** - Transport Layer Protocol, | + | * **SSH-TRANS** - Transport Layer Protocol, |
| - | **SSH-AUTH** - Authentication Protocol, | + | |
| - | * SSH-CONN** - Connection Protocol. | + | * **SSH-CONN** - Connection Protocol. |
| SSH-2 differs from SSH-1 mainly in the authentication phase. | SSH-2 differs from SSH-1 mainly in the authentication phase. | ||
| Ligne 2185: | Ligne 2175: | ||
| There are three authentication methods: | There are three authentication methods: | ||
| - | * By **asymmetric | + | |
| - | * Identical to SSH-1 except with the DSA algorithm, | + | * **%%RhostsRSA%%**, |
| - | * **%%RhostsRSA%%**, | + | * Using a **password**. |
| - | * By **password**. | + | |
| - | ==Command | + | ==Command |
| - | The options | + | The command line switches |
| < | < | ||
| Ligne 2198: | Ligne 2187: | ||
| unknown option -- - | unknown option -- - | ||
| usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] | usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] | ||
| - | [-b bind_address] [-c cipher_spec] [-D [bind_address: | + | [-b bind_address] [-c cipher_spec] [-D [bind_address: |
| - | [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] | + | |
| - | [-i identity_file] [-J [user@]host[: | + | |
| - | [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] | + | |
| - | [-Q query_option] [-R address] [-S ctl_path] [-W host: | + | |
| - | [-w local_tun[: | + | |
| </ | </ | ||
| - | ===Password | + | ===Password |
| The user provides the ssh client with a password. The ssh client transmits it securely to the ssh server and then the server checks the password and accepts it or not. | The user provides the ssh client with a password. The ssh client transmits it securely to the ssh server and then the server checks the password and accepts it or not. | ||
| Advantages: | Advantages: | ||
| - | * No asymmetric key configuration required. | + | |
| + | | ||
| Disadvantages: | Disadvantages: | ||
| - | * The user must provide a login and password for each connection, | ||
| - | * Less secure than an asymmetric key system. | ||
| - | ===Asymmetric | + | * The user must provide a login and password for each connection, |
| + | * Less secure than asymmetric keys. | ||
| + | |||
| + | ===Asymmetric | ||
| - | * The **client** sends the server an asymmetric key authentication request containing the key module to be used, | + | * The **client** sends the server an asymmetric key authentication request containing the key module to be used, |
| - | * The **server** looks for a match for this module in the **~/ | + | |
| - | * If no match is found, the server terminates communication, | + | |
| - | * If a match is not found, the server generates a 256-bit random string called a **challenge** and encrypts it with the client' | + | |
| - | * The **client** receives the challenge and decrypts it using the private part of its key. It combines the challenge with the session identifier and encrypts the result. It then sends the encrypted result to the server. | + | |
| - | * The **server** generates the same hash and compares it with the one received from the client. If the two hashes are identical, authentication is successful. | + | |
| ===Server Configuration=== | ===Server Configuration=== | ||
| Ligne 2232: | Ligne 2223: | ||
| < | < | ||
| [root@redhat9 ~]# cat / | [root@redhat9 ~]# cat / | ||
| - | # $OpenBSD: sshd_config, | + | # |
| - | # This is the sshd server system-wide configuration file. See | + | # This is the sshd server system-wide configuration file. See |
| # sshd_config(5) for more information. | # sshd_config(5) for more information. | ||
| Ligne 2241: | Ligne 2232: | ||
| # The strategy used for options in the default sshd_config shipped with | # The strategy used for options in the default sshd_config shipped with | ||
| # OpenSSH is to specify options with their default value where | # OpenSSH is to specify options with their default value where | ||
| - | # possible, but leave them commented. Uncommented options override the | + | # possible, but leave them commented. |
| # default value. | # default value. | ||
| - | # To modify the system-wide sshd configuration, | + | # To modify the system-wide sshd configuration, |
| - | # / | + | # / |
| Include / | Include / | ||
| Ligne 2280: | Ligne 2271: | ||
| # The default is to check both .ssh/ | # The default is to check both .ssh/ | ||
| # but this is overridden so installations will only check .ssh/ | # but this is overridden so installations will only check .ssh/ | ||
| - | AuthorizedKeysFile .ssh/ | + | AuthorizedKeysFile |
| # | # | ||
| Ligne 2316: | Ligne 2307: | ||
| # | # | ||
| - | # Set this to ‘yes’ to enable PAM authentication, | + | # Set this to 'yes' |
| # and session processing. If this is enabled, PAM authentication will | # and session processing. If this is enabled, PAM authentication will | ||
| # be allowed through the KbdInteractiveAuthentication and | # be allowed through the KbdInteractiveAuthentication and | ||
| - | # PasswordAuthentication. Depending on your PAM configuration, | + | # PasswordAuthentication. |
| # PAM authentication via KbdInteractiveAuthentication may bypass | # PAM authentication via KbdInteractiveAuthentication may bypass | ||
| - | # the setting of ‘PermitRootLogin without-password’. | + | # the setting of "PermitRootLogin without-password". |
| # If you just want the PAM account and session checks to run without | # If you just want the PAM account and session checks to run without | ||
| # PAM authentication, | # PAM authentication, | ||
| - | # and KbdInteractiveAuthentication to ‘no’. | + | # and KbdInteractiveAuthentication to 'no'. |
| - | # WARNING: | + | # WARNING: |
| # problems. | # problems. | ||
| #UsePAM no | #UsePAM no | ||
| Ligne 2354: | Ligne 2345: | ||
| # override default of no subsystems | # override default of no subsystems | ||
| - | Subsystem sftp / | + | Subsystem |
| # Example of overriding settings on a per-user basis | # Example of overriding settings on a per-user basis | ||
| #Match User anoncvs | #Match User anoncvs | ||
| - | # X11Forwarding no | + | # |
| - | # AllowTcpForwarding no | + | # |
| - | # PermitTTY no | + | # |
| - | # ForceCommand cvs server | + | # |
| </ | </ | ||
| - | To remove the comment lines in this file, use the following command: | ||
| - | |||
| - | < | ||
| - | [root@redhat9 ~]# cd /tmp ; grep -E -v ‘^(# | ||
| - | |||
| - | [root@redhat9 tmp]# cat sshd_config | ||
| - | Include / | ||
| - | AuthorizedKeysFile .ssh/ | ||
| - | Subsystem sftp / | ||
| - | </ | ||
| To secure the ssh server, add or modify the following directives : | To secure the ssh server, add or modify the following directives : | ||
| Ligne 2411: | Ligne 2392: | ||
| X11Forwarding no | X11Forwarding no | ||
| Include / | Include / | ||
| - | AuthorizedKeysFile .ssh/ | + | AuthorizedKeysFile |
| - | Subsystem sftp / | + | Subsystem |
| </ | </ | ||
| Ligne 2435: | Ligne 2416: | ||
| [root@redhat9 tmp]# systemctl status sshd | [root@redhat9 tmp]# systemctl status sshd | ||
| ● sshd.service - OpenSSH server daemon | ● sshd.service - OpenSSH server daemon | ||
| - | Loaded: loaded (/ | + | Loaded: loaded (/ |
| - | Active: active (running) since Sun 2024-09-29 14:06:49 CEST; 9s ago | + | |
| - | Docs: man: | + | |
| - | man: | + | |
| - | Main PID: 5560 (sshd) | + | |
| - | Tasks: 1 (limit: 48800) | + | Tasks: 1 (limit: 48800) |
| - | Memory: 1.4M | + | |
| - | CPU: 13ms | + | CPU: 13ms |
| - | CGroup: / | + | |
| - | └─5560 | + | |
| Sep 29 14:06:49 redhat9.ittraining.loc systemd[1]: Starting OpenSSH server daemon... | Sep 29 14:06:49 redhat9.ittraining.loc systemd[1]: Starting OpenSSH server daemon... | ||
| Ligne 2478: | Ligne 2459: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +---[DSA 1024]----+ | +---[DSA 1024]----+ | ||
| - | | +o++o| | + | | +o++o| |
| - | | . o o+..| | + | | . o o+..| |
| - | | o . .. +.| | + | | |
| - | |. E . . . o.+| | + | |. E . |
| - | |.. + . .S . + oo| | + | |.. + . .S . + oo| |
| - | |*.* B . . . .| | + | |*.* B . |
| - | |oX.* + | | + | |oX.* + |
| - | |o *o+ o | | + | |o *o+ o | |
| - | | +++.+ | | + | | +++.+ |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| </ | </ | ||
| Ligne 2506: | Ligne 2487: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +---[RSA 3072]----+ | +---[RSA 3072]----+ | ||
| - | | ...==o.oo.o.+o| | + | | |
| - | | o.+= = E.=.o| | + | | o.+= = E.=.o| |
| - | | o +o.*.o .+.= | | + | | |
| - | | o.o*o.ooo.+ | | + | | o.o*o.ooo.+ |
| - | | ...S ++ . | | + | | |
| - | | . . * | | + | | |
| - | | . * | | + | | . * | |
| - | | o | | + | | |
| - | | | | + | | |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| Ligne 2530: | Ligne 2511: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +---[ECDSA 256]---+ | +---[ECDSA 256]---+ | ||
| - | | ..=== .E | | + | | |
| - | | +.o = . | | + | | +.o = . | |
| - | | . + = o | | + | | . |
| - | |o. . O o | | + | |o. .. O o | |
| - | |+ =o.= +S. | | + | |+ =o.= +S. |
| - | |.Bo+* ..o | | + | |.Bo+* ..o | |
| - | |+.o+.++ . | | + | |+.o+.++ |
| - | |. o+=. | | + | |. o+=. | |
| - | |o..oo . | | + | |o..oo .. | |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| Ligne 2554: | Ligne 2535: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +--[ED25519 256]--+ | +--[ED25519 256]--+ | ||
| - | | E.....o.o.. | | + | | E.....o.o.. |
| - | | o.o .o+o | | + | | o.o .o+o |
| - | | = B. . | | + | | |
| - | | + +.= o . | | + | | + +.= o . | |
| - | | +S* +. +o.| | + | | |
| - | | . . o.=o.+ ++| | + | | . . o.=o.+ ++| |
| - | | o o =o+..o.o| | + | | |
| - | | o o .oo ...| | + | | o o .oo ...| |
| - | | .o . | | + | | .o . | |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| </ | </ | ||
| - | Generated public keys have the **.pub** extension. Private keys do not have a : | + | Generated public keys have the **.pub** extension. Private keys do not have a file extension: |
| < | < | ||
| [root@redhat9 tmp]# ls /etc/ssh | [root@redhat9 tmp]# ls /etc/ssh | ||
| - | moduli ssh_config.d sshd_config.d ssh_host_dsa_key ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key | + | moduli |
| - | ssh_config sshd_config sshd_config.old ssh_host_dsa_key.pub ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub | + | ssh_config |
| </ | </ | ||
| - | Then restart the sshd service: | + | Now restart the sshd service: |
| < | < | ||
| Ligne 2581: | Ligne 2562: | ||
| [root@redhat9 tmp]# systemctl status sshd.service | [root@redhat9 tmp]# systemctl status sshd.service | ||
| ● sshd.service - OpenSSH server daemon | ● sshd.service - OpenSSH server daemon | ||
| - | Loaded: loaded (/ | + | Loaded: loaded (/ |
| - | Active: active (running) since Sun 2024-09-29 14:14:14 CEST; 13s ago | + | |
| - | Docs: man: | + | |
| - | man: | + | |
| - | Main PID: 5583 (sshd) | + | |
| - | Tasks: 1 (limit: 48800) | + | Tasks: 1 (limit: 48800) |
| - | Memory: 1.3M | + | |
| - | CPU: 12ms | + | CPU: 12ms |
| - | CGroup: / | + | |
| - | └─5583 | + | |
| Sep 29 14:14:14 redhat9.ittraining.loc systemd[1]: sshd.service: | Sep 29 14:14:14 redhat9.ittraining.loc systemd[1]: sshd.service: | ||
| Ligne 2615: | Ligne 2596: | ||
| Generating public/ | Generating public/ | ||
| Enter file in which to save the key (/ | Enter file in which to save the key (/ | ||
| - | Created directory | + | Created directory |
| Enter passphrase (empty for no passphrase): | Enter passphrase (empty for no passphrase): | ||
| Enter same passphrase again: | Enter same passphrase again: | ||
| Ligne 2624: | Ligne 2605: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +---[DSA 1024]----+ | +---[DSA 1024]----+ | ||
| - | | ...+o..... | | + | | |
| - | | .... +. . | | + | | .... +. . |
| - | | . o = . | | + | | |
| - | | .o o * + | | + | | .o o * + |
| - | | =.* S = | | + | | =.* S = | |
| - | | o.% o . | | + | | |
| - | | E.B o . | | + | | E.B o . | |
| - | | = =o= . | | + | | |
| - | | .**Boo | | + | | |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| Ligne 2646: | Ligne 2627: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +---[RSA 3072]----+ | +---[RSA 3072]----+ | ||
| - | | . | | + | | . | |
| - | | + | | + | | |
| - | | . + . | | + | | . + . | |
| - | | o o . | | + | | |
| - | | . S.. o | | + | | . |
| - | | . o+*.+ * . | | + | | |
| - | | o .o++X = = | | + | | |
| - | | o oo=.o@ E . *.| | + | | o oo=.o@ E . *.| |
| - | | oo=+=* . o*| | + | | |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| Ligne 2668: | Ligne 2649: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +---[ECDSA 256]---+ | +---[ECDSA 256]---+ | ||
| - | | .=Bo | | + | | |
| - | | ..o+ . | | + | | ..o+ |
| - | | .+ + +| | + | | |
| - | | . = * E +o| | + | | |
| - | | .S.* O = o| | + | | |
| - | | ..o=.* =. .| | + | | ..o=.* =. .| |
| - | | o..+ =. o | | + | | |
| - | | .. .B o | | + | | .. .B o | |
| - | | .. o... | | + | | |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| Ligne 2690: | Ligne 2671: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +--[ED25519 256]--+ | +--[ED25519 256]--+ | ||
| - | |== ooo+o..E | | + | |== ooo+o..E |
| - | |ooo.==o.o+ | | + | |ooo.==o.o+ |
| - | | =++o.o o. | | + | | =++o.o o. | |
| - | | o o. = = | | + | | o o. = = | |
| - | | o BS | | + | | |
| - | | ..+.+. | | + | | ..+.+. |
| - | | .o+o..= | | + | | .o+o..= |
| - | | o.o oo+ | | + | | |
| - | | . ++ | | + | | . |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| </ | </ | ||
| Ligne 2709: | Ligne 2690: | ||
| </ | </ | ||
| - | ===SSH | + | ===SSH |
| - | The SSH protocol can be used to secure protocols such as telnet, pop3 and so on. In fact, you can create an SSH //tunnel// through which unsecured protocol communications pass. | + | The SSH protocol can be used to secure protocols such as telnet, pop3 and so on. You can create an SSH //tunnel// through which unsecured protocol communications pass. |
| The command to create an ssh tunnel takes the following form: | The command to create an ssh tunnel takes the following form: | ||
| - | ssh -N -f account@host -Local_port: | + | |
| In your case, you are going to create a tunnel in your own vm between port 15023 and port 23 : | In your case, you are going to create a tunnel in your own vm between port 15023 and port 23 : | ||
| Ligne 2721: | Ligne 2702: | ||
| < | < | ||
| [trainee@redhat9 ~]$ ssh -N -f trainee@localhost -L15023: | [trainee@redhat9 ~]$ ssh -N -f trainee@localhost -L15023: | ||
| - | The authenticity of host ‘localhost (::1)’ can't be established. | + | The authenticity of host 'localhost (::1)' |
| ED25519 key fingerprint is SHA256: | ED25519 key fingerprint is SHA256: | ||
| This key is not known by any other names | This key is not known by any other names | ||
| Are you sure you want to continue connecting (yes/ | Are you sure you want to continue connecting (yes/ | ||
| - | Warning: Permanently added ‘localhost’ (ED25519) to the list of known hosts. | + | Warning: Permanently added 'localhost' |
| \S | \S | ||
| Kernel \r on an \m | Kernel \r on an \m | ||
| Ligne 2741: | Ligne 2722: | ||
| Dependencies resolved. | Dependencies resolved. | ||
| ================================================================================================================================================================================================================== | ================================================================================================================================================================================================================== | ||
| - | Package Architecture Version Repository Size | + | Package |
| ================================================================================================================================================================================================================== | ================================================================================================================================================================================================================== | ||
| Installing: | Installing: | ||
| - | telnet-server x86_64 1: | + | telnet-server |
| Transaction Summary | Transaction Summary | ||
| ================================================================================================================================================================================================================== | ================================================================================================================================================================================================================== | ||
| - | Install 1 Package | + | Install |
| Total download size: 41 k | Total download size: 41 k | ||
| Ligne 2754: | Ligne 2735: | ||
| Is this ok [y/N]: y | Is this ok [y/N]: y | ||
| Downloading Packages: | Downloading Packages: | ||
| - | telnet-server-0.17-85.el9.x86_64.rpm 145 kB/s | 41 kB 00:00 | + | telnet-server-0.17-85.el9.x86_64.rpm |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ||
| - | Total 144 kB/s | 41 kB 00:00 | + | Total |
| Running transaction check | Running transaction check | ||
| Transaction check succeeded. | Transaction check succeeded. | ||
| Ligne 2762: | Ligne 2743: | ||
| Transaction test succeeded. | Transaction test succeeded. | ||
| Running transaction | Running transaction | ||
| - | Preparing : 1/1 | + | |
| - | Installing : telnet-server-1: | + | Installing |
| - | Running scriptlet: telnet-server-1: | + | Running scriptlet: telnet-server-1: |
| - | Verifying : telnet-server-1: | + | Verifying |
| Installed products updated. | Installed products updated. | ||
| Installed: | Installed: | ||
| - | telnet-server-1: | + | |
| Complete! | Complete! | ||
| Ligne 2779: | Ligne 2760: | ||
| [root@redhat9 ~]# systemctl status telnet.socket | [root@redhat9 ~]# systemctl status telnet.socket | ||
| ○ telnet.socket - Telnet Server Activation Socket | ○ telnet.socket - Telnet Server Activation Socket | ||
| - | Loaded: loaded (/ | + | Loaded: loaded (/ |
| - | Active: inactive (dead) | + | |
| - | Docs: man: | + | |
| - | Listen: [::]:23 (Stream) | + | |
| - | Accepted: 0; Connected: 0; | + | |
| [root@redhat9 ~]# systemctl start telnet.socket | [root@redhat9 ~]# systemctl start telnet.socket | ||
| Ligne 2789: | Ligne 2770: | ||
| [root@redhat9 ~]# systemctl status telnet.socket | [root@redhat9 ~]# systemctl status telnet.socket | ||
| ● telnet.socket - Telnet Server Activation Socket | ● telnet.socket - Telnet Server Activation Socket | ||
| - | Loaded: loaded (/ | + | Loaded: loaded (/ |
| - | Active: active (listening) since Sun 2024-09-29 14:19:51 CEST; 13s ago | + | |
| - | Until: Sun 2024-09-29 14:19:51 CEST; 13s ago | + | Until: Sun 2024-09-29 14:19:51 CEST; 13s ago |
| - | Docs: man: | + | |
| - | Listen: [::]:23 (Stream) | + | |
| - | Accepted: 0; Connected: 0; | + | |
| - | Tasks: 0 (limit: 48800) | + | Tasks: 0 (limit: 48800) |
| - | Memory: 8.0K | + | |
| - | CPU: 700us | + | CPU: 700us |
| - | CGroup: / | + | |
| Sep 29 14:19:51 redhat9.ittraining.loc systemd[1]: Listening on Telnet Server Activation Socket. | Sep 29 14:19:51 redhat9.ittraining.loc systemd[1]: Listening on Telnet Server Activation Socket. | ||
| Ligne 2805: | Ligne 2786: | ||
| </ | </ | ||
| - | Then connect via telnet to port 15023, and you will see that your connection is not successful: | + | Then connect via telnet to port 15023: |
| < | < | ||
| Ligne 2811: | Ligne 2792: | ||
| Trying ::1... | Trying ::1... | ||
| Connected to localhost. | Connected to localhost. | ||
| - | Escape character is ‘^]’. | + | Escape character is '^]'. |
| Kernel 5.14.0-427.37.1.el9_4.x86_64 on an x86_64 | Kernel 5.14.0-427.37.1.el9_4.x86_64 on an x86_64 | ||
| Ligne 2831: | Ligne 2812: | ||
| ====3.5 - SCP==== | ====3.5 - SCP==== | ||
| - | ===Introduction=== | + | ===Overview=== |
| The **scp** command is the successor and replacement for the **rcp** command in the **remote** command family. It is used to make secure transfers from a remote machine: | The **scp** command is the successor and replacement for the **rcp** command in the **remote** command family. It is used to make secure transfers from a remote machine: | ||
| - | $ scp account@numero_ip(machine_name):/ | + | |
| or to a remote machine : | or to a remote machine : | ||
| - | $ scp /path_local/file_local | + | |
| - | ===Using=== | + | ===Usage=== |
| - | We are now going to use **scp** to search for a file on the << | + | We are now going to use **scp** to download |
| Create the file **/ | Create the file **/ | ||
| Ligne 2861: | Ligne 2842: | ||
| < | < | ||
| [root@redhat9 ~]# scp trainee@127.0.0.1:/ | [root@redhat9 ~]# scp trainee@127.0.0.1:/ | ||
| - | The authenticity of host ‘127.0.0.1 (127.0.0.1)’ can't be established. | + | The authenticity of host '127.0.0.1 (127.0.0.1)' |
| ED25519 key fingerprint is SHA256: | ED25519 key fingerprint is SHA256: | ||
| This key is not known by any other names | This key is not known by any other names | ||
| Are you sure you want to continue connecting (yes/ | Are you sure you want to continue connecting (yes/ | ||
| - | Warning: Permanently added ‘127.0.0.1’ (ED25519) to the list of known hosts. | + | Warning: Permanently added '127.0.0.1' |
| \S | \S | ||
| Kernel \r on an \m | Kernel \r on an \m | ||
| Ligne 2872: | Ligne 2853: | ||
| [root@redhat9 ~]# ls -l | [root@redhat9 ~]# ls -l | ||
| total 2042944 | total 2042944 | ||
| - | -rw-------. 1 root root 1226 Oct 19 2023 anaconda-ks.cfg | + | -rw-------. 1 root root 1226 Oct 19 2023 anaconda-ks.cfg |
| - | -rw-r--r--. 1 trainee trainee 2091941797 Oct 19 2023 ansible-automation-platform-setup-bundle-2.4-2.2-x86_64.tar.gz | + | -rw-r--r--. 1 trainee trainee 2091941797 Oct 19 2023 ansible-automation-platform-setup-bundle-2.4-2.2-x86_64.tar.gz |
| - | -rw-r--r--. 1 root root 64 Sep 27 08:24 device.map | + | -rw-r--r--. 1 root root 64 Sep 27 08:24 device.map |
| - | -rw-------. 1 root root 7118 Sep 27 08:24 grub.cfg | + | -rw-------. 1 root root 7118 Sep 27 08:24 grub.cfg |
| - | drwxr-xr-x. 3 root root 21 Oct 19 2023 home | + | drwxr-xr-x. 3 root root 21 Oct 19 2023 home |
| - | -rw-r--r--. 1 root root 98 Sep 27 08:23 montages.list | + | -rw-r--r--. 1 root root 98 Sep 27 08:23 montages.list |
| - | -rw-r--r--. 1 root root 2109 Sep 25 16:20 passwd | + | -rw-r--r--. 1 root root 2109 Sep 25 16:20 passwd |
| - | -rw-r--r--. 1 root root 0 Sep 29 14:24 scp-test | + | -rw-r--r--. 1 root root |
| - | -rw-r--r--. 1 root root 457 Sep 27 08:22 structure.list | + | -rw-r--r--. 1 root root |
| - | -rw-r--r--. 1 root root 46 Sep 29 13:56 ‘wget_file.txt? | + | -rw-r--r--. 1 root root 46 Sep 29 13:56 'wget_file.txt? |
| </ | </ | ||
| - | ====3.6 - Setting up asymmetric keys==== | + | ====3.6 - Setting up Asymmetric Keys==== |
| We now need to connect to the << | We now need to connect to the << | ||
| Ligne 2898: | Ligne 2879: | ||
| [trainee@redhat9 ~]$ ls -la | grep .ssh | [trainee@redhat9 ~]$ ls -la | grep .ssh | ||
| - | -rw-------. 1 trainee trainee 20 Sep 25 15:18 .lesshst | + | -rw-------. |
| - | drwx------. 2 trainee trainee 188 Sep 29 14:18 .ssh | + | drwx------. |
| </ | </ | ||
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| - | **Important** - If the remote .ssh folder does not exist in the connected | + | **Important** - If the remote .ssh folder does not exist in the user's home directory, it must be created with 700 file permissions. In your case, since your machine is the server **and** the client, the / |
| </ | </ | ||
| Ligne 2917: | Ligne 2898: | ||
| [trainee@redhat9 ~]$ scp .ssh/ | [trainee@redhat9 ~]$ scp .ssh/ | ||
| - | The authenticity of host ‘127.0.0.1 (127.0.0.1)’ can't be established. | + | The authenticity of host '127.0.0.1 (127.0.0.1)' |
| ED25519 key fingerprint is SHA256: | ED25519 key fingerprint is SHA256: | ||
| This host key is known by the following other names/ | This host key is known by the following other names/ | ||
| - | ~/ | + | |
| Are you sure you want to continue connecting (yes/ | Are you sure you want to continue connecting (yes/ | ||
| - | Warning: Permanently added ‘127.0.0.1’ (ED25519) to the list of known hosts. | + | Warning: Permanently added '127.0.0.1' |
| \S | \S | ||
| Kernel \r on an \m | Kernel \r on an \m | ||
| trainee@127.0.0.1' | trainee@127.0.0.1' | ||
| - | id_ecdsa.pub 100% 192 427.3KB/s 00:00 | + | id_ecdsa.pub |
| </ | </ | ||
| Ligne 2942: | Ligne 2923: | ||
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| - | **Important** - When connecting to the server, authentication uses the asymmetric key pair in ecdsa format and no password is required. | + | **Important** - When connecting to the server, |
| </ | </ | ||
| Ligne 2951: | Ligne 2932: | ||
| [trainee@redhat9 .ssh]$ ls | [trainee@redhat9 .ssh]$ ls | ||
| - | authorized_keys id_dsa id_dsa.pub id_ecdsa id_ecdsa.pub id_ed25519 id_ed25519.pub id_rsa id_rsa.pub known_hosts known_hosts.old | + | authorized_keys |
| [trainee@redhat9 .ssh]$ cat authorized_keys | [trainee@redhat9 .ssh]$ cat authorized_keys | ||
| Ligne 2964: | Ligne 2945: | ||
| [trainee@redhat9 .ssh]$ cat authorized_keys | [trainee@redhat9 .ssh]$ cat authorized_keys | ||
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGJIMNJ1m+xIpYzfYwK7VpdCI9inhQx3wptO+z4Xsl3XYcb+WIXsEsJpKSyQnOv98HmfZVJWcqXaSBkE5mskFGI= trainee@redhat9.ittraining.loc | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGJIMNJ1m+xIpYzfYwK7VpdCI9inhQx3wptO+z4Xsl3XYcb+WIXsEsJpKSyQnOv98HmfZVJWcqXaSBkE5mskFGI= trainee@redhat9.ittraining.loc | ||
| - | ssh- rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSBgNBWkHU0UWXablPEQLRXjcdG7WYN0651bSh122wAMpMo5j3Jjlxm+tCKILpU5kjmpLIC+YCVw3nNr2e8RxIucxfEy1NIXrrCS0Ps3t5zsdsta/ | + | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSBgNBWkHU0UWXablPEQLRXjcdG7WYN0651bSh122wAMpMo5j3Jjlxm+tCKILpU5kjmpLIC+YCVw3nNr2e8RxIucxfEy1NIXrrCS0Ps3t5zsdsta/ |
| - | ssh- dss AAAAB3NzaC1kc3MAAACBAOlvM/ | + | ssh-dss AAAAB3NzaC1kc3MAAACBAOlvM/ |
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzhdX1reo1vStZd/ | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzhdX1reo1vStZd/ | ||
