Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
| elearning:workbooks:redhat:rh124en:l112 [2024/11/12 12:58] – admin | elearning:workbooks:redhat:rh124en:l112 [2024/11/29 08:45] (Version actuelle) – admin | ||
|---|---|---|---|
| Ligne 34: | Ligne 34: | ||
| * 1.2 - Name Resolution | * 1.2 - Name Resolution | ||
| * 1.3 - Adding a Second IP Address to a Profile | * 1.3 - Adding a Second IP Address to a Profile | ||
| - | * 1.4 - The hostname | + | * 1.4 - The hostname |
| - | * 1.5 - The ip command | + | * 1.5 - The ip Command |
| - | * 1.6 - Manually | + | * 1.6 - Manually |
| - | * 1.7 - Static | + | * 1.7 - Static |
| - | * The ip command | + | * The ip Command |
| - | * Enabling/ | + | * Enable Routing |
| * LAB #2 - Network diagnostics | * LAB #2 - Network diagnostics | ||
| * 2.1 - ping | * 2.1 - ping | ||
| Ligne 53: | Ligne 53: | ||
| * SSH-1 | * SSH-1 | ||
| * SSH-2 | * SSH-2 | ||
| - | * Password | + | * Password |
| - | * Asymmetric key authentication | + | * Asymmetric key Authentication |
| - | * Server | + | * Server |
| - | * Client | + | * Client |
| - | * SSH tunnels | + | * SSH Tunnels |
| * 3.5 - SCP | * 3.5 - SCP | ||
| * Overview | * Overview | ||
| * Usage | * Usage | ||
| - | * 3.6 - Setting up asymmetric keys | + | * 3.6 - Setting up Asymmetric Keys |
| =====Understanding IPv4===== | =====Understanding IPv4===== | ||
| Ligne 67: | Ligne 67: | ||
| ==== TCP headers ==== | ==== TCP headers ==== | ||
| - | The TCP header is encoded | + | The TCP header is encoded |
| ^ 1st byte ^ 2nd byte ^ 3rd byte ^ 4th byte ^ | ^ 1st byte ^ 2nd byte ^ 3rd byte ^ 4th byte ^ | ||
| Ligne 99: | Ligne 99: | ||
| ==== UDP headers ==== | ==== UDP headers ==== | ||
| - | The UDP header is encoded | + | The UDP header is encoded |
| ^ 1st byte ^ 2nd byte ^ 3rd byte ^ 4th byte ^ | ^ 1st byte ^ 2nd byte ^ 3rd byte ^ 4th byte ^ | ||
| Ligne 105: | Ligne 105: | ||
| | Length | | Length | ||
| | Data |||| | | Data |||| | ||
| - | |||
| - | The UDP header is 8 bytes long. | ||
| ==== Fragmentation and Re-encapsulation ==== | ==== Fragmentation and Re-encapsulation ==== | ||
| Ligne 157: | Ligne 155: | ||
| | IP address | | IP address | ||
| | Binary | | Binary | ||
| - | | Calculation of network address | + | | Calculation of the network address |
| | Binary | | Binary | ||
| | Network address | | Network address | ||
| - | | Calculation of broadcast address | + | | Calculation of the broadcast address |
| | Binary | 11000000 | 10101000 | | Binary | 11000000 | 10101000 | ||
| | Broadcast address | | Broadcast address | ||
| Ligne 166: | Ligne 164: | ||
| ==== Subnet Masks ==== | ==== Subnet Masks ==== | ||
| - | Like the IP address, the subnet mask has 4 octets | + | Like the IP address, the subnet mask has 4 bytes or 32 bits. Subnet masks are used to identify the Net ID and Host ID: |
| ^ Class ^ Mask ^ CIDR notation | ^ Class ^ Mask ^ CIDR notation | ||
| Ligne 203: | Ligne 201: | ||
| | Network address | | Network address | ||
| - | Since the network address is identical in both cases, the sending host assumes that the destination host is on its network and sends the packets directly to the network | + | Since the network address is identical in both cases, the sending host assumes that the destination host is on its network and sends the packets directly to the network. |
| The sending host is now trying to communicate with a host with an IP address of 192.168.2.1. It therefore performs the same calculation by applying **its own subnet mask** to the IP address of the destination host: | The sending host is now trying to communicate with a host with an IP address of 192.168.2.1. It therefore performs the same calculation by applying **its own subnet mask** to the IP address of the destination host: | ||
| Ligne 215: | Ligne 213: | ||
| | Network address | | Network address | ||
| - | In this case, the sending host finds that the destination network 192.168.2.0 is not identical to its own network 192.168.10.0. It therefore | + | In this case, the sending host finds that the destination network 192.168.2.0 is not identical to its own network 192.168.10.0. It therefore |
| ==== VLSM ==== | ==== VLSM ==== | ||
| Ligne 250: | Ligne 248: | ||
| We can use the following two subnets: | We can use the following two subnets: | ||
| - | * 192.168.1.01XXXXXX | + | |
| - | * 192.168.1.10XXXXXX | + | * 192.168.1.10XXXXXX |
| For the first subnet, the network address and broadcast address are : | For the first subnet, the network address and broadcast address are : | ||
| Ligne 259: | Ligne 257: | ||
| | Binary | | Binary | ||
| | Network address | | | Network address | | ||
| - | | Calculation of broadcast address | + | | Calculation of the broadcast address |
| | Binary | | | Binary | | ||
| | Broadcast address| | | Broadcast address| | ||
| Ligne 274: | Ligne 272: | ||
| | Binary | | Binary | ||
| | Network address | | | Network address | | ||
| - | | Calculation of broadcast address | + | | Calculation of the broadcast address |
| | Binary | | | Binary | | ||
| | Broadcast address| | | Broadcast address| | ||
| Ligne 566: | Ligne 564: | ||
| An IPv6 address is a 128-bit number, normally expressed as eight groups of four hexadecimal **nibbles** (half-bytes) separated by a colon. Each nibble represents four bits of the IPv6 address, so that each group represents 16 bits of the IPv6 address. | An IPv6 address is a 128-bit number, normally expressed as eight groups of four hexadecimal **nibbles** (half-bytes) separated by a colon. Each nibble represents four bits of the IPv6 address, so that each group represents 16 bits of the IPv6 address. | ||
| - | 2001: | + | |
| - | To make it easier to write IPv6 addresses, it is not necessary to write zeros at the head of a group separated by a colon. However, at least one hexadecimal digit must be written in each group separated by a colon: | + | To make it easier to write IPv6 addresses, it is not necessary to write zeros at the start of a group separated by a colon. However, at least one hexadecimal digit must be written in each group separated by a colon: |
| 2001: | 2001: | ||
| Ligne 577: | Ligne 575: | ||
| * Remove leading zeros in a group. | * Remove leading zeros in a group. | ||
| - | * Use : : to shorten as much as possible. | + | * Use : : to shorten |
| - | * If an address contains two consecutive groups of zeros of the same length, it is preferable to shorten the leftmost groups of zeros to : : and the rightmost groups | + | * If an address contains two consecutive groups of zeros of the same length, it is preferable to shorten the leftmost groups of zeros to : : and the rightmost groups |
| * Although permitted, do not use :: to shorten a group of zeros. Instead, use :0 : and keep : : for consecutive groups of zeros. | * Although permitted, do not use :: to shorten a group of zeros. Instead, use :0 : and keep : : for consecutive groups of zeros. | ||
| * Always use lower case letters for hexadecimal numbers from a to f. | * Always use lower case letters for hexadecimal numbers from a to f. | ||
| Ligne 593: | Ligne 591: | ||
| * The network prefix, | * The network prefix, | ||
| - | | + | |
| * The interface identifier, | * The interface identifier, | ||
| - | | + | |
| - | * An interface identifier identifies a particular interface on the subnet. | + | * An interface identifier identifies a particular interface on the subnet. |
| ====Subnet Masks==== | ====Subnet Masks==== | ||
| Ligne 669: | Ligne 667: | ||
| In summary, the host sends a DHCPv6 request to the multicast address **all-dhcp-servers**, | In summary, the host sends a DHCPv6 request to the multicast address **all-dhcp-servers**, | ||
| - | =====Configure | + | =====Configuring the Network===== |
| RHEL 9 uses **Network Manager** to manage the network. Network Manager has two components: | RHEL 9 uses **Network Manager** to manage the network. Network Manager has two components: | ||
| - | * a service that manages network connections and reports their status, | + | |
| - | * front-ends that use an API to configure the service. | + | * front-ends that use an API to configure the service. |
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| Ligne 685: | Ligne 683: | ||
| [root@redhat9 ~]# systemctl status NetworkManager.service | [root@redhat9 ~]# systemctl status NetworkManager.service | ||
| ● NetworkManager.service - Network Manager | ● NetworkManager.service - Network Manager | ||
| - | Loaded: loaded (/ | + | Loaded: loaded (/ |
| - | Active: active (running) since Sat 2024-09-28 15:37:17 CEST; 20h ago | + | |
| - | Docs: man: | + | |
| - | Main PID: 857 (NetworkManager) | + | |
| - | Tasks: 3 (limit: 48800) | + | Tasks: 3 (limit: 48800) |
| - | Memory: 12.0M | + | |
| - | CPU: 1.834s | + | CPU: 1.834s |
| - | CGroup: / | + | |
| - | └─857 / | + | |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:18 redhat9.ittraining.loc NetworkManager[857]: |
| - | Sep 28 15:37:29 redhat9.ittraining.loc NetworkManager[857]: | + | Sep 28 15:37:29 redhat9.ittraining.loc NetworkManager[857]: |
| </ | </ | ||
| Ligne 711: | Ligne 709: | ||
| The **nmcli** (Network Manager Command Line Interface) command is used to configure NetworkManager. | The **nmcli** (Network Manager Command Line Interface) command is used to configure NetworkManager. | ||
| - | Options | + | Command line switches |
| < | < | ||
| Ligne 718: | Ligne 716: | ||
| OPTIONS | OPTIONS | ||
| - | -a, --ask ask for missing parameters | + | |
| - | -c, --colors auto|yes|no whether to use colors in output | + | -c, --colors auto|yes|no |
| - | -e, --escape yes|no escape columns separators in values | + | -e, --escape yes|no |
| - | -f, --fields < | + | -f, --fields < |
| - | -g, --get-values < | + | -g, --get-values < |
| - | -h, --help print this help | + | -h, --help |
| - | -m, --mode tabular|multiline output mode | + | -m, --mode tabular|multiline |
| - | -o, --overview overview mode | + | -o, --overview |
| - | -p, --pretty pretty output | + | -p, --pretty |
| - | -s, --show-secrets allow displaying passwords | + | -s, --show-secrets |
| - | -t, --terse terse output | + | -t, --terse |
| - | -v, --version show program version | + | -v, --version |
| - | -w, --wait < | + | -w, --wait < |
| OBJECT | OBJECT | ||
| - | g[eneral] NetworkManager' | + | |
| - | n[etworking] overall networking control | + | n[etworking] |
| - | r[adio] NetworkManager radio switches | + | r[adio] |
| - | c[onnection] NetworkManager' | + | c[onnection] |
| - | d[evice] devices managed by NetworkManager | + | d[evice] |
| - | a[gent] NetworkManager secret agent or polkit agent | + | a[gent] |
| - | m[onitor] monitor NetworkManager changes | + | m[onitor] |
| </ | </ | ||
| =====LAB #1 - Network Configuration===== | =====LAB #1 - Network Configuration===== | ||
| - | 001.1 - Connections and Profiles==== | + | ====1.1 - Connections and Profiles==== |
| NetworkManager includes the notion of **connections** or **profiles** allowing different configurations depending on the location. To view the current connections, | NetworkManager includes the notion of **connections** or **profiles** allowing different configurations depending on the location. To view the current connections, | ||
| Ligne 750: | Ligne 748: | ||
| < | < | ||
| [root@redhat9 ~]# nmcli c show | [root@redhat9 ~]# nmcli c show | ||
| - | NAME UUID TYPE DEVICE | + | NAME |
| - | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 ethernet ens18 | + | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 |
| - | lo 8df82174-1d45-4506-9248-6bfcd2d20240 loopback lo | + | lo |
| </ | </ | ||
| - | Create | + | Now create |
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection add con-name | + | [root@redhat9 ~]# nmcli connection add con-name |
| - | Connection | + | Connection |
| </ | </ | ||
| Ligne 766: | Ligne 764: | ||
| < | < | ||
| [root@redhat9 ~]# nmcli c show | [root@redhat9 ~]# nmcli c show | ||
| - | NAME UUID TYPE DEVICE | + | NAME |
| - | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 ethernet ens18 | + | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 |
| - | lo 8df82174-1d45-4506-9248-6bfcd2d20240 loopback lo | + | lo |
| - | ip_fix | + | ip_fixed |
| </ | </ | ||
| - | Note that the output does not indicate that the **ip_fix** profile is associated with the **ens18** device because the **ip_fix** profile is not enabled: | + | Note that the output does not indicate that the **ip_fixed** profile is associated with the **ens18** device because the **ip_fixed** profile is not enabled: |
| < | < | ||
| [root@redhat9 ~]# nmcli d show | [root@redhat9 ~]# nmcli d show | ||
| - | GENERAL.DEVICE: | + | GENERAL.DEVICE: |
| - | GENERAL.TYPE: | + | GENERAL.TYPE: |
| - | GENERAL.HWADDR: | + | GENERAL.HWADDR: |
| - | GENERAL.MTU: | + | GENERAL.MTU: |
| - | GENERAL.STATE: | + | GENERAL.STATE: |
| - | GENERAL.CONNECTION: | + | GENERAL.CONNECTION: |
| - | GENERAL.CON-PATH: | + | GENERAL.CON-PATH: |
| - | WIRED-PROPERTIES.CARRIER: | + | WIRED-PROPERTIES.CARRIER: |
| - | IP4.ADDRESS[1]: | + | IP4.ADDRESS[1]: |
| - | IP4.GATEWAY: | + | IP4.GATEWAY: |
| - | IP4.ROUTE[1]: | + | IP4.ROUTE[1]: |
| - | IP4.ROUTE[2]: | + | IP4.ROUTE[2]: |
| - | IP4.DNS[1]: 8.8.8.8 | + | IP4.DNS[1]: |
| - | IP6.ADDRESS[1]: | + | IP6.ADDRESS[1]: |
| - | IP6.GATEWAY: | + | IP6.GATEWAY: |
| - | IP6.ROUTE[1]: | + | IP6.ROUTE[1]: |
| - | GENERAL.DEVICE: | + | GENERAL.DEVICE: |
| - | GENERAL.TYPE: | + | GENERAL.TYPE: |
| - | GENERAL.HWADDR: | + | GENERAL.HWADDR: |
| - | GENERAL.MTU: | + | GENERAL.MTU: |
| - | GENERAL.STATE: | + | GENERAL.STATE: |
| - | GENERAL.CONNECTION: | + | GENERAL.CONNECTION: |
| - | GENERAL.CON-PATH: | + | GENERAL.CON-PATH: |
| - | IP4.ADDRESS[1]: | + | IP4.ADDRESS[1]: |
| - | IP4.GATEWAY: | + | IP4.GATEWAY: |
| - | IP6.ADDRESS[1]: | + | IP6.ADDRESS[1]: |
| - | IP6.GATEWAY: | + | IP6.GATEWAY: |
| - | IP6.ROUTE[1]: | + | IP6.ROUTE[1]: |
| </ | </ | ||
| - | To activate the ip_fix | + | To activate the ip_fixed |
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection up ip_fixe | + | [root@redhat9 ~]# nmcli connection up ip_fixed |
| </ | </ | ||
| Ligne 817: | Ligne 815: | ||
| <WRAP center round todo 60%> | <WRAP center round todo 60%> | ||
| - | **To do** - Return to the Guacamole home page and reconnect to the VM as a trainee using the **RedHat9_SSH_10.0.2.102** connection. | + | **To do** - Return to the Guacamole home page and reconnect to the VM as a trainee using the **RedHat9_10.0.2.102_SSH** connection. |
| </ | </ | ||
| - | The ip_fix | + | The ip_fixed |
| < | < | ||
| [root@redhat9 ~]# nmcli c show | [root@redhat9 ~]# nmcli c show | ||
| - | NAME UUID TYPE DEVICE | + | NAME |
| - | ip_fix | + | ip_fixed |
| - | lo 8df82174-1d45-4506-9248-6bfcd2d20240 loopback lo | + | lo |
| - | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 ethernet -- | + | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 |
| + | | ||
| [root@redhat9 ~]# nmcli d show | [root@redhat9 ~]# nmcli d show | ||
| - | GENERAL.DEVICE: | + | GENERAL.DEVICE: |
| - | GENERAL.TYPE: | + | GENERAL.TYPE: |
| - | GENERAL.HWADDR: | + | GENERAL.HWADDR: |
| - | GENERAL.MTU: | + | GENERAL.MTU: |
| - | GENERAL.STATE: | + | GENERAL.STATE: |
| - | GENERAL.CONNECTION: | + | GENERAL.CONNECTION: |
| - | GENERAL.CON-PATH: | + | GENERAL.CON-PATH: |
| - | WIRED-PROPERTIES.CARRIER: | + | WIRED-PROPERTIES.CARRIER: |
| - | IP4.ADDRESS[1]: | + | IP4.ADDRESS[1]: |
| - | IP4.GATEWAY: | + | IP4.GATEWAY: |
| - | IP4.ROUTE[1]: | + | IP4.ROUTE[1]: |
| - | IP4.ROUTE[2]: | + | IP4.ROUTE[2]: |
| - | IP6.ADDRESS[1]: | + | IP6.ADDRESS[1]: |
| - | IP6.GATEWAY: | + | IP6.GATEWAY: |
| - | IP6.ROUTE[1]: | + | IP6.ROUTE[1]: |
| - | GENERAL.DEVICE: | + | GENERAL.DEVICE: |
| - | GENERAL.TYPE: | + | GENERAL.TYPE: |
| - | GENERAL.HWADDR: | + | GENERAL.HWADDR: |
| - | GENERAL.MTU: | + | GENERAL.MTU: |
| - | GENERAL.STATE: | + | GENERAL.STATE: |
| - | GENERAL.CONNECTION: | + | GENERAL.CONNECTION: |
| - | GENERAL.CON-PATH: | + | GENERAL.CON-PATH: |
| - | IP4.ADDRESS[1]: | + | IP4.ADDRESS[1]: |
| - | IP4.GATEWAY: | + | IP4.GATEWAY: |
| - | IP6.ADDRESS[1]: | + | IP6.ADDRESS[1]: |
| - | IP6.GATEWAY: | + | IP6.GATEWAY: |
| - | IP6.ROUTE[1]: | + | IP6.ROUTE[1]: |
| </ | </ | ||
| Ligne 865: | Ligne 863: | ||
| [root@redhat9 ~]# nmcli -p connection show ens18 | [root@redhat9 ~]# nmcli -p connection show ens18 | ||
| =============================================================================== | =============================================================================== | ||
| - | Connection profile details (ens18) | + | |
| =============================================================================== | =============================================================================== | ||
| - | connection.id: | + | connection.id: |
| - | connection.uuid: | + | connection.uuid: |
| - | connection.stable-id: | + | connection.stable-id: |
| - | connection.type: | + | connection.type: |
| - | connection.interface-name: | + | connection.interface-name: |
| - | connection.autoconnect: | + | connection.autoconnect: |
| - | connection.autoconnect-priority: | + | connection.autoconnect-priority: |
| - | connection.autoconnect-retries: | + | connection.autoconnect-retries: |
| - | connection.multi-connect: | + | connection.multi-connect: |
| - | connection.auth-retries: | + | connection.auth-retries: |
| - | connection.timestamp: | + | connection.timestamp: |
| - | connection.permissions: | + | connection.permissions: |
| - | connection.zone: | + | connection.zone: |
| - | connection.controller: | + | connection.controller: |
| - | connection.master: | + | connection.master: |
| - | connection.slave-type: | + | connection.slave-type: |
| - | connection.port-type: | + | connection.port-type: |
| - | connection.autoconnect-slaves: | + | connection.autoconnect-slaves: |
| - | connection.autoconnect-ports: | + | connection.autoconnect-ports: |
| - | connection.secondaries: | + | connection.secondaries: |
| - | connection.gateway-ping-timeout: | + | connection.gateway-ping-timeout: |
| - | connection.metered: | + | connection.metered: |
| - | connection.lldp: | + | connection.lldp: |
| - | connection.mdns: | + | connection.mdns: |
| - | connection.llmnr: | + | connection.llmnr: |
| - | connection.dns-over-tls: | + | connection.dns-over-tls: |
| - | connection.mptcp-flags: | + | connection.mptcp-flags: |
| - | connection.wait-device-timeout: | + | connection.wait-device-timeout: |
| - | connection.wait-activation-delay: | + | connection.wait-activation-delay: |
| ------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ||
| - | 802-3-ethernet.port: | + | 802-3-ethernet.port: |
| - | 802-3-ethernet.speed: | + | 802-3-ethernet.speed: |
| - | 802-3-ethernet.duplex: | + | 802-3-ethernet.duplex: |
| - | 802-3-ethernet.auto-negotiate: | + | 802-3-ethernet.auto-negotiate: |
| - | 802-3-ethernet.mac-address: | + | 802-3-ethernet.mac-address: |
| - | 802-3-ethernet.cloned-mac-address: | + | 802-3-ethernet.cloned-mac-address: |
| 802-3-ethernet.generate-mac-address-mask: | 802-3-ethernet.generate-mac-address-mask: | ||
| - | 802-3-ethernet.mac-address-blacklist: | + | 802-3-ethernet.mac-address-blacklist: |
| - | 802-3-ethernet.mtu: | + | 802-3-ethernet.mtu: |
| - | 802-3-ethernet.s390-subchannels: | + | 802-3-ethernet.s390-subchannels: |
| - | 802-3-ethernet.s390-nettype: | + | 802-3-ethernet.s390-nettype: |
| - | 802-3-ethernet.s390-options: | + | 802-3-ethernet.s390-options: |
| - | 802-3-ethernet.wake-on-lan: | + | 802-3-ethernet.wake-on-lan: |
| - | 802-3-ethernet.wake-on-lan-password: | + | 802-3-ethernet.wake-on-lan-password: |
| 802-3-ethernet.accept-all-mac-addresses: | 802-3-ethernet.accept-all-mac-addresses: | ||
| ------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ||
| - | ipv4.method: | + | ipv4.method: |
| - | ipv4.dns: 8.8.8.8 | + | ipv4.dns: |
| - | ipv4.dns-search: | + | ipv4.dns-search: |
| - | ipv4.dns-options: | + | ipv4.dns-options: |
| - | ipv4.dns-priority: | + | ipv4.dns-priority: |
| - | ipv4.addresses: | + | ipv4.addresses: |
| lines 1-55 | lines 1-55 | ||
| [q] | [q] | ||
| </ | </ | ||
| - | + | Similarly, to view the **ip_fixed** profile parameters, use the following command: | |
| - | Similarly, to view the **ip_fixe** profile parameters, use the following command: | + | |
| < | < | ||
| - | [root@redhat9 ~]# nmcli -p connection show ip_fixe | + | [root@redhat9 ~]# nmcli -p connection show ip_fixed |
| =============================================================================== | =============================================================================== | ||
| - | Connection profile details (ip_fix) | + | Connection profile details (ip_fixed) |
| =============================================================================== | =============================================================================== | ||
| - | connection.id: | + | connection.id: |
| - | connection.uuid: | + | connection.uuid: |
| - | connection.stable-id: | + | connection.stable-id: |
| - | connection.type: | + | connection.type: |
| - | connection.interface-name: | + | connection.interface-name: |
| - | connection.autoconnect: | + | connection.autoconnect: |
| - | connection.autoconnect-priority: | + | connection.autoconnect-priority: |
| - | connection.autoconnect-retries: | + | connection.autoconnect-retries: |
| - | connection.multi-connect: | + | connection.multi-connect: |
| - | connection.auth-retries: | + | connection.auth-retries: |
| - | connection.timestamp: | + | connection.timestamp: |
| - | connection.permissions: | + | connection.permissions: |
| - | connection.zone: | + | connection.zone: |
| - | connection.controller: | + | connection.controller: |
| - | connection.master: | + | connection.master: |
| - | connection.slave-type: | + | connection.slave-type: |
| - | connection.port-type: | + | connection.port-type: |
| - | connection.autoconnect-slaves: | + | connection.autoconnect-slaves: |
| - | connection.autoconnect-ports: | + | connection.autoconnect-ports: |
| - | connection.secondaries: | + | connection.secondaries: |
| - | connection.gateway-ping-timeout: | + | connection.gateway-ping-timeout: |
| - | connection.metered: | + | connection.metered: |
| - | connection.lldp: | + | connection.lldp: |
| - | connection.mdns: | + | connection.mdns: |
| - | connection.llmnr: | + | connection.llmnr: |
| - | connection.dns-over-tls: | + | connection.dns-over-tls: |
| - | connection.mptcp-flags: | + | connection.mptcp-flags: |
| - | connection.wait-device-timeout: | + | connection.wait-device-timeout: |
| - | connection.wait-activation-delay: | + | connection.wait-activation-delay: |
| ------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ||
| - | 802-3-ethernet.port: | + | 802-3-ethernet.port: |
| - | 802-3-ethernet.speed: | + | 802-3-ethernet.speed: |
| - | 802-3-ethernet.duplex: | + | 802-3-ethernet.duplex: |
| - | 802-3-ethernet.auto-negotiate: | + | 802-3-ethernet.auto-negotiate: |
| - | 802-3-ethernet.mac-address: | + | 802-3-ethernet.mac-address: |
| - | 802-3-ethernet.cloned-mac-address: | + | 802-3-ethernet.cloned-mac-address: |
| 802-3-ethernet.generate-mac-address-mask: | 802-3-ethernet.generate-mac-address-mask: | ||
| - | 802-3-ethernet.mac-address-blacklist: | + | 802-3-ethernet.mac-address-blacklist: |
| - | 802-3-ethernet.mtu: | + | 802-3-ethernet.mtu: |
| - | 802-3-ethernet.s390-subchannels: | + | 802-3-ethernet.s390-subchannels: |
| - | 802-3-ethernet.s390-nettype: | + | 802-3-ethernet.s390-nettype: |
| - | 802-3-ethernet.s390-options: | + | 802-3-ethernet.s390-options: |
| - | 802-3-ethernet.wake-on-lan: | + | 802-3-ethernet.wake-on-lan: |
| - | 802-3-ethernet.wake-on-lan-password: | + | 802-3-ethernet.wake-on-lan-password: |
| 802-3-ethernet.accept-all-mac-addresses: | 802-3-ethernet.accept-all-mac-addresses: | ||
| ------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ||
| - | ipv4.method: | + | ipv4.method: |
| - | ipv4.dns: -- | + | ipv4.dns: |
| - | ipv4.dns-search: | + | ipv4.dns-search: |
| - | ipv4.dns-options: | + | ipv4.dns-options: |
| - | ipv4.dns-priority: | + | ipv4.dns-priority: |
| - | ipv4.addresses: | + | ipv4.addresses: |
| lines 1-55 | lines 1-55 | ||
| [q] | [q] | ||
| Ligne 991: | Ligne 988: | ||
| [root@redhat9 ~]# nmcli -f CONNECTIONS device show ens18 | [root@redhat9 ~]# nmcli -f CONNECTIONS device show ens18 | ||
| CONNECTIONS.AVAILABLE-CONNECTION-PATHS: | CONNECTIONS.AVAILABLE-CONNECTION-PATHS: | ||
| - | CONNECTIONS.AVAILABLE-CONNECTIONS[1]: | + | CONNECTIONS.AVAILABLE-CONNECTIONS[1]: |
| - | CONNECTIONS.AVAILABLE-CONNECTIONS[2]: | + | CONNECTIONS.AVAILABLE-CONNECTIONS[2]: |
| </ | </ | ||
| Ligne 1000: | Ligne 997: | ||
| [root@redhat9 ~]# ls -l / | [root@redhat9 ~]# ls -l / | ||
| total 8 | total 8 | ||
| - | -rw-------. 1 root root 253 Oct 19 2023 ens18.nmconnection | + | -rw-------. 1 root root 253 Oct 19 2023 ens18.nmconnection |
| - | -rw-------. 1 root root 218 Sep 29 12:21 ip_fix.nmconnection | + | -rw-------. 1 root root 218 Sep 29 12:21 ip_fixed.nmconnection |
| </ | </ | ||
| - | ====.2 - Name resolution==== | + | ====1.2 - Name resolution==== |
| - | A study of the **/ | + | A study of the **/ |
| < | < | ||
| - | [root@redhat9 ~]# cat / | + | [root@redhat9 ~]# cat / |
| [connection] | [connection] | ||
| - | id=ip_fixe | + | id=ip_fixed |
| uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | ||
| type=ethernet | type=ethernet | ||
| Ligne 1036: | Ligne 1033: | ||
| </ | </ | ||
| - | Modify the configuration of the **ip_fixe** profile: | + | Modify the configuration of the **ip_fixed** profile: |
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection mod ip_fix | + | [root@redhat9 ~]# nmcli connection mod ip_fixed |
| </ | </ | ||
| - | A look at the **/ | + | A look at the **/ |
| < | < | ||
| - | [root@redhat9 ~]# cat / | + | [root@redhat9 ~]# cat / |
| [connection] | [connection] | ||
| - | id=ip_fixe | + | id=ip_fixed |
| uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | ||
| type=ethernet | type=ethernet | ||
| Ligne 1074: | Ligne 1071: | ||
| [root@redhat9 ~]# systemctl status NetworkManager.service | [root@redhat9 ~]# systemctl status NetworkManager.service | ||
| ● NetworkManager.service - Network Manager | ● NetworkManager.service - Network Manager | ||
| - | Loaded: loaded (/ | + | Loaded: loaded (/ |
| - | Active: active (running) since Sun 2024-09-29 12:36:35 CEST; 11s ago | + | |
| - | Docs: man: | + | |
| - | Main PID: 4456 (NetworkManager) | + | |
| - | Tasks: 4 (limit: 48800) | + | Tasks: 4 (limit: 48800) |
| - | Memory: 5.5M | + | |
| - | CPU: 82ms | + | CPU: 82ms |
| - | CGroup: / | + | |
| - | └─4456 / | + | |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:35 redhat9.ittraining.loc NetworkManager[4456]: |
| - | Sep 29 12:36:36 redhat9.ittraining.loc NetworkManager[4456]: | + | Sep 29 12:36:36 redhat9.ittraining.loc NetworkManager[4456]: |
| </ | </ | ||
| Ligne 1120: | Ligne 1117: | ||
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| - | **Important** : Note that there is a text-mode | + | **Important** : Note that there is a graphical front-end, **nmtui**, for configuring NetworkManager. |
| </ | </ | ||
| - | ====.3 - Adding a Second IP Address to a Profile==== | + | ====1.3 - Adding a Second IP Address to a Profile==== |
| To add a second IP address to a profile under RHEL 9, use the following command: | To add a second IP address to a profile under RHEL 9, use the following command: | ||
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection mod ip_fix | + | [root@redhat9 ~]# nmcli connection mod ip_fixed |
| </ | </ | ||
| Ligne 1134: | Ligne 1131: | ||
| < | < | ||
| - | [root@redhat9 ~]# nmcli con up ip_fixe | + | [root@redhat9 ~]# nmcli con up ip_fixed |
| Connection successfully activated (D-Bus active path: / | Connection successfully activated (D-Bus active path: / | ||
| </ | </ | ||
| Ligne 1141: | Ligne 1138: | ||
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection show ip_fixe | + | [root@redhat9 ~]# nmcli connection show ip_fixed |
| - | connection.id: | + | connection.id: |
| - | connection.uuid: | + | connection.uuid: |
| - | connection.stable-id: | + | connection.stable-id: |
| - | connection.type: | + | connection.type: |
| - | connection.interface-name: | + | connection.interface-name: |
| - | connection.autoconnect: | + | connection.autoconnect: |
| - | connection.autoconnect-priority: | + | connection.autoconnect-priority: |
| - | connection.autoconnect-retries: | + | connection.autoconnect-retries: |
| - | connection.multi-connect: | + | connection.multi-connect: |
| - | connection.auth-retries: | + | connection.auth-retries: |
| - | connection.timestamp: | + | connection.timestamp: |
| - | connection.permissions: | + | connection.permissions: |
| - | connection.zone: | + | connection.zone: |
| - | connection.controller: | + | connection.controller: |
| - | connection.master: | + | connection.master: |
| - | connection.slave-type: | + | connection.slave-type: |
| - | connection.port-type: | + | connection.port-type: |
| - | connection.autoconnect-slaves: | + | connection.autoconnect-slaves: |
| - | connection.autoconnect-ports: | + | connection.autoconnect-ports: |
| - | connection.secondaries: | + | connection.secondaries: |
| - | connection.gateway-ping-timeout: | + | connection.gateway-ping-timeout: |
| - | connection.metered: | + | connection.metered: |
| - | connection.lldp: | + | connection.lldp: |
| - | connection.mdns: | + | connection.mdns: |
| - | connection.llmnr: | + | connection.llmnr: |
| - | connection.dns-over-tls: | + | connection.dns-over-tls: |
| - | connection.mptcp-flags: | + | connection.mptcp-flags: |
| - | connection.wait-device-timeout: | + | connection.wait-device-timeout: |
| - | connection.wait-activation-delay: | + | connection.wait-activation-delay: |
| - | 802-3-ethernet.port: | + | 802-3-ethernet.port: |
| - | 802-3-ethernet.speed: | + | 802-3-ethernet.speed: |
| - | 802-3-ethernet.duplex: | + | 802-3-ethernet.duplex: |
| - | 802-3-ethernet.auto-negotiate: | + | 802-3-ethernet.auto-negotiate: |
| - | 802-3-ethernet.mac-address: | + | 802-3-ethernet.mac-address: |
| - | 802-3-ethernet.cloned-mac-address: | + | 802-3-ethernet.cloned-mac-address: |
| 802-3-ethernet.generate-mac-address-mask: | 802-3-ethernet.generate-mac-address-mask: | ||
| - | 802-3-ethernet.mac-address-blacklist: | + | 802-3-ethernet.mac-address-blacklist: |
| - | 802-3-ethernet.mtu: | + | 802-3-ethernet.mtu: |
| - | 802-3-ethernet.s390-subchannels: | + | 802-3-ethernet.s390-subchannels: |
| - | 802-3-ethernet.s390-nettype: | + | 802-3-ethernet.s390-nettype: |
| - | 802-3-ethernet.s390-options: | + | 802-3-ethernet.s390-options: |
| - | 802-3-ethernet.wake-on-lan: | + | 802-3-ethernet.wake-on-lan: |
| - | 802-3-ethernet.wake-on-lan-password: | + | 802-3-ethernet.wake-on-lan-password: |
| 802-3-ethernet.accept-all-mac-addresses: | 802-3-ethernet.accept-all-mac-addresses: | ||
| - | ipv4.method: | + | ipv4.method: |
| - | ipv4.dns: 8.8.8.8 | + | ipv4.dns: |
| - | ipv4.dns-search: | + | ipv4.dns-search: |
| - | ipv4.dns-options: | + | ipv4.dns-options: |
| - | ipv4.dns-priority: | + | ipv4.dns-priority: |
| - | ipv4.addresses: | + | ipv4.addresses: |
| - | ipv4.gateway: | + | ipv4.gateway: |
| - | ipv4.routes: | + | ipv4.routes: |
| - | ipv4.route-metric: | + | ipv4.route-metric: |
| - | ipv4.route-table: | + | ipv4.route-table: |
| - | ipv4.routing-rules: | + | ipv4.routing-rules: |
| - | ipv4.replace-local-rule: | + | ipv4.replace-local-rule: |
| - | ipv4.ignore-auto-routes: | + | ipv4.ignore-auto-routes: |
| - | ipv4.ignore-auto-dns: | + | ipv4.ignore-auto-dns: |
| - | ipv4.dhcp-client-id: | + | ipv4.dhcp-client-id: |
| - | ipv4.dhcp-iaid: | + | ipv4.dhcp-iaid: |
| - | ipv4.dhcp-dscp: | + | ipv4.dhcp-dscp: |
| - | ipv4.dhcp-timeout: | + | ipv4.dhcp-timeout: |
| - | ipv4.dhcp-send-hostname: | + | ipv4.dhcp-send-hostname: |
| - | ipv4.dhcp-hostname: | + | ipv4.dhcp-hostname: |
| - | ipv4.dhcp-fqdn: | + | ipv4.dhcp-fqdn: |
| - | ipv4.dhcp-hostname-flags: | + | ipv4.dhcp-hostname-flags: |
| - | ipv4.never-default: | + | ipv4.never-default: |
| - | ipv4.may-fail: | + | ipv4.may-fail: |
| - | ipv4.required-timeout: | + | ipv4.required-timeout: |
| - | ipv4.dad-timeout: | + | ipv4.dad-timeout: |
| - | ipv4.dhcp-vendor-class-identifier: | + | ipv4.dhcp-vendor-class-identifier: |
| - | ipv4.link-local: | + | ipv4.link-local: |
| - | ipv4.dhcp-reject-servers: | + | ipv4.dhcp-reject-servers: |
| - | ipv4.auto-route-ext-gw: | + | ipv4.auto-route-ext-gw: |
| - | ipv6.method: | + | ipv6.method: |
| - | ipv6.dns: -- | + | ipv6.dns: |
| - | ipv6.dns-search: | + | ipv6.dns-search: |
| - | ipv6.dns-options: | + | ipv6.dns-options: |
| - | ipv6.dns-priority: | + | ipv6.dns-priority: |
| - | ipv6.addresses: | + | ipv6.addresses: |
| - | ipv6.gateway: | + | ipv6.gateway: |
| - | ipv6.routes: | + | ipv6.routes: |
| - | ipv6.route-metric: | + | ipv6.route-metric: |
| - | ipv6.route-table: | + | ipv6.route-table: |
| - | ipv6.routing-rules: | + | ipv6.routing-rules: |
| - | ipv6.replace-local-rule: | + | ipv6.replace-local-rule: |
| - | ipv6.ignore-auto-routes: | + | ipv6.ignore-auto-routes: |
| - | ipv6.ignore-auto-dns: | + | ipv6.ignore-auto-dns: |
| - | ipv6.never-default: | + | ipv6.never-default: |
| - | ipv6.may-fail: | + | ipv6.may-fail: |
| - | ipv6.required-timeout: | + | ipv6.required-timeout: |
| - | ipv6.ip6-privacy: | + | ipv6.ip6-privacy: |
| - | ipv6.addr-gen-mode: | + | ipv6.addr-gen-mode: |
| - | ipv6.ra-timeout: | + | ipv6.ra-timeout: |
| - | ipv6.mtu: auto | + | ipv6.mtu: |
| - | ipv6.dhcp-pd-hint: | + | ipv6.dhcp-pd-hint: |
| - | ipv6.dhcp-duid: | + | ipv6.dhcp-duid: |
| - | ipv6.dhcp-iaid: | + | ipv6.dhcp-iaid: |
| - | ipv6.dhcp-timeout: | + | ipv6.dhcp-timeout: |
| - | ipv6.dhcp-send-hostname: | + | ipv6.dhcp-send-hostname: |
| - | ipv6.dhcp-hostname: | + | ipv6.dhcp-hostname: |
| - | ipv6.dhcp-hostname-flags: | + | ipv6.dhcp-hostname-flags: |
| - | ipv6.auto-route-ext-gw: | + | ipv6.auto-route-ext-gw: |
| - | ipv6.token: -- | + | ipv6.token: |
| - | proxy.method: | + | proxy.method: |
| - | proxy.browser-only: | + | proxy.browser-only: |
| - | proxy.pac-url: | + | proxy.pac-url: |
| - | proxy.pac-script: | + | proxy.pac-script: |
| - | GENERAL.NAME: | + | GENERAL.NAME: |
| - | GENERAL.UUID: | + | GENERAL.UUID: |
| - | GENERAL.DEVICES: | + | GENERAL.DEVICES: |
| - | GENERAL.IP-IFACE: | + | GENERAL.IP-IFACE: |
| - | GENERAL.STATE: | + | GENERAL.STATE: |
| - | GENERAL.DEFAULT: | + | GENERAL.DEFAULT: |
| - | GENERAL.DEFAULT6: | + | GENERAL.DEFAULT6: |
| - | GENERAL.SPEC-OBJECT: | + | GENERAL.SPEC-OBJECT: |
| - | GENERAL.VPN: | + | GENERAL.VPN: |
| - | GENERAL.DBUS-PATH: | + | GENERAL.DBUS-PATH: |
| - | GENERAL.CON-PATH: | + | GENERAL.CON-PATH: |
| - | GENERAL.ZONE: | + | GENERAL.ZONE: |
| - | GENERAL.MASTER-PATH: | + | GENERAL.MASTER-PATH: |
| - | IP4.ADDRESS[1]: | + | IP4.ADDRESS[1]: |
| - | IP4.ADDRESS[2]: | + | IP4.ADDRESS[2]: |
| - | IP4.GATEWAY: | + | IP4.GATEWAY: |
| - | IP4.ROUTE[1]: | + | IP4.ROUTE[1]: |
| - | IP4.ROUTE[2]: | + | IP4.ROUTE[2]: |
| - | IP4.ROUTE[3]: | + | IP4.ROUTE[3]: |
| - | IP4.DNS[1]: 8.8.8.8 | + | IP4.DNS[1]: |
| - | IP6.ADDRESS[1]: | + | IP6.ADDRESS[1]: |
| - | IP6.GATEWAY: | + | IP6.GATEWAY: |
| - | IP6.ROUTE[1]: | + | IP6.ROUTE[1]: |
| lines 77-131/131 (END) | lines 77-131/131 (END) | ||
| [q] | [q] | ||
| Ligne 1281: | Ligne 1278: | ||
| </ | </ | ||
| - | Now look at the contents of the **/ | + | Now look at the contents of the **/ |
| < | < | ||
| - | [root@redhat9 ~]# cat / | + | [root@redhat9 ~]# cat / |
| [connection] | [connection] | ||
| - | id=ip_fixe | + | id=ip_fixed |
| uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | ||
| type=ethernet | type=ethernet | ||
| Ligne 1311: | Ligne 1308: | ||
| </ | </ | ||
| - | ====.4 - The hostname==== | + | ====1.4 - The hostname |
| The hostname modification procedure is simplified and takes effect immediately: | The hostname modification procedure is simplified and takes effect immediately: | ||
| Ligne 1336: | Ligne 1333: | ||
| </ | </ | ||
| - | ====.5 - The ip==== | + | ====1.5 - The ip Command==== |
| Under RHEL 9 the **ip** command is preferred to the ifconfig command: | Under RHEL 9 the **ip** command is preferred to the ifconfig command: | ||
| Ligne 1343: | Ligne 1340: | ||
| [root@redhat9 ~]# ip address | [root@redhat9 ~]# ip address | ||
| 1: lo: < | 1: lo: < | ||
| - | link/ | + | |
| - | inet 127.0.0.1/8 scope host lo | + | inet 127.0.0.1/8 scope host lo |
| - | valid_lft forever preferred_lft forever | + | |
| - | inet6 ::1/128 scope host | + | inet6 ::1/128 scope host |
| - | valid_lft forever preferred_lft forever | + | |
| 2: ens18: < | 2: ens18: < | ||
| - | link/ether 92: | + | |
| - | altname enp0s18 | + | altname enp0s18 |
| - | inet 10.0.2.102/ | + | inet 10.0.2.102/ |
| - | valid_lft forever preferred_lft forever | + | |
| - | inet 192.168.1.2/ | + | inet 192.168.1.2/ |
| - | valid_lft forever preferred_lft forever | + | |
| - | inet6 fe80:: | + | inet6 fe80:: |
| - | valid_lft forever preferred_lft forever | + | |
| </ | </ | ||
| - | ===Command | + | ===Command |
| The command line switches for this command are : | The command line switches for this command are : | ||
| Ligne 1366: | Ligne 1363: | ||
| [root@redhat9 ~]# ip --help | [root@redhat9 ~]# ip --help | ||
| Usage: ip [ OPTIONS ] OBJECT { COMMAND | help } | Usage: ip [ OPTIONS ] OBJECT { COMMAND | help } | ||
| - | ip [ -force ] -batch filename | + | ip [ -force ] -batch filename |
| - | where OBJECT := { address | addrlabel | amt | fou | help | ila | ioam | l2tp | | + | where OBJECT := { address | addrlabel | amt | fou | help | ila | ioam | l2tp | |
| - | link | macsec | maddress | monitor | mptcp | mroute | mrule | | + | |
| - | neighbor | neighbour | netconf | netns | nexthop | ntable | | + | |
| - | ntbl | route | rule | sr | tap | tcpmetrics | | + | |
| - | token | tunnel | tuntap | vrf | xfrm } | + | |
| - | OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] | | + | |
| - | -h[uman-readable] | -iec | -j[son] | -p[retty] | | + | -h[uman-readable] | -iec | -j[son] | -p[retty] | |
| - | -f[amily] { inet | inet6 | mpls | bridge | link } | | + | -f[amily] { inet | inet6 | mpls | bridge | link } | |
| - | -4 | -6 | -M | -B | -0 | | + | -4 | -6 | -M | -B | -0 | |
| - | -l[oops] { maximum-addr-flush-attempts } | -br[ief] | | + | -l[oops] { maximum-addr-flush-attempts } | -br[ief] | |
| - | -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] | | + | -o[neline] | -t[imestamp] | -ts[hort] | -b[atch] [filename] | |
| - | -rc[vbuf] [size] | -n[etns] name | -N[umeric] | -a[ll] | | + | -rc[vbuf] [size] | -n[etns] name | -N[umeric] | -a[ll] | |
| - | -c[olor]} | + | -c[olor]} |
| </ | </ | ||
| - | ====.6 - Manually | + | ====1.6 - Manually |
| There are two commands for manually deactivating and activating a network interface: | There are two commands for manually deactivating and activating a network interface: | ||
| Ligne 1396: | Ligne 1393: | ||
| </ | </ | ||
| - | ====.7 - Static Routing==== | + | ====1.7 - Static Routing==== |
| - | ===The ip command=== | + | ===The ip Command=== |
| Under RHEL 9, to delete the route to the 192.168.1.0 network, use the ip command and not the route command: | Under RHEL 9, to delete the route to the 192.168.1.0 network, use the ip command and not the route command: | ||
| Ligne 1430: | Ligne 1427: | ||
| </ | </ | ||
| - | ===Enable | + | ===Enable |
| To enable IPv4 routing on the server, packet retransmission must be enabled: | To enable IPv4 routing on the server, packet retransmission must be enabled: | ||
| Ligne 1474: | Ligne 1471: | ||
| </ | </ | ||
| - | ===Options | + | ===Command Line Switches |
| The command line switches for this command are : | The command line switches for this command are : | ||
| Ligne 1480: | Ligne 1477: | ||
| < | < | ||
| [root@redhat9 ~]# ping --help | [root@redhat9 ~]# ping --help | ||
| - | ping: invalid option -- ‘-’ | + | ping: invalid option -- '-' |
| Usage | Usage | ||
| - | ping [options] < | + | |
| Options: | Options: | ||
| - | < | + | |
| - | -a use audible ping | + | -a |
| - | -A use adaptive ping | + | -A |
| - | -B sticky source address | + | -B |
| - | -C < | + | -c < |
| - | -D print timestamps | + | -D |
| - | -d use SO_DEBUG socket option | + | -d |
| - | -f flood ping | + | -f |
| - | -h print help and exit | + | -h |
| - | -I < | + | -I < |
| - | -i < | + | -i < |
| - | -L suppress loopback of multicast packets | + | -L |
| - | -l < | + | -l < |
| - | -m < | + | -m < |
| - | -M <pmtud opt> define mtu discovery, can be one of < | + | -M <pmtud opt> |
| - | -n no dns name resolution | + | -n |
| - | -O report outstanding replies | + | -O |
| - | -p < | + | -p < |
| - | -q quiet output | + | -q |
| - | -Q < | + | -Q < |
| - | -s < | + | -s < |
| - | -S < | + | -S < |
| - | -t <ttl> define time to live | + | -t < |
| - | -U print user-to-user latency | + | -U |
| - | -v verbose output | + | -v |
| - | -V print version and exit | + | -V |
| - | -w < | + | -w < |
| - | -W < | + | -W < |
| IPv4 options: | IPv4 options: | ||
| - | -4 use IPv4 | + | |
| - | -b allow pinging broadcast | + | -b |
| - | -R record route | + | -R |
| - | -T < | + | -T < |
| IPv6 options: | IPv6 options: | ||
| - | -6 use IPv6 | + | |
| - | -F < | + | -F < |
| - | -N < | + | -N < |
| For more details see ping(8). | For more details see ping(8). | ||
| Ligne 1536: | Ligne 1533: | ||
| [root@redhat9 ~]# netstat -i | [root@redhat9 ~]# netstat -i | ||
| Kernel Interface table | Kernel Interface table | ||
| - | Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg | + | Iface |
| - | ens18 1500 18785 0 0 0 12157 0 0 0 BMRU | + | ens18 1500 18785 0 0 0 |
| - | lo 65536 105 0 0 0 105 0 0 0 LRU | + | lo 65536 105 0 0 0 |
| </ | </ | ||
| - | ===Command | + | ===Command |
| The command line switches for this command are : | The command line switches for this command are : | ||
| Ligne 1547: | Ligne 1544: | ||
| < | < | ||
| [root@redhat9 ~]# netstat --help | [root@redhat9 ~]# netstat --help | ||
| - | usage: netstat [-vWeenNcCF] [< | + | usage: netstat [-vWeenNcCF] [< |
| - | netstat [-vWnNcaeol] [< | + | |
| - | netstat { [-vWeenNac] -I[< | + | |
| - | -r, --route display routing table | + | |
| - | -I, --interfaces=< | + | -I, --interfaces=< |
| - | -i, --interfaces display interface table | + | -i, --interfaces |
| - | -g, --groups display multicast group memberships | + | -g, --groups |
| - | -s, --statistics display networking statistics (like SNMP) | + | -s, --statistics |
| - | -M, --masquerade display masqueraded connections | + | -M, --masquerade |
| - | -v, --verbose be verbose | + | |
| - | -W, --wide don't truncate IP addresses | + | -W, --wide |
| - | -n, --numeric don't resolve names | + | -n, --numeric |
| - | --numeric-hosts don't resolve host names | + | --numeric-hosts |
| - | --numeric-ports don't resolve port names | + | --numeric-ports |
| - | --numeric-users don't resolve user names | + | --numeric-users |
| - | -N, --symbolic resolve hardware names | + | -N, --symbolic |
| - | -e, --extend display other/more information | + | -e, --extend |
| - | -p, --programs display PID/Program name for sockets | + | -p, --programs |
| - | -o, --timers display timers | + | -o, --timers |
| - | -c, --continuous continuous listing | + | -c, --continuous |
| - | -l, --listening display listening server sockets | + | |
| - | -a, --all display all sockets (default: connected) | + | -a, --all display all sockets (default: connected) |
| - | -F, --fib display Forwarding Information Base (default) | + | -F, --fib display Forwarding Information Base (default) |
| - | -C, --cache display routing cache instead of FIB | + | -C, --cache |
| - | -Z, --context display SELinux security context for sockets | + | -Z, --context |
| - | < | + | |
| - | {-x|--unix} --ax25 --ipx --netrom | + | |
| - | < | + | < |
| - | List of possible address families (which support routing): | + | List of possible address families (which support routing): |
| - | inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) | + | inet (DARPA Internet) inet6 (IPv6) ax25 (AMPR AX.25) |
| - | netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) | + | netrom (AMPR NET/ROM) ipx (Novell IPX) ddp (Appletalk DDP) |
| - | x25 (CCITT X.25) | + | x25 (CCITT X.25) |
| </ | </ | ||
| ====2.3 - traceroute==== | ====2.3 - traceroute==== | ||
| - | The ping command is the basis of the **traceroute** command. This command is used to find out the route taken to access | + | The ping command is the basis of the **traceroute** command. This command is used to find out the route taken to reach a given host: |
| < | < | ||
| [root@redhat9 ~]# traceroute www.ittraining.team | [root@redhat9 ~]# traceroute www.ittraining.team | ||
| bash: traceroute: command not found... | bash: traceroute: command not found... | ||
| - | Install package | + | Install package |
| - | * Waiting in queue... | + | * Waiting in queue... |
| - | * Loading list of packages.... | + | * Loading list of packages.... |
| The following packages have to be installed: | The following packages have to be installed: | ||
| - | traceroute-3: | + | traceroute-3: |
| Proceed with changes? [N/y] y | Proceed with changes? [N/y] y | ||
| - | * Waiting in queue... | + | * Waiting in queue... |
| - | * Waiting for authentication... | + | * Waiting for authentication... |
| - | * Waiting in queue... | + | * Waiting in queue... |
| - | * Downloading packages... | + | * Downloading packages... |
| - | * Requesting data... | + | * Requesting data... |
| - | * Testing changes... | + | * Testing changes... |
| - | * Installing packages... | + | * Installing packages... |
| traceroute to www.ittraining.team (136.143.190.199), | traceroute to www.ittraining.team (136.143.190.199), | ||
| - | 1 _gateway (10.0.2.1) 0.437 ms 0.396 ms 0.380 ms | + | 1 _gateway (10.0.2.1) |
| - | 2 51.79.19.252 (51.79.19.252) 0.554 ms 0.689 ms 0.818 ms | + | |
| - | 3 10.161.82.50 (10.161.82.50) 0.372 ms 10.161.82.52 (10.161.82.52) 0.444 ms 10.161.82.50 (10.161.82.50) 0.372 ms | + | |
| - | 4 10.34.98.50 (10.34.98.50) 0.483 ms 0.580 ms 0.973 ms | + | |
| - | 5 10.74.8.92 (10.74.8.92) 0.232 ms 10.74.8.90 (10.74.8.90) 9.825 ms 10.74.8.94 (10.74.8.94) 0.206 ms | + | |
| - | 6 10.95.81.10 (10.95.81.10) 0.712 ms 10.95.81.8 (10.95.81.8) 1.103 ms 10.95.81.10 (10.95.81.10) 1.435 ms | + | |
| - | 7 be101.chi-ch2-sbb1-8k.il.us (198.27.73.207) 17.425 ms be101.chi-ch2-sbb2-8k.il.us (192.99.146.141) 17.089 ms be101.chi-ch2-sbb1-8k.il.us (198.27.73.207) 17.055 ms | + | |
| - | 8 * * * | + | |
| - | 9 10.200.1.1 (10.200.1.1) 66.593 ms 68.592 ms * | + | |
| - | 10 * 10.200.1.1 (10.200.1.1) 68.518 ms * | + | 10 * 10.200.1.1 (10.200.1.1) |
| - | 11 * * * | + | 11 * * * |
| - | 12 * * * | + | 12 * * * |
| - | 13 * * * | + | 13 * * * |
| - | 14 * * * | + | 14 * * * |
| - | 15 * * * | + | 15 * * * |
| - | 16 * * * | + | 16 * * * |
| - | 17 * * * | + | 17 * * * |
| - | 18 * * * | + | 18 * * * |
| - | 19 * * * | + | 19 * * * |
| - | 20 * * * | + | 20 * * * |
| - | 21 * *^C | + | 21 * *^C |
| </ | </ | ||
| - | ===Options for the traceroute command=== | + | ===Command Line Switches=== |
| The command line switches for this command are : | The command line switches for this command are : | ||
| Ligne 1640: | Ligne 1637: | ||
| [root@redhat9 ~]# traceroute --help | [root@redhat9 ~]# traceroute --help | ||
| Usage: | Usage: | ||
| - | traceroute [ -46dFITnreAUDV ] [ -f first_ttl ] [ -g gate,... ] [ -i device ] [ -m max_ttl ] [ -N squeries ] [ -p port ] [ -t tos ] [ -l flow_label ] [ -w MAX, | + | |
| Options: | Options: | ||
| - | -4 Use IPv4 | + | |
| - | -6 Use IPv6 | + | -6 Use IPv6 |
| - | -d --debug Enable socket level debugging | + | -d --debug |
| - | -F --dont-fragment Do not fragment packets | + | -F --dont-fragment |
| - | -f first_ttl --first=first_ttl | + | -f first_ttl |
| - | Start from the first_ttl hop (instead from 1) | + | Start from the first_ttl hop (instead from 1) |
| - | -g gate,... --gateway=gate, | + | -g gate, |
| - | Route packets through the specified gateway | + | Route packets through the specified gateway |
| - | (maximum 8 for IPv4 and 127 for IPv6) | + | (maximum 8 for IPv4 and 127 for IPv6) |
| - | -I --icmp Use ICMP ECHO for tracerouting | + | -I --icmp |
| - | -T --tcp Use TCP SYN for tracerouting (default port is 80) | + | -T --tcp |
| - | -i device --interface=device | + | -i device |
| - | Specify a network interface to operate with | + | Specify a network interface to operate with |
| - | -m max_ttl --max-hops=max_ttl | + | -m max_ttl |
| - | Set the max number of hops (max TTL to be | + | Set the max number of hops (max TTL to be |
| - | reached). Default is 30 | + | reached). Default is 30 |
| - | -N squeries --sim-queries=squeries | + | -N squeries |
| - | Set the number of probes to be tried | + | Set the number of probes to be tried |
| - | simultaneously (default is 16) | + | simultaneously (default is 16) |
| - | -n Do not resolve IP addresses to their domain names | + | -n Do not resolve IP addresses to their domain names |
| - | -p port --port=port Set the destination port to use. It is either | + | -p port --port=port |
| - | initial udp port value for ‘default’ method | + | initial udp port value for "default" |
| - | (incremented by each probe, default is 33434), or | + | (incremented by each probe, default is 33434), or |
| - | initial seq for ‘icmp’ (incremented as well, | + | initial seq for "icmp" |
| - | default from 1), or some constant destination | + | default from 1), or some constant destination |
| - | port for other methods (with default of 80 for | + | port for other methods (with default of 80 for |
| - | ‘tcp’, 53 for “udp”, etc.) | + | " |
| - | -t tos --tos=tos Set the TOS (IPv4 type of service) or TC (IPv6 | + | -t tos --tos=tos |
| - | traffic class) value for outgoing packets | + | traffic class) value for outgoing packets |
| - | -l flow_label --flowlabel=flow_label | + | -l flow_label |
| - | Use specified flow_label for IPv6 packets | + | Use specified flow_label for IPv6 packets |
| - | -w MAX, | + | -w MAX, |
| - | Wait for a probe no more than HERE (default 3) | + | Wait for a probe no more than HERE (default 3) |
| - | times longer than a response from the same hop, | + | times longer than a response from the same hop, |
| - | or no more than NEAR (default 10) times than some | + | or no more than NEAR (default 10) times than some |
| - | next hop, or MAX (default 5.0) seconds (float | + | next hop, or MAX (default 5.0) seconds (float |
| - | point values allowed too) | + | point values allowed too) |
| - | -q nqueries --queries=nqueries | + | -q nqueries |
| - | Set the number of probes per each hop. Default is | + | Set the number of probes per each hop. Default is |
| - | 3 | + | 3 |
| - | -r Bypass the normal routing and send directly to a | + | -r Bypass the normal routing and send directly to a |
| - | host on an attached network | + | host on an attached network |
| - | -s src_addr --source=src_addr | + | -s src_addr |
| - | Use source src_addr for outgoing packets | + | Use source src_addr for outgoing packets |
| - | -z sendwait --sendwait=sendwait | + | -z sendwait |
| - | Minimal time interval between probes (default 0). | + | Minimal time interval between probes (default 0). |
| - | If the value is more than 10, then it specifies a | + | If the value is more than 10, then it specifies a |
| - | number in milliseconds, | + | number in milliseconds, |
| - | seconds (float point values allowed too) | + | seconds (float point values allowed too) |
| - | -e --extensions Show ICMP extensions (if present), including MPLS | + | -e --extensions |
| - | -A --as-path-lookups Perform AS path lookups in routing registries and | + | -A --as-path-lookups |
| - | print results directly after the corresponding | + | print results directly after the corresponding |
| - | addresses | + | addresses |
| - | -M name --module=name Use specified module (either builtin or external) | + | -M name --module=name |
| - | for traceroute operations. Most methods have | + | for traceroute operations. Most methods have |
| - | their shortcuts (`-I‘ means `-M icmp’ etc.) | + | their shortcuts (`-I' |
| - | -O OPTS,... --options=OPTS, | + | -O OPTS, |
| - | Use module-specific option OPTS for the | + | Use module-specific option OPTS for the |
| - | traceroute module. Several OPTS allowed, | + | traceroute module. Several OPTS allowed, |
| - | separated by comma. If OPTS is ‘help’, print info | + | separated by comma. If OPTS is "help", print info |
| - | about available options | + | about available options |
| - | --sport=num Use source port num for outgoing packets. Implies | + | --sport=num |
| - | `-N 1' | + | `-N 1' |
| - | --fwmark=num Set firewall mark for outgoing packets | + | --fwmark=num |
| - | -U --udp Use UDP to particular port for tracerouting | + | -U --udp |
| - | (instead of increasing the port per each probe), | + | (instead of increasing the port per each probe), |
| - | default port is 53 | + | default port is 53 |
| - | -UL Use UDPLITE for tracerouting (default dest port | + | -UL |
| - | is 53) | + | is 53) |
| - | -D --dccp Use DCCP Request for tracerouting (default port | + | -D --dccp |
| - | is 33434) | + | is 33434) |
| - | -P prot --protocol=prot Use raw packet of protocol prot for tracerouting | + | -P prot --protocol=prot |
| - | --mtu Discover MTU along the path being traced. Implies | + | --mtu |
| - | `-F -N 1' | + | `-F -N 1' |
| - | --back Guess the number of hops in the backward path and | + | --back |
| - | print if it differs | + | print if it differs |
| - | -V --version Print version info and exit | + | -V --version |
| - | --help Read this help and exit | + | --help |
| Arguments: | Arguments: | ||
| - | + host The host to traceroute to | + | + |
| - | packetlen The full packet length (default is the length of an IP | + | packetlen |
| - | header plus 40). Can be ignored or increased to a minimal | + | header plus 40). Can be ignored or increased to a minimal |
| - | allowed value | + | allowed value |
| </ | </ | ||
| Ligne 1734: | Ligne 1731: | ||
| < | < | ||
| [root@redhat9 ~]# tracepath www.ittraining.team | [root@redhat9 ~]# tracepath www.ittraining.team | ||
| - | 1?: [LOCALHOST] pmtu 1500 | + | 1?: [LOCALHOST] |
| - | 1: _gateway 0.199ms | + | |
| - | 1: _gateway 0.138ms | + | |
| - | 2: 51.79.19.252 0.651ms | + | |
| - | 3: 10.161.82.52 0.704ms | + | |
| - | 4: 10.34.98.56 0.628ms | + | |
| - | 5: 10.74.8.88 0.301ms | + | |
| - | 6: 10.95.81.8 36.365ms | + | |
| - | 7: be101.chi-ch2-sbb2-8k.il.us 17.152ms | + | |
| - | 8: be101.chi-ch2-sbb2-8k.il.us 17.442ms asymm 7 | + | |
| - | 9: 10.200.1.1 69.375ms | + | |
| - | 10: 10.200.1.1 68.618ms asymm 9 | + | 10: 10.200.1.1 |
| - | 11: no reply | + | 11: no reply |
| - | 12: no reply | + | 12: no reply |
| - | 13: no reply | + | 13: no reply |
| - | 14: no reply | + | 14: no reply |
| ^C | ^C | ||
| </ | </ | ||
| - | ===Options for the tracepath command=== | + | ===Command Line Switches=== |
| The command line switches for this command are : | The command line switches for this command are : | ||
| Ligne 1759: | Ligne 1756: | ||
| < | < | ||
| [root@redhat9 ~]# tracepath --help | [root@redhat9 ~]# tracepath --help | ||
| - | tracepath: invalid option -- ‘-’ | + | tracepath: invalid option -- '-' |
| Usage | Usage | ||
| - | tracepath [options] < | + | |
| Options: | Options: | ||
| - | -4 use IPv4 | + | |
| - | -6 use IPv6 | + | -6 |
| - | -b print both name and ip | + | -b |
| - | -l < | + | -l < |
| - | -m < | + | -m < |
| - | -n no dns name resolution | + | -n |
| - | -p < | + | -p < |
| - | -V print version and exit | + | -V |
| - | < | + | < |
| For more details see tracepath(8). | For more details see tracepath(8). | ||
| Ligne 1783: | Ligne 1780: | ||
| <WRAP center round important> | <WRAP center round important> | ||
| - | **Important** - If the **telnet** command is not installed | + | **Important** - If the **telnet** command is not installed, install it using the **dnf install telnet** command as root. |
| </ | </ | ||
| Ligne 1796: | Ligne 1793: | ||
| </ | </ | ||
| - | ===Options for the telnet command=== | + | ===Command Line Switches=== |
| The command line switches for this command are : | The command line switches for this command are : | ||
| Ligne 1802: | Ligne 1799: | ||
| < | < | ||
| [root@redhat9 ~]# telnet --help | [root@redhat9 ~]# telnet --help | ||
| - | telnet: invalid option -- ‘-’ | + | telnet: invalid option -- '-' |
| Usage: telnet [-4] [-6] [-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user] | Usage: telnet [-4] [-6] [-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user] | ||
| - | [-n tracefile] [-b hostalias ] [-r] | + | |
| - | [host-name [port]] | + | |
| </ | </ | ||
| Ligne 1814: | Ligne 1811: | ||
| < | < | ||
| [root@redhat9 ~]# wget https:// | [root@redhat9 ~]# wget https:// | ||
| - | --2024-09-29 13:56:10-- https:// | + | --2024-09-29 13: |
| Resolving www.dropbox.com (www.dropbox.com)... 162.125.11.18, | Resolving www.dropbox.com (www.dropbox.com)... 162.125.11.18, | ||
| Connecting to www.dropbox.com (www.dropbox.com)|162.125.11.18|: | Connecting to www.dropbox.com (www.dropbox.com)|162.125.11.18|: | ||
| HTTP request sent, awaiting response... 302 Found | HTTP request sent, awaiting response... 302 Found | ||
| Location: https:// | Location: https:// | ||
| - | --2024-09-29 13:56:11-- https:// | + | --2024-09-29 13: |
| Resolving uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com (uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com)... 162.125.11.15, | Resolving uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com (uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com)... 162.125.11.15, | ||
| Connecting to uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com (uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com)|162.125.11.15|: | Connecting to uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com (uc22f408c6cacfcc03fb4dbb269d.dl.dropboxusercontent.com)|162.125.11.15|: | ||
| Ligne 1826: | Ligne 1823: | ||
| Saving to: ‘wget_file.txt? | Saving to: ‘wget_file.txt? | ||
| - | wget_file.txt? | + | wget_file.txt? |
| 2024-09-29 13:56:11 (40.9 MB/s) - ‘wget_file.txt? | 2024-09-29 13:56:11 (40.9 MB/s) - ‘wget_file.txt? | ||
| Ligne 1834: | Ligne 1831: | ||
| </ | </ | ||
| - | ===Options for the wget command=== | + | ===Command Line Switches=== |
| The command line switches for this command are : | The command line switches for this command are : | ||
| Ligne 1846: | Ligne 1843: | ||
| Startup: | Startup: | ||
| - | -V, --version display the version of Wget and exit | + | |
| - | -h, --help print this help | + | -h, --help |
| - | -b, --background go to background after startup | + | -b, --background |
| - | -e, --execute=COMMAND execute a `.wgetrc' | + | -e, --execute=COMMAND |
| Logging and input file: | Logging and input file: | ||
| - | -o, --output-file=FILE log messages to FILE | + | |
| - | -a, --append-output=FILE append messages to FILE | + | -a, --append-output=FILE |
| - | -d, --debug print lots of debugging information | + | -d, --debug |
| - | -q, --quiet quiet (no output) | + | -q, --quiet |
| - | -v, --verbose be verbose (this is the default) | + | -v, --verbose |
| - | -nv, --no-verbose turn off verboseness, | + | -nv, --no-verbose |
| - | --report-speed=TYPE output bandwidth as TYPE. TYPE can be bits | + | |
| - | -i, --input-file=FILE download URLs found in local or external FILE | + | -i, --input-file=FILE |
| - | -F, --force-html treat input file as HTML | + | -F, --force-html |
| - | -B, --base=URL resolves HTML input-file links (-i -F) | + | -B, --base=URL |
| - | relative to URL | + | |
| - | --config=FILE specify config file to use | + | |
| - | --no-config do not read any config file | + | |
| - | --rejected-log=FILE log reasons for URL rejection to FILE | + | |
| Download: | Download: | ||
| - | -t, --tries=NUMBER set number of retries to NUMBER (0 unlimits) | + | |
| - | --retry-connrefused retry even if connection is refused | + | |
| - | --retry-on-http-error=ERRORS comma-separated list of HTTP errors to retry | + | |
| - | -O, --output-document=FILE write documents to FILE | + | -O, --output-document=FILE |
| - | -nc, --no-clobber skip downloads that would download to | + | -nc, --no-clobber |
| - | existing files (overwriting them) | + | |
| - | --no-netrc don't try to obtain credentials from .netrc | + | |
| - | -c, --continue resume getting a partially-downloaded file | + | -c, --continue |
| - | --start-pos=OFFSET start downloading from zero-based position OFFSET | + | |
| - | --progress=TYPE select progress gauge type | + | |
| - | --show-progress display the progress bar in any verbosity mode | + | |
| - | -N, --timestamping don't re-retrieve files unless newer than | + | -N, --timestamping |
| - | local | + | |
| - | --no-if-modified-since don't use conditional if-modified-since get | + | |
| - | requests in timestamping mode | + | |
| - | --no-use-server-timestamps don't set the local file's timestamp by | + | |
| - | the one on the server | + | |
| - | -S, --server-response print server response | + | -S, --server-response |
| - | --spider don't download anything | + | |
| - | -T, --timeout=SECONDS set all timeout values to SECONDS | + | -T, --timeout=SECONDS |
| - | --dns-timeout=SECS set the DNS lookup timeout to SECS | + | |
| - | --connect-timeout=SECS set the connect timeout to SECS | + | |
| - | --read-timeout=SECS set the read timeout to SECS | + | |
| - | -w, --wait=SECONDS wait SECONDS between retrievals | + | -w, --wait=SECONDS |
| - | (applies if more then 1 URL is to be retrieved) | + | |
| - | --waitretry=SECONDS wait 1..SECONDS between retries of a retrieval | + | |
| - | (applies if more then 1 URL is to be retrieved) | + | |
| - | --random-wait wait from 0.5*WAIT...1.5*WAIT secs between retrievals | + | |
| - | (applies if more then 1 URL is to be retrieved) | + | |
| - | --no-proxy explicitly turn off proxy | + | |
| - | -Q, --quota=NUMBER set retrieval quota to NUMBER | + | -Q, --quota=NUMBER |
| - | --bind-address=ADDRESS bind to ADDRESS (hostname or IP) on local host | + | |
| - | --limit-rate=RATE limit download rate to RATE | + | |
| - | --no-dns-cache disable caching DNS lookups | + | |
| - | --restrict-file-names=OS restrict chars in file names to ones OS allows | + | |
| - | --ignore-case ignore case when matching files/ | + | |
| - | -4, --inet4-only connect only to IPv4 addresses | + | -4, --inet4-only |
| - | -6, --inet6-only connect only to IPv6 addresses | + | -6, --inet6-only |
| - | --prefer-family=FAMILY connect first to addresses of specified family, | + | |
| - | one of IPv6, IPv4, or none | + | |
| - | --user=USER set both ftp and http user to USER | + | |
| - | --password=PASS set both ftp and http password to PASS | + | |
| - | --ask-password prompt for passwords | + | |
| - | --use-askpass=COMMAND specify credential handler for requesting | + | |
| - | username and password. If no COMMAND is | + | |
| - | specified the WGET_ASKPASS or the SSH_ASKPASS | + | |
| - | environment variable is used. | + | |
| - | --no-iri turn off IRI support | + | |
| - | --local-encoding=ENC use ENC as the local encoding for IRIs | + | |
| - | --remote-encoding=ENC use ENC as the default remote encoding | + | |
| - | --unlink remove file before clobber | + | |
| - | --xattr turn on storage of metadata in extended file attributes | + | |
| Directories: | Directories: | ||
| - | -nd, --no-directories don't create directories | + | |
| - | -x, --force-directories force creation of directories | + | -x, --force-directories |
| - | -nH, --no-host-directories don't create host directories | + | -nH, --no-host-directories |
| - | --protocol-directories use protocol name in directories | + | |
| - | -P, --directory-prefix=PREFIX save files to PREFIX/... | + | -P, --directory-prefix=PREFIX |
| - | --cut-dirs=NUMBER ignore NUMBER remote directory components | + | |
| HTTP options: | HTTP options: | ||
| - | --http-user=USER set http user to USER | + | --http-user=USER |
| - | --http-password=PASS set http password to PASS | + | |
| - | --no-cache disallow server-cached data | + | |
| - | --default-page=NAME change the default page name (normally | + | |
| - | this is ‘index.html’.) | + | |
| - | -E, --adjust-extension save HTML/CSS documents with proper extensions | + | -E, --adjust-extension |
| - | --ignore-length ignore | + | |
| - | --header=STRING insert STRING among the headers | + | |
| - | --compression=TYPE choose compression, | + | |
| - | --max-redirect maximum redirections allowed per page | + | |
| - | --proxy-user=USER set USER as proxy username | + | |
| - | --proxy-password=PASS set PASS as proxy password | + | |
| - | --referer=URL include | + | |
| - | --save-headers save the HTTP headers to file | + | |
| - | -U, --user-agent=AGENT identify as AGENT instead of Wget/ | + | -U, --user-agent=AGENT |
| - | --no-http-keep-alive disable HTTP keep-alive (persistent connections) | + | |
| - | --no-cookies don't use cookies | + | |
| - | --load-cookies=FILE load cookies from FILE before session | + | |
| - | --save-cookies=FILE save cookies to FILE after session | + | |
| - | --keep-session-cookies load and save session (non-permanent) cookies | + | |
| - | --post-data=STRING use the POST method; send STRING as the data | + | |
| - | --post-file=FILE use the POST method; send contents of FILE | + | |
| - | --method=HTTPMethod use method | + | |
| - | --body-data=STRING send STRING as data. --method MUST be set | + | |
| - | --body-file=FILE send contents of FILE. --method MUST be set | + | |
| - | --content-disposition honor the Content-Disposition header when | + | |
| - | choosing local file names (EXPERIMENTAL) | + | |
| - | --content-on-error output the received content on server errors | + | |
| - | --auth-no-challenge send Basic HTTP authentication information | + | |
| - | without first waiting for the server' | + | |
| - | challenge | + | |
| HTTPS (SSL/TLS) options: | HTTPS (SSL/TLS) options: | ||
| - | --secure-protocol=PR choose secure protocol, one of auto, SSLv2, | + | --secure-protocol=PR |
| - | SSLv3, TLSv1, TLSv1_1, TLSv1_2 and PFS | + | |
| - | --https-only follow secure HTTPS links | + | |
| - | --no-check-certificate don't validate the server' | + | |
| - | --certificate=FILE client certificate file | + | |
| - | --certificate-type=TYPE client certificate type, PEM or DER | + | |
| - | --private-key=FILE private key file | + | |
| - | --private-key-type=TYPE private key type, PEM or DER | + | |
| - | --ca-certificate=FILE file with the bundle of CAs | + | |
| - | --ca-directory=DIR directory where hash list of CAs is stored | + | |
| - | --crl-file=FILE file with bundle of CRLs | + | |
| - | --pinnedpubkey=FILE/ | + | |
| - | of base64 encoded sha256 hashes preceded by | + | |
| - | ‘sha256//’ and separated by ‘;’, to verify | + | 'sha256//' |
| - | peer against | + | |
| - | --ciphers=STR Set the priority string (GnuTLS) or cipher list string (OpenSSL) directly. | + | --ciphers=STR |
| - | Use with care. This option overrides --secure-protocol. | + | |
| - | The format and syntax of this string depend on the specific SSL/TLS engine. | + | |
| HSTS options: | HSTS options: | ||
| - | --no-hsts disable HSTS | + | --no-hsts |
| - | --hsts-file path of HSTS database (will override default) | + | |
| FTP options: | FTP options: | ||
| - | --ftp-user=USER set ftp user to USER | + | --ftp-user=USER |
| - | --ftp-password=PASS set ftp password to PASS | + | |
| - | --no-remove-listing don't remove | + | |
| - | --no-glob turn off FTP file name globbing | + | |
| - | --no-passive-ftp disable the ‘passive’ transfer mode | + | |
| - | --preserve-permissions preserve remote file permissions | + | |
| - | --retr-symlinks when recursing, get linked-to files (not dir) | + | |
| FTPS options: | FTPS options: | ||
| - | --ftps-implicit use implicit FTPS (default port is 990) | + | --ftps-implicit |
| - | --ftps-resume-ssl resume the SSL/TLS session started in the control connection when | + | |
| - | opening a data connection | + | |
| - | --ftps-clear-data-connection cipher the control channel only; all the data will be in plaintext | + | |
| - | --ftps-fallback-to-ftp fall back to FTP if FTPS is not supported in the target server | + | |
| WARC options: | WARC options: | ||
| - | --warc-file=FILENAME save request/ | + | --warc-file=FILENAME |
| - | --warc-header=STRING insert STRING into the warcinfo record | + | |
| - | --warc-max-size=NUMBER set maximum size of WARC files to NUMBER | + | |
| - | --warc-cdx write CDX index files | + | |
| - | --warc-dedup=FILENAME do not store records listed in this CDX file | + | |
| - | --no-warc-compression do not compress WARC files with GZIP | + | |
| - | --no-warc-digests do not calculate SHA1 digests | + | |
| - | --no-warc-keep-log do not store the log file in a WARC record | + | |
| - | --warc-tempdir=DIRECTORY location for temporary files created by the | + | |
| - | WARC writer | + | |
| Recursive download: | Recursive download: | ||
| - | -r, --recursive specify recursive download | + | |
| - | -l, --level=NUMBER maximum recursion depth (inf or 0 for infinite) | + | -l, --level=NUMBER |
| - | --delete-after delete files locally after downloading them | + | |
| - | -k, --convert-links make links in downloaded HTML or CSS point to | + | -k, --convert-links |
| - | local files | + | |
| - | --convert-file-only convert the file part of the URLs only (usually known as the basename) | + | |
| - | --backups=N before writing file X, rotate up to N backup files | + | |
| - | -K, --backup-converted before converting file X, back up as X.orig | + | -K, --backup-converted |
| - | -m, --mirror shortcut for -N -r -l inf --no-remove-listing | + | -m, --mirror |
| - | -p, --page-requisites get all images, etc. needed to display HTML page | + | -p, --page-requisites |
| - | --strict-comments turn on strict (SGML) handling of HTML comments | + | |
| Recursive accept/ | Recursive accept/ | ||
| - | -A, --accept=LIST comma-separated list of accepted extensions | + | |
| - | -R, --reject=LIST comma-separated list of rejected extensions | + | -R, --reject=LIST |
| - | --accept-regex=REGEX regex matching accepted URLs | + | |
| - | --reject-regex=REGEX regex matching rejected URLs | + | |
| - | --regex-type=TYPE regex type (posix|pcre) | + | |
| - | -D, --domains=LIST comma-separated list of accepted domains | + | -D, --domains=LIST |
| - | --exclude-domains=LIST comma-separated list of rejected domains | + | |
| - | --follow-ftp follow FTP links from HTML documents | + | |
| - | --follow-tags=LIST comma-separated list of followed HTML tags | + | |
| - | --ignore-tags=LIST comma-separated list of ignored HTML tags | + | |
| - | -H, --span-hosts go to foreign hosts when recursive | + | -H, --span-hosts |
| - | -L, --relative follow relative links only | + | -L, --relative |
| - | -I, --include-directories=LIST list of allowed directories | + | -I, --include-directories=LIST |
| - | --trust-server-names use the name specified by the redirection | + | |
| - | URL's last component | + | |
| - | -X, --exclude-directories=LIST list of excluded directories | + | -X, --exclude-directories=LIST |
| - | -np, --no-parent don't ascend to the parent directory | + | -np, --no-parent |
| Email bug reports, questions, discussions to < | Email bug reports, questions, discussions to < | ||
| Ligne 2052: | Ligne 2049: | ||
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| - | **Important** - If the **ftp** command is not installed | + | **Important** - If the **ftp** command is not installed, install it using the **dnf install ftp** command as root. |
| </ | </ | ||
| Ligne 2060: | Ligne 2057: | ||
| [root@redhat9 ~]# ftp | [root@redhat9 ~]# ftp | ||
| ftp> help | ftp> help | ||
| - | Commands may be abbreviated. Commands are: | + | Commands may be abbreviated. |
| - | ! debug mdir sendport site | + | ! |
| - | dir mget put size | + | $ dir |
| - | account disconnect mkdir pwd status | + | account |
| - | append exit mls quit struct | + | append |
| - | ascii form mode quote system | + | ascii |
| - | bell get modtime recv sunique | + | bell get |
| - | binary glob mput reget tenex | + | binary |
| - | bye hash newer rstatus tick | + | bye |
| - | case help nmap rhelp trace | + | case help nmap rhelp |
| - | cd idle nlist rename type | + | cd idle nlist |
| - | cdup image ntrans reset user | + | cdup image |
| - | chmod lcd open restart umask | + | chmod |
| - | close ls prompt rmdir verbose | + | close |
| - | cr macdef passive runique ? | + | cr macdef |
| - | delete mdelete proxy send | + | delete |
| ftp> | ftp> | ||
| </ | </ | ||
| Ligne 2123: | Ligne 2120: | ||
| ====3.4 - SSH==== | ====3.4 - SSH==== | ||
| - | ===Introduction=== | + | ===Overview=== |
| The **[[wpfr> | The **[[wpfr> | ||
| - | * the **SSH server** | + | |
| - | * The sshd daemon, which handles client authentication and authorisation, | + | * The sshd daemon, which handles client authentication and authorisation, |
| - | * The **SSH client**. | + | * The **SSH client**. |
| - | * ssh or scp, which connects and talks to the server, | + | * ssh or scp, which connects and talks to the server, |
| - | * The **session**, | + | * The **session**, |
| - | * The **keys** | + | * The **keys** |
| - | * Asymmetric** and persistent user key pairs which ensure a user's identity and which are stored on the hard disk, | + | * **Asymmetric** and persistent user key pairs which ensure a user's identity and which are stored on the hard disk, |
| - | * **Asymmetric and persistent** host key guaranteeing the identity of the server and stored on hard disk. | + | * **Asymmetric and persistent** host key guaranteeing the identity of the server and stored on the hard disk. |
| - | * Temporary asymmetric server key** used by the SSH1 protocol to encrypt the session key, | + | * **Temporary asymmetric server key** used by the SSH1 protocol to encrypt the session key, |
| - | * Symmetric session key** which is generated at random and is used to encrypt the communication between the client and the server. It is destroyed at the end of the session. SSH-1 uses a single key, while SSH-2 uses one key for each direction of communication, | + | * **Symmetric session key** which is generated at random and is used to encrypt the communication between the client and the server. It is destroyed at the end of the session. SSH-1 uses a single key, while SSH-2 uses one key for each direction of communication, |
| - | * The **known hosts database** which stores the keys of previous connections. | + | * The **known hosts database** which stores the keys of previous connections. |
| SSH works as follows to set up a secure channel: | SSH works as follows to set up a secure channel: | ||
| - | * The client contacts the server on port 22, | + | |
| - | * The client and server exchange their versions of SSH. If the two versions do not match, one of them terminates the process, | + | * The client and server exchange their versions of SSH. If the two versions do not match, one of them terminates the process, |
| - | * The SSH server identifies itself to the client by providing : | + | * The SSH server identifies itself to the client by providing : |
| - | * Its host key, | + | * Its host key, |
| - | * Its server key, | + | * Its server key, |
| - | * A random sequence of eight bytes to be included in future client responses, | + | * A random sequence of eight bytes to be included in future client responses, |
| - | * A list of encryption, compression and authentication methods, | + | * A list of encryption, compression and authentication methods, |
| - | * The client and server produce an identical identifier, a 128-bit MD5 hash containing the host key, the server key and the random sequence, | + | * The client and server produce an identical identifier, a 128-bit MD5 hash containing the host key, the server key and the random sequence, |
| - | * The client generates its symmetrical session key and encrypts it twice, once with the server' | + | * The client generates its symmetrical session key and encrypts it twice, once with the server' |
| - | * The server decrypts the session key, | + | * The server decrypts the session key, |
| - | * The client and server set up the secure channel. | + | * The client and server set up the secure channel. |
| ==SSH-1== | ==SSH-1== | ||
| Ligne 2159: | Ligne 2156: | ||
| In order to identify itself, the client tries each of the following six methods: | In order to identify itself, the client tries each of the following six methods: | ||
| - | * **Kerberos**, | + | |
| - | **Rhosts**, | + | |
| - | **%%RhostsRSA%%**, | + | |
| - | * By **asymmetric | + | * Using **asymmetric |
| - | * **TIS**, | + | * **TIS**, |
| - | * By **password**. | + | * Using a **password**. |
| ==SSH-2== | ==SSH-2== | ||
| Ligne 2170: | Ligne 2167: | ||
| SSH-2 uses **DSA** or **RSA**. It ensures data integrity using the **HMAC** algorithm. SSH-2 is organised into three **layers**: | SSH-2 uses **DSA** or **RSA**. It ensures data integrity using the **HMAC** algorithm. SSH-2 is organised into three **layers**: | ||
| - | **SSH-TRANS** - Transport Layer Protocol, | + | * **SSH-TRANS** - Transport Layer Protocol, |
| - | **SSH-AUTH** - Authentication Protocol, | + | |
| - | * SSH-CONN** - Connection Protocol. | + | * **SSH-CONN** - Connection Protocol. |
| SSH-2 differs from SSH-1 mainly in the authentication phase. | SSH-2 differs from SSH-1 mainly in the authentication phase. | ||
| Ligne 2178: | Ligne 2175: | ||
| There are three authentication methods: | There are three authentication methods: | ||
| - | * By **asymmetric | + | |
| - | * Identical to SSH-1 except with the DSA algorithm, | + | * **%%RhostsRSA%%**, |
| - | * **%%RhostsRSA%%**, | + | * Using a **password**. |
| - | * By **password**. | + | |
| - | ==Command | + | ==Command |
| The command line switches for this command are : | The command line switches for this command are : | ||
| Ligne 2191: | Ligne 2187: | ||
| unknown option -- - | unknown option -- - | ||
| usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] | usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] | ||
| - | [-b bind_address] [-c cipher_spec] [-D [bind_address: | + | [-b bind_address] [-c cipher_spec] [-D [bind_address: |
| - | [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] | + | |
| - | [-i identity_file] [-J [user@]host[: | + | |
| - | [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] | + | |
| - | [-Q query_option] [-R address] [-S ctl_path] [-W host: | + | |
| - | [-w local_tun[: | + | |
| </ | </ | ||
| - | ===Password | + | ===Password |
| The user provides the ssh client with a password. The ssh client transmits it securely to the ssh server and then the server checks the password and accepts it or not. | The user provides the ssh client with a password. The ssh client transmits it securely to the ssh server and then the server checks the password and accepts it or not. | ||
| Advantages: | Advantages: | ||
| - | * No asymmetric key configuration required. | + | |
| + | | ||
| Disadvantages: | Disadvantages: | ||
| - | * The user must provide a login and password for each connection, | ||
| - | * Less secure than an asymmetric key system. | ||
| - | ===Asymmetric | + | * The user must provide a login and password for each connection, |
| + | * Less secure than asymmetric keys. | ||
| + | |||
| + | ===Asymmetric | ||
| - | * The **client** sends the server an asymmetric key authentication request containing the key module to be used, | + | * The **client** sends the server an asymmetric key authentication request containing the key module to be used, |
| - | * The **server** looks for a match for this module in the **~/ | + | |
| - | * If no match is found, the server terminates communication, | + | |
| - | * If a match is not found, the server generates a 256-bit random string called a **challenge** and encrypts it with the client' | + | |
| - | * The **client** receives the challenge and decrypts it using the private part of its key. It combines the challenge with the session identifier and encrypts the result. It then sends the encrypted result to the server. | + | |
| - | * The **server** generates the same hash and compares it with the one received from the client. If the two hashes are identical, authentication is successful. | + | |
| ===Server Configuration=== | ===Server Configuration=== | ||
| Ligne 2225: | Ligne 2223: | ||
| < | < | ||
| [root@redhat9 ~]# cat / | [root@redhat9 ~]# cat / | ||
| - | # $OpenBSD: sshd_config, | + | # |
| - | # This is the sshd server system-wide configuration file. See | + | # This is the sshd server system-wide configuration file. See |
| # sshd_config(5) for more information. | # sshd_config(5) for more information. | ||
| Ligne 2234: | Ligne 2232: | ||
| # The strategy used for options in the default sshd_config shipped with | # The strategy used for options in the default sshd_config shipped with | ||
| # OpenSSH is to specify options with their default value where | # OpenSSH is to specify options with their default value where | ||
| - | # possible, but leave them commented. Uncommented options override the | + | # possible, but leave them commented. |
| # default value. | # default value. | ||
| - | # To modify the system-wide sshd configuration, | + | # To modify the system-wide sshd configuration, |
| - | # / | + | # / |
| Include / | Include / | ||
| Ligne 2273: | Ligne 2271: | ||
| # The default is to check both .ssh/ | # The default is to check both .ssh/ | ||
| # but this is overridden so installations will only check .ssh/ | # but this is overridden so installations will only check .ssh/ | ||
| - | AuthorizedKeysFile .ssh/ | + | AuthorizedKeysFile |
| # | # | ||
| Ligne 2309: | Ligne 2307: | ||
| # | # | ||
| - | # Set this to ‘yes’ to enable PAM authentication, | + | # Set this to 'yes' |
| # and session processing. If this is enabled, PAM authentication will | # and session processing. If this is enabled, PAM authentication will | ||
| # be allowed through the KbdInteractiveAuthentication and | # be allowed through the KbdInteractiveAuthentication and | ||
| - | # PasswordAuthentication. Depending on your PAM configuration, | + | # PasswordAuthentication. |
| # PAM authentication via KbdInteractiveAuthentication may bypass | # PAM authentication via KbdInteractiveAuthentication may bypass | ||
| - | # the setting of ‘PermitRootLogin without-password’. | + | # the setting of "PermitRootLogin without-password". |
| # If you just want the PAM account and session checks to run without | # If you just want the PAM account and session checks to run without | ||
| # PAM authentication, | # PAM authentication, | ||
| - | # and KbdInteractiveAuthentication to ‘no’. | + | # and KbdInteractiveAuthentication to 'no'. |
| - | # WARNING: | + | # WARNING: |
| # problems. | # problems. | ||
| #UsePAM no | #UsePAM no | ||
| Ligne 2347: | Ligne 2345: | ||
| # override default of no subsystems | # override default of no subsystems | ||
| - | Subsystem sftp / | + | Subsystem |
| # Example of overriding settings on a per-user basis | # Example of overriding settings on a per-user basis | ||
| #Match User anoncvs | #Match User anoncvs | ||
| - | # X11Forwarding no | + | # |
| - | # AllowTcpForwarding no | + | # |
| - | # PermitTTY no | + | # |
| - | # ForceCommand cvs server | + | # |
| </ | </ | ||
| - | To remove the comment lines in this file, use the following command: | ||
| - | |||
| - | < | ||
| - | [root@redhat9 ~]# cd /tmp ; grep -E -v ‘^(# | ||
| - | |||
| - | [root@redhat9 tmp]# cat sshd_config | ||
| - | Include / | ||
| - | AuthorizedKeysFile .ssh/ | ||
| - | Subsystem sftp / | ||
| - | </ | ||
| To secure the ssh server, add or modify the following directives : | To secure the ssh server, add or modify the following directives : | ||
| Ligne 2404: | Ligne 2392: | ||
| X11Forwarding no | X11Forwarding no | ||
| Include / | Include / | ||
| - | AuthorizedKeysFile .ssh/ | + | AuthorizedKeysFile |
| - | Subsystem sftp / | + | Subsystem |
| </ | </ | ||
| Ligne 2428: | Ligne 2416: | ||
| [root@redhat9 tmp]# systemctl status sshd | [root@redhat9 tmp]# systemctl status sshd | ||
| ● sshd.service - OpenSSH server daemon | ● sshd.service - OpenSSH server daemon | ||
| - | Loaded: loaded (/ | + | Loaded: loaded (/ |
| - | Active: active (running) since Sun 2024-09-29 14:06:49 CEST; 9s ago | + | |
| - | Docs: man: | + | |
| - | man: | + | |
| - | Main PID: 5560 (sshd) | + | |
| - | Tasks: 1 (limit: 48800) | + | Tasks: 1 (limit: 48800) |
| - | Memory: 1.4M | + | |
| - | CPU: 13ms | + | CPU: 13ms |
| - | CGroup: / | + | |
| - | └─5560 | + | |
| Sep 29 14:06:49 redhat9.ittraining.loc systemd[1]: Starting OpenSSH server daemon... | Sep 29 14:06:49 redhat9.ittraining.loc systemd[1]: Starting OpenSSH server daemon... | ||
| Ligne 2471: | Ligne 2459: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +---[DSA 1024]----+ | +---[DSA 1024]----+ | ||
| - | | +o++o| | + | | +o++o| |
| - | | . o o+..| | + | | . o o+..| |
| - | | o . .. +.| | + | | |
| - | |. E . . . o.+| | + | |. E . |
| - | |.. + . .S . + oo| | + | |.. + . .S . + oo| |
| - | |*.* B . . . .| | + | |*.* B . |
| - | |oX.* + | | + | |oX.* + |
| - | |o *o+ o | | + | |o *o+ o | |
| - | | +++.+ | | + | | +++.+ |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| </ | </ | ||
| Ligne 2499: | Ligne 2487: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +---[RSA 3072]----+ | +---[RSA 3072]----+ | ||
| - | | ...==o.oo.o.+o| | + | | |
| - | | o.+= = E.=.o| | + | | o.+= = E.=.o| |
| - | | o +o.*.o .+.= | | + | | |
| - | | o.o*o.ooo.+ | | + | | o.o*o.ooo.+ |
| - | | ...S ++ . | | + | | |
| - | | . . * | | + | | |
| - | | . * | | + | | . * | |
| - | | o | | + | | |
| - | | | | + | | |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| Ligne 2523: | Ligne 2511: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +---[ECDSA 256]---+ | +---[ECDSA 256]---+ | ||
| - | | ..=== .E | | + | | |
| - | | +.o = . | | + | | +.o = . | |
| - | | . + = o | | + | | . |
| - | |o. . O o | | + | |o. .. O o | |
| - | |+ =o.= +S. | | + | |+ =o.= +S. |
| - | |.Bo+* ..o | | + | |.Bo+* ..o | |
| - | |+.o+.++ . | | + | |+.o+.++ |
| - | |. o+=. | | + | |. o+=. | |
| - | |o..oo . | | + | |o..oo .. | |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| Ligne 2547: | Ligne 2535: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +--[ED25519 256]--+ | +--[ED25519 256]--+ | ||
| - | | E.....o.o.. | | + | | E.....o.o.. |
| - | | o.o .o+o | | + | | o.o .o+o |
| - | | = B. . | | + | | |
| - | | + +.= o . | | + | | + +.= o . | |
| - | | +S* +. +o.| | + | | |
| - | | . . o.=o.+ ++| | + | | . . o.=o.+ ++| |
| - | | o o =o+..o.o| | + | | |
| - | | o o .oo ...| | + | | o o .oo ...| |
| - | | .o . | | + | | .o . | |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| </ | </ | ||
| - | Generated public keys have the **.pub** extension. Private keys do not have a : | + | Generated public keys have the **.pub** extension. Private keys do not have a file extension: |
| < | < | ||
| [root@redhat9 tmp]# ls /etc/ssh | [root@redhat9 tmp]# ls /etc/ssh | ||
| - | moduli ssh_config.d sshd_config.d ssh_host_dsa_key ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key | + | moduli |
| - | ssh_config sshd_config sshd_config.old ssh_host_dsa_key.pub ssh_host_ecdsa_key.pub ssh_host_ed25519_key.pub ssh_host_rsa_key.pub | + | ssh_config |
| </ | </ | ||
| - | Then restart the sshd service: | + | Now restart the sshd service: |
| < | < | ||
| Ligne 2574: | Ligne 2562: | ||
| [root@redhat9 tmp]# systemctl status sshd.service | [root@redhat9 tmp]# systemctl status sshd.service | ||
| ● sshd.service - OpenSSH server daemon | ● sshd.service - OpenSSH server daemon | ||
| - | Loaded: loaded (/ | + | Loaded: loaded (/ |
| - | Active: active (running) since Sun 2024-09-29 14:14:14 CEST; 13s ago | + | |
| - | Docs: man: | + | |
| - | man: | + | |
| - | Main PID: 5583 (sshd) | + | |
| - | Tasks: 1 (limit: 48800) | + | Tasks: 1 (limit: 48800) |
| - | Memory: 1.3M | + | |
| - | CPU: 12ms | + | CPU: 12ms |
| - | CGroup: / | + | |
| - | └─5583 | + | |
| Sep 29 14:14:14 redhat9.ittraining.loc systemd[1]: sshd.service: | Sep 29 14:14:14 redhat9.ittraining.loc systemd[1]: sshd.service: | ||
| Ligne 2608: | Ligne 2596: | ||
| Generating public/ | Generating public/ | ||
| Enter file in which to save the key (/ | Enter file in which to save the key (/ | ||
| - | Created directory | + | Created directory |
| Enter passphrase (empty for no passphrase): | Enter passphrase (empty for no passphrase): | ||
| Enter same passphrase again: | Enter same passphrase again: | ||
| Ligne 2617: | Ligne 2605: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +---[DSA 1024]----+ | +---[DSA 1024]----+ | ||
| - | | ...+o..... | | + | | |
| - | | .... +. . | | + | | .... +. . |
| - | | . o = . | | + | | |
| - | | .o o * + | | + | | .o o * + |
| - | | =.* S = | | + | | =.* S = | |
| - | | o.% o . | | + | | |
| - | | E.B o . | | + | | E.B o . | |
| - | | = =o= . | | + | | |
| - | | .**Boo | | + | | |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| Ligne 2639: | Ligne 2627: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +---[RSA 3072]----+ | +---[RSA 3072]----+ | ||
| - | | . | | + | | . | |
| - | | + | | + | | |
| - | | . + . | | + | | . + . | |
| - | | o o . | | + | | |
| - | | . S.. o | | + | | . |
| - | | . o+*.+ * . | | + | | |
| - | | o .o++X = = | | + | | |
| - | | o oo=.o@ E . *.| | + | | o oo=.o@ E . *.| |
| - | | oo=+=* . o*| | + | | |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| Ligne 2661: | Ligne 2649: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +---[ECDSA 256]---+ | +---[ECDSA 256]---+ | ||
| - | | .=Bo | | + | | |
| - | | ..o+ . | | + | | ..o+ |
| - | | .+ + +| | + | | |
| - | | . = * E +o| | + | | |
| - | | .S.* O = o| | + | | |
| - | | ..o=.* =. .| | + | | ..o=.* =. .| |
| - | | o..+ =. o | | + | | |
| - | | .. .B o | | + | | .. .B o | |
| - | | .. o... | | + | | |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| Ligne 2683: | Ligne 2671: | ||
| The key's randomart image is: | The key's randomart image is: | ||
| +--[ED25519 256]--+ | +--[ED25519 256]--+ | ||
| - | |== ooo+o..E | | + | |== ooo+o..E |
| - | |ooo.==o.o+ | | + | |ooo.==o.o+ |
| - | | =++o.o o. | | + | | =++o.o o. | |
| - | | o o. = = | | + | | o o. = = | |
| - | | o BS | | + | | |
| - | | ..+.+. | | + | | ..+.+. |
| - | | .o+o..= | | + | | .o+o..= |
| - | | o.o oo+ | | + | | |
| - | | . ++ | | + | | . |
| +----[SHA256]-----+ | +----[SHA256]-----+ | ||
| </ | </ | ||
| Ligne 2702: | Ligne 2690: | ||
| </ | </ | ||
| - | ===SSH | + | ===SSH |
| - | The SSH protocol can be used to secure protocols such as telnet, pop3 and so on. In fact, you can create an SSH //tunnel// through which unsecured protocol communications pass. | + | The SSH protocol can be used to secure protocols such as telnet, pop3 and so on. You can create an SSH //tunnel// through which unsecured protocol communications pass. |
| The command to create an ssh tunnel takes the following form: | The command to create an ssh tunnel takes the following form: | ||
| - | ssh -N -f account@host -Local_port: | + | |
| In your case, you are going to create a tunnel in your own vm between port 15023 and port 23 : | In your case, you are going to create a tunnel in your own vm between port 15023 and port 23 : | ||
| Ligne 2714: | Ligne 2702: | ||
| < | < | ||
| [trainee@redhat9 ~]$ ssh -N -f trainee@localhost -L15023: | [trainee@redhat9 ~]$ ssh -N -f trainee@localhost -L15023: | ||
| - | The authenticity of host ‘localhost (::1)’ can't be established. | + | The authenticity of host 'localhost (::1)' |
| ED25519 key fingerprint is SHA256: | ED25519 key fingerprint is SHA256: | ||
| This key is not known by any other names | This key is not known by any other names | ||
| Are you sure you want to continue connecting (yes/ | Are you sure you want to continue connecting (yes/ | ||
| - | Warning: Permanently added ‘localhost’ (ED25519) to the list of known hosts. | + | Warning: Permanently added 'localhost' |
| \S | \S | ||
| Kernel \r on an \m | Kernel \r on an \m | ||
| Ligne 2734: | Ligne 2722: | ||
| Dependencies resolved. | Dependencies resolved. | ||
| ================================================================================================================================================================================================================== | ================================================================================================================================================================================================================== | ||
| - | Package Architecture Version Repository Size | + | Package |
| ================================================================================================================================================================================================================== | ================================================================================================================================================================================================================== | ||
| Installing: | Installing: | ||
| - | telnet-server x86_64 1: | + | telnet-server |
| Transaction Summary | Transaction Summary | ||
| ================================================================================================================================================================================================================== | ================================================================================================================================================================================================================== | ||
| - | Install 1 Package | + | Install |
| Total download size: 41 k | Total download size: 41 k | ||
| Ligne 2747: | Ligne 2735: | ||
| Is this ok [y/N]: y | Is this ok [y/N]: y | ||
| Downloading Packages: | Downloading Packages: | ||
| - | telnet-server-0.17-85.el9.x86_64.rpm 145 kB/s | 41 kB 00:00 | + | telnet-server-0.17-85.el9.x86_64.rpm |
| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ||
| - | Total 144 kB/s | 41 kB 00:00 | + | Total |
| Running transaction check | Running transaction check | ||
| Transaction check succeeded. | Transaction check succeeded. | ||
| Ligne 2755: | Ligne 2743: | ||
| Transaction test succeeded. | Transaction test succeeded. | ||
| Running transaction | Running transaction | ||
| - | Preparing : 1/1 | + | |
| - | Installing : telnet-server-1: | + | Installing |
| - | Running scriptlet: telnet-server-1: | + | Running scriptlet: telnet-server-1: |
| - | Verifying : telnet-server-1: | + | Verifying |
| Installed products updated. | Installed products updated. | ||
| Installed: | Installed: | ||
| - | telnet-server-1: | + | |
| Complete! | Complete! | ||
| Ligne 2772: | Ligne 2760: | ||
| [root@redhat9 ~]# systemctl status telnet.socket | [root@redhat9 ~]# systemctl status telnet.socket | ||
| ○ telnet.socket - Telnet Server Activation Socket | ○ telnet.socket - Telnet Server Activation Socket | ||
| - | Loaded: loaded (/ | + | Loaded: loaded (/ |
| - | Active: inactive (dead) | + | |
| - | Docs: man: | + | |
| - | Listen: [::]:23 (Stream) | + | |
| - | Accepted: 0; Connected: 0; | + | |
| [root@redhat9 ~]# systemctl start telnet.socket | [root@redhat9 ~]# systemctl start telnet.socket | ||
| Ligne 2782: | Ligne 2770: | ||
| [root@redhat9 ~]# systemctl status telnet.socket | [root@redhat9 ~]# systemctl status telnet.socket | ||
| ● telnet.socket - Telnet Server Activation Socket | ● telnet.socket - Telnet Server Activation Socket | ||
| - | Loaded: loaded (/ | + | Loaded: loaded (/ |
| - | Active: active (listening) since Sun 2024-09-29 14:19:51 CEST; 13s ago | + | |
| - | Until: Sun 2024-09-29 14:19:51 CEST; 13s ago | + | Until: Sun 2024-09-29 14:19:51 CEST; 13s ago |
| - | Docs: man: | + | |
| - | Listen: [::]:23 (Stream) | + | |
| - | Accepted: 0; Connected: 0; | + | |
| - | Tasks: 0 (limit: 48800) | + | Tasks: 0 (limit: 48800) |
| - | Memory: 8.0K | + | |
| - | CPU: 700us | + | CPU: 700us |
| - | CGroup: / | + | |
| Sep 29 14:19:51 redhat9.ittraining.loc systemd[1]: Listening on Telnet Server Activation Socket. | Sep 29 14:19:51 redhat9.ittraining.loc systemd[1]: Listening on Telnet Server Activation Socket. | ||
| Ligne 2798: | Ligne 2786: | ||
| </ | </ | ||
| - | Then connect via telnet to port 15023, and you will see that your connection is not successful: | + | Then connect via telnet to port 15023: |
| < | < | ||
| Ligne 2804: | Ligne 2792: | ||
| Trying ::1... | Trying ::1... | ||
| Connected to localhost. | Connected to localhost. | ||
| - | Escape character is ‘^]’. | + | Escape character is '^]'. |
| Kernel 5.14.0-427.37.1.el9_4.x86_64 on an x86_64 | Kernel 5.14.0-427.37.1.el9_4.x86_64 on an x86_64 | ||
| Ligne 2824: | Ligne 2812: | ||
| ====3.5 - SCP==== | ====3.5 - SCP==== | ||
| - | ===Introduction=== | + | ===Overview=== |
| The **scp** command is the successor and replacement for the **rcp** command in the **remote** command family. It is used to make secure transfers from a remote machine: | The **scp** command is the successor and replacement for the **rcp** command in the **remote** command family. It is used to make secure transfers from a remote machine: | ||
| - | $ scp account@numero_ip(machine_name):/ | + | |
| or to a remote machine : | or to a remote machine : | ||
| - | $ scp /path_local/file_local | + | |
| - | ===Using=== | + | ===Usage=== |
| - | We are now going to use **scp** to search for a file on the << | + | We are now going to use **scp** to download |
| Create the file **/ | Create the file **/ | ||
| Ligne 2854: | Ligne 2842: | ||
| < | < | ||
| [root@redhat9 ~]# scp trainee@127.0.0.1:/ | [root@redhat9 ~]# scp trainee@127.0.0.1:/ | ||
| - | The authenticity of host ‘127.0.0.1 (127.0.0.1)’ can't be established. | + | The authenticity of host '127.0.0.1 (127.0.0.1)' |
| ED25519 key fingerprint is SHA256: | ED25519 key fingerprint is SHA256: | ||
| This key is not known by any other names | This key is not known by any other names | ||
| Are you sure you want to continue connecting (yes/ | Are you sure you want to continue connecting (yes/ | ||
| - | Warning: Permanently added ‘127.0.0.1’ (ED25519) to the list of known hosts. | + | Warning: Permanently added '127.0.0.1' |
| \S | \S | ||
| Kernel \r on an \m | Kernel \r on an \m | ||
| Ligne 2865: | Ligne 2853: | ||
| [root@redhat9 ~]# ls -l | [root@redhat9 ~]# ls -l | ||
| total 2042944 | total 2042944 | ||
| - | -rw-------. 1 root root 1226 Oct 19 2023 anaconda-ks.cfg | + | -rw-------. 1 root root 1226 Oct 19 2023 anaconda-ks.cfg |
| - | -rw-r--r--. 1 trainee trainee 2091941797 Oct 19 2023 ansible-automation-platform-setup-bundle-2.4-2.2-x86_64.tar.gz | + | -rw-r--r--. 1 trainee trainee 2091941797 Oct 19 2023 ansible-automation-platform-setup-bundle-2.4-2.2-x86_64.tar.gz |
| - | -rw-r--r--. 1 root root 64 Sep 27 08:24 device.map | + | -rw-r--r--. 1 root root 64 Sep 27 08:24 device.map |
| - | -rw-------. 1 root root 7118 Sep 27 08:24 grub.cfg | + | -rw-------. 1 root root 7118 Sep 27 08:24 grub.cfg |
| - | drwxr-xr-x. 3 root root 21 Oct 19 2023 home | + | drwxr-xr-x. 3 root root 21 Oct 19 2023 home |
| - | -rw-r--r--. 1 root root 98 Sep 27 08:23 montages.list | + | -rw-r--r--. 1 root root 98 Sep 27 08:23 montages.list |
| - | -rw-r--r--. 1 root root 2109 Sep 25 16:20 passwd | + | -rw-r--r--. 1 root root 2109 Sep 25 16:20 passwd |
| - | -rw-r--r--. 1 root root 0 Sep 29 14:24 scp-test | + | -rw-r--r--. 1 root root |
| - | -rw-r--r--. 1 root root 457 Sep 27 08:22 structure.list | + | -rw-r--r--. 1 root root |
| - | -rw-r--r--. 1 root root 46 Sep 29 13:56 ‘wget_file.txt? | + | -rw-r--r--. 1 root root 46 Sep 29 13:56 'wget_file.txt? |
| </ | </ | ||
| - | ====3.6 - Setting up asymmetric keys==== | + | ====3.6 - Setting up Asymmetric Keys==== |
| We now need to connect to the << | We now need to connect to the << | ||
| Ligne 2891: | Ligne 2879: | ||
| [trainee@redhat9 ~]$ ls -la | grep .ssh | [trainee@redhat9 ~]$ ls -la | grep .ssh | ||
| - | -rw-------. 1 trainee trainee 20 Sep 25 15:18 .lesshst | + | -rw-------. |
| - | drwx------. 2 trainee trainee 188 Sep 29 14:18 .ssh | + | drwx------. |
| </ | </ | ||
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| - | **Important** - If the remote .ssh folder does not exist in the connected | + | **Important** - If the remote .ssh folder does not exist in the user's home directory, it must be created with 700 file permissions. In your case, since your machine is the server **and** the client, the / |
| </ | </ | ||
| Ligne 2910: | Ligne 2898: | ||
| [trainee@redhat9 ~]$ scp .ssh/ | [trainee@redhat9 ~]$ scp .ssh/ | ||
| - | The authenticity of host ‘127.0.0.1 (127.0.0.1)’ can't be established. | + | The authenticity of host '127.0.0.1 (127.0.0.1)' |
| ED25519 key fingerprint is SHA256: | ED25519 key fingerprint is SHA256: | ||
| This host key is known by the following other names/ | This host key is known by the following other names/ | ||
| - | ~/ | + | |
| Are you sure you want to continue connecting (yes/ | Are you sure you want to continue connecting (yes/ | ||
| - | Warning: Permanently added ‘127.0.0.1’ (ED25519) to the list of known hosts. | + | Warning: Permanently added '127.0.0.1' |
| \S | \S | ||
| Kernel \r on an \m | Kernel \r on an \m | ||
| trainee@127.0.0.1' | trainee@127.0.0.1' | ||
| - | id_ecdsa.pub 100% 192 427.3KB/s 00:00 | + | id_ecdsa.pub |
| </ | </ | ||
| Ligne 2935: | Ligne 2923: | ||
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| - | **Important** - When connecting to the server, authentication uses the asymmetric key pair in ecdsa format and no password is required. | + | **Important** - When connecting to the server, |
| </ | </ | ||
| Ligne 2944: | Ligne 2932: | ||
| [trainee@redhat9 .ssh]$ ls | [trainee@redhat9 .ssh]$ ls | ||
| - | authorized_keys id_dsa id_dsa.pub id_ecdsa id_ecdsa.pub id_ed25519 id_ed25519.pub id_rsa id_rsa.pub known_hosts known_hosts.old | + | authorized_keys |
| [trainee@redhat9 .ssh]$ cat authorized_keys | [trainee@redhat9 .ssh]$ cat authorized_keys | ||
| Ligne 2957: | Ligne 2945: | ||
| [trainee@redhat9 .ssh]$ cat authorized_keys | [trainee@redhat9 .ssh]$ cat authorized_keys | ||
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGJIMNJ1m+xIpYzfYwK7VpdCI9inhQx3wptO+z4Xsl3XYcb+WIXsEsJpKSyQnOv98HmfZVJWcqXaSBkE5mskFGI= trainee@redhat9.ittraining.loc | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGJIMNJ1m+xIpYzfYwK7VpdCI9inhQx3wptO+z4Xsl3XYcb+WIXsEsJpKSyQnOv98HmfZVJWcqXaSBkE5mskFGI= trainee@redhat9.ittraining.loc | ||
| - | ssh- rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSBgNBWkHU0UWXablPEQLRXjcdG7WYN0651bSh122wAMpMo5j3Jjlxm+tCKILpU5kjmpLIC+YCVw3nNr2e8RxIucxfEy1NIXrrCS0Ps3t5zsdsta/ | + | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSBgNBWkHU0UWXablPEQLRXjcdG7WYN0651bSh122wAMpMo5j3Jjlxm+tCKILpU5kjmpLIC+YCVw3nNr2e8RxIucxfEy1NIXrrCS0Ps3t5zsdsta/ |
| - | ssh- dss AAAAB3NzaC1kc3MAAACBAOlvM/ | + | ssh-dss AAAAB3NzaC1kc3MAAACBAOlvM/ |
| ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzhdX1reo1vStZd/ | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzhdX1reo1vStZd/ | ||
