Différences
Ci-dessous, les différences entre deux révisions de la page.
| Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente | ||
| elearning:workbooks:redhat:rh124en:l112 [2024/11/12 13:49] – admin | elearning:workbooks:redhat:rh124en:l112 [2024/11/29 08:45] (Version actuelle) – admin | ||
|---|---|---|---|
| Ligne 62: | Ligne 62: | ||
| * Usage | * Usage | ||
| * 3.6 - Setting up Asymmetric Keys | * 3.6 - Setting up Asymmetric Keys | ||
| + | |||
| =====Understanding IPv4===== | =====Understanding IPv4===== | ||
| ==== TCP headers ==== | ==== TCP headers ==== | ||
| - | The TCP header is encoded | + | The TCP header is encoded |
| ^ 1st byte ^ 2nd byte ^ 3rd byte ^ 4th byte ^ | ^ 1st byte ^ 2nd byte ^ 3rd byte ^ 4th byte ^ | ||
| Ligne 98: | Ligne 99: | ||
| ==== UDP headers ==== | ==== UDP headers ==== | ||
| - | The UDP header is encoded | + | The UDP header is encoded |
| ^ 1st byte ^ 2nd byte ^ 3rd byte ^ 4th byte ^ | ^ 1st byte ^ 2nd byte ^ 3rd byte ^ 4th byte ^ | ||
| Ligne 104: | Ligne 105: | ||
| | Length | | Length | ||
| | Data |||| | | Data |||| | ||
| - | |||
| - | The UDP header is 8 bytes long. | ||
| ==== Fragmentation and Re-encapsulation ==== | ==== Fragmentation and Re-encapsulation ==== | ||
| Ligne 165: | Ligne 164: | ||
| ==== Subnet Masks ==== | ==== Subnet Masks ==== | ||
| - | Like the IP address, the subnet mask has 4 octets | + | Like the IP address, the subnet mask has 4 bytes or 32 bits. Subnet masks are used to identify the Net ID and Host ID: |
| ^ Class ^ Mask ^ CIDR notation | ^ Class ^ Mask ^ CIDR notation | ||
| Ligne 202: | Ligne 201: | ||
| | Network address | | Network address | ||
| - | Since the network address is identical in both cases, the sending host assumes that the destination host is on its network and sends the packets directly to the network | + | Since the network address is identical in both cases, the sending host assumes that the destination host is on its network and sends the packets directly to the network. |
| The sending host is now trying to communicate with a host with an IP address of 192.168.2.1. It therefore performs the same calculation by applying **its own subnet mask** to the IP address of the destination host: | The sending host is now trying to communicate with a host with an IP address of 192.168.2.1. It therefore performs the same calculation by applying **its own subnet mask** to the IP address of the destination host: | ||
| Ligne 214: | Ligne 213: | ||
| | Network address | | Network address | ||
| - | In this case, the sending host finds that the destination network 192.168.2.0 is not identical to its own network 192.168.10.0. It therefore | + | In this case, the sending host finds that the destination network 192.168.2.0 is not identical to its own network 192.168.10.0. It therefore |
| ==== VLSM ==== | ==== VLSM ==== | ||
| Ligne 567: | Ligne 566: | ||
| 2001: | 2001: | ||
| - | To make it easier to write IPv6 addresses, it is not necessary to write zeros at the head of a group separated by a colon. However, at least one hexadecimal digit must be written in each group separated by a colon: | + | To make it easier to write IPv6 addresses, it is not necessary to write zeros at the start of a group separated by a colon. However, at least one hexadecimal digit must be written in each group separated by a colon: |
| 2001: | 2001: | ||
| Ligne 576: | Ligne 575: | ||
| * Remove leading zeros in a group. | * Remove leading zeros in a group. | ||
| - | * Use : : to shorten as much as possible. | + | * Use : : to shorten |
| * If an address contains two consecutive groups of zeros of the same length, it is preferable to shorten the leftmost groups of zeros to : : and the rightmost groups to :0 : for each group. | * If an address contains two consecutive groups of zeros of the same length, it is preferable to shorten the leftmost groups of zeros to : : and the rightmost groups to :0 : for each group. | ||
| * Although permitted, do not use :: to shorten a group of zeros. Instead, use :0 : and keep : : for consecutive groups of zeros. | * Although permitted, do not use :: to shorten a group of zeros. Instead, use :0 : and keep : : for consecutive groups of zeros. | ||
| Ligne 592: | Ligne 591: | ||
| * The network prefix, | * The network prefix, | ||
| - | | + | |
| * The interface identifier, | * The interface identifier, | ||
| - | | + | |
| - | * An interface identifier identifies a particular interface on the subnet. | + | * An interface identifier identifies a particular interface on the subnet. |
| ====Subnet Masks==== | ====Subnet Masks==== | ||
| Ligne 672: | Ligne 671: | ||
| RHEL 9 uses **Network Manager** to manage the network. Network Manager has two components: | RHEL 9 uses **Network Manager** to manage the network. Network Manager has two components: | ||
| - | * a service that manages network connections and reports their status, | + | |
| - | * front-ends that use an API to configure the service. | + | * front-ends that use an API to configure the service. |
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| Ligne 710: | Ligne 709: | ||
| The **nmcli** (Network Manager Command Line Interface) command is used to configure NetworkManager. | The **nmcli** (Network Manager Command Line Interface) command is used to configure NetworkManager. | ||
| - | Command line switches and sub-commands can be accessed | + | Command line switches and sub-commands can be viewed |
| < | < | ||
| Ligne 754: | Ligne 753: | ||
| </ | </ | ||
| - | Create | + | Now create |
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection add con-name | + | [root@redhat9 ~]# nmcli connection add con-name |
| - | Connection 'ip_fixe' (b3d51921-4deb-4975-ad52-f31993b2af0c) successfully added. | + | Connection 'ip_fixed' (b3d51921-4deb-4975-ad52-f31993b2af0c) successfully added. |
| </ | </ | ||
| Ligne 768: | Ligne 767: | ||
| ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 | ||
| lo | lo | ||
| - | ip_fixe | + | ip_fixed |
| </ | </ | ||
| - | Note that the output does not indicate that the **ip_fix** profile is associated with the **ens18** device because the **ip_fix** profile is not enabled: | + | Note that the output does not indicate that the **ip_fixed** profile is associated with the **ens18** device because the **ip_fixed** profile is not enabled: |
| < | < | ||
| Ligne 806: | Ligne 805: | ||
| </ | </ | ||
| - | To activate the ip_fix | + | To activate the ip_fixed |
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection up ip_fixe | + | [root@redhat9 ~]# nmcli connection up ip_fixed |
| </ | </ | ||
| Ligne 819: | Ligne 818: | ||
| </ | </ | ||
| - | The ip_fix | + | The ip_fixed |
| < | < | ||
| [root@redhat9 ~]# nmcli c show | [root@redhat9 ~]# nmcli c show | ||
| NAME | NAME | ||
| - | ip_fixe | + | ip_fixed |
| lo | lo | ||
| ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 | ens18 ea4c8254-6236-3130-8323-8b3f71d807a1 | ||
| Ligne 834: | Ligne 833: | ||
| GENERAL.MTU: | GENERAL.MTU: | ||
| GENERAL.STATE: | GENERAL.STATE: | ||
| - | GENERAL.CONNECTION: | + | GENERAL.CONNECTION: |
| GENERAL.CON-PATH: | GENERAL.CON-PATH: | ||
| WIRED-PROPERTIES.CARRIER: | WIRED-PROPERTIES.CARRIER: | ||
| Ligne 921: | Ligne 920: | ||
| [q] | [q] | ||
| </ | </ | ||
| - | Similarly, to view the **ip_fixe** profile parameters, use the following command: | + | Similarly, to view the **ip_fixed** profile parameters, use the following command: |
| < | < | ||
| - | [root@redhat9 ~]# nmcli -p connection show ip_fixe | + | [root@redhat9 ~]# nmcli -p connection show ip_fixed |
| =============================================================================== | =============================================================================== | ||
| - | | + | |
| =============================================================================== | =============================================================================== | ||
| - | connection.id: | + | connection.id: |
| connection.uuid: | connection.uuid: | ||
| connection.stable-id: | connection.stable-id: | ||
| Ligne 990: | Ligne 989: | ||
| CONNECTIONS.AVAILABLE-CONNECTION-PATHS: | CONNECTIONS.AVAILABLE-CONNECTION-PATHS: | ||
| CONNECTIONS.AVAILABLE-CONNECTIONS[1]: | CONNECTIONS.AVAILABLE-CONNECTIONS[1]: | ||
| - | CONNECTIONS.AVAILABLE-CONNECTIONS[2]: | + | CONNECTIONS.AVAILABLE-CONNECTIONS[2]: |
| </ | </ | ||
| Ligne 999: | Ligne 998: | ||
| total 8 | total 8 | ||
| -rw-------. 1 root root 253 Oct 19 2023 ens18.nmconnection | -rw-------. 1 root root 253 Oct 19 2023 ens18.nmconnection | ||
| - | -rw-------. 1 root root 218 Sep 29 12:21 ip_fixe.nmconnection | + | -rw-------. 1 root root 218 Sep 29 12:21 ip_fixed.nmconnection |
| </ | </ | ||
| ====1.2 - Name resolution==== | ====1.2 - Name resolution==== | ||
| - | A study of the **/ | + | A study of the **/ |
| < | < | ||
| - | [root@redhat9 ~]# cat / | + | [root@redhat9 ~]# cat / |
| [connection] | [connection] | ||
| - | id=ip_fixe | + | id=ip_fixed |
| uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | ||
| type=ethernet | type=ethernet | ||
| Ligne 1034: | Ligne 1033: | ||
| </ | </ | ||
| - | Modify the configuration of the **ip_fixe** profile: | + | Modify the configuration of the **ip_fixed** profile: |
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection mod ip_fix | + | [root@redhat9 ~]# nmcli connection mod ip_fixed |
| </ | </ | ||
| - | A look at the **/ | + | A look at the **/ |
| < | < | ||
| - | [root@redhat9 ~]# cat / | + | [root@redhat9 ~]# cat / |
| [connection] | [connection] | ||
| - | id=ip_fixe | + | id=ip_fixed |
| uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | ||
| type=ethernet | type=ethernet | ||
| Ligne 1105: | Ligne 1104: | ||
| Lastly, check the name resolution: | Lastly, check the name resolution: | ||
| + | < | ||
| [root@redhat9 ~]# ping www.free.fr | [root@redhat9 ~]# ping www.free.fr | ||
| PING www.free.fr (212.27.48.10) 56(84) bytes of data. | PING www.free.fr (212.27.48.10) 56(84) bytes of data. | ||
| Ligne 1125: | Ligne 1125: | ||
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection mod ip_fix | + | [root@redhat9 ~]# nmcli connection mod ip_fixed |
| </ | </ | ||
| Ligne 1131: | Ligne 1131: | ||
| < | < | ||
| - | [root@redhat9 ~]# nmcli con up ip_fixe | + | [root@redhat9 ~]# nmcli con up ip_fixed |
| Connection successfully activated (D-Bus active path: / | Connection successfully activated (D-Bus active path: / | ||
| </ | </ | ||
| Ligne 1138: | Ligne 1138: | ||
| < | < | ||
| - | [root@redhat9 ~]# nmcli connection show ip_fixe | + | [root@redhat9 ~]# nmcli connection show ip_fixed |
| - | connection.id: | + | connection.id: |
| connection.uuid: | connection.uuid: | ||
| connection.stable-id: | connection.stable-id: | ||
| Ligne 1247: | Ligne 1247: | ||
| proxy.pac-url: | proxy.pac-url: | ||
| proxy.pac-script: | proxy.pac-script: | ||
| - | GENERAL.NAME: | + | GENERAL.NAME: |
| GENERAL.UUID: | GENERAL.UUID: | ||
| GENERAL.DEVICES: | GENERAL.DEVICES: | ||
| Ligne 1273: | Ligne 1273: | ||
| [q] | [q] | ||
| </ | </ | ||
| + | |||
| <WRAP center round important 60%> | <WRAP center round important 60%> | ||
| **Important** : Note the addition of the secondary address to the **ipv4.addresses: | **Important** : Note the addition of the secondary address to the **ipv4.addresses: | ||
| </ | </ | ||
| - | Now look at the contents of the **/ | + | Now look at the contents of the **/ |
| < | < | ||
| - | [root@redhat9 ~]# cat / | + | [root@redhat9 ~]# cat / |
| [connection] | [connection] | ||
| - | id=ip_fixe | + | id=ip_fixed |
| uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | uuid=b3d51921-4deb-4975-ad52-f31993b2af0c | ||
| type=ethernet | type=ethernet | ||
| Ligne 1583: | Ligne 1584: | ||
| ====2.3 - traceroute==== | ====2.3 - traceroute==== | ||
| - | The ping command is the basis of the **traceroute** command. This command is used to find out the route taken to access | + | The ping command is the basis of the **traceroute** command. This command is used to find out the route taken to reach a given host: |
| < | < | ||
| Ligne 2130: | Ligne 2131: | ||
| * The **keys** | * The **keys** | ||
| * **Asymmetric** and persistent user key pairs which ensure a user's identity and which are stored on the hard disk, | * **Asymmetric** and persistent user key pairs which ensure a user's identity and which are stored on the hard disk, | ||
| - | * **Asymmetric and persistent** host key guaranteeing the identity of the server and stored on hard disk. | + | * **Asymmetric and persistent** host key guaranteeing the identity of the server and stored on the hard disk. |
| * **Temporary asymmetric server key** used by the SSH1 protocol to encrypt the session key, | * **Temporary asymmetric server key** used by the SSH1 protocol to encrypt the session key, | ||
| * **Symmetric session key** which is generated at random and is used to encrypt the communication between the client and the server. It is destroyed at the end of the session. SSH-1 uses a single key, while SSH-2 uses one key for each direction of communication, | * **Symmetric session key** which is generated at random and is used to encrypt the communication between the client and the server. It is destroyed at the end of the session. SSH-1 uses a single key, while SSH-2 uses one key for each direction of communication, | ||
| Ligne 2175: | Ligne 2176: | ||
| * Using **asymmetric keys**, | * Using **asymmetric keys**, | ||
| - | * Identical to SSH-1 except with the DSA algorithm, | ||
| * **%%RhostsRSA%%**, | * **%%RhostsRSA%%**, | ||
| * Using a **password**. | * Using a **password**. | ||
| Ligne 2212: | Ligne 2212: | ||
| * The **client** sends the server an asymmetric key authentication request containing the key module to be used, | * The **client** sends the server an asymmetric key authentication request containing the key module to be used, | ||
| * The **server** looks for a match for this module in the **~/ | * The **server** looks for a match for this module in the **~/ | ||
| - | * If no match is found, the server terminates communication, | + | * If no match is found, the server terminates communication, |
| - | | + | |
| * The **client** receives the challenge and decrypts it using the private part of its key. It combines the challenge with the session identifier and encrypts the result. It then sends the encrypted result to the server. | * The **client** receives the challenge and decrypts it using the private part of its key. It combines the challenge with the session identifier and encrypts the result. It then sends the encrypted result to the server. | ||
| * The **server** generates the same hash and compares it with the one received from the client. If the two hashes are identical, authentication is successful. | * The **server** generates the same hash and compares it with the one received from the client. If the two hashes are identical, authentication is successful. | ||
| Ligne 2432: | Ligne 2432: | ||
| Sep 29 14:06:49 redhat9.ittraining.loc systemd[1]: Started OpenSSH server daemon. | Sep 29 14:06:49 redhat9.ittraining.loc systemd[1]: Started OpenSSH server daemon. | ||
| </ | </ | ||
| - | |||
| Put the **trainee** user in the **adm** group: | Put the **trainee** user in the **adm** group: | ||
| Ligne 2548: | Ligne 2547: | ||
| </ | </ | ||
| - | Generated public keys have the **.pub** extension. Private keys do not have a : | + | Generated public keys have the **.pub** extension. Private keys do not have a file extension: |
| < | < | ||
| Ligne 2556: | Ligne 2555: | ||
| </ | </ | ||
| - | Then restart the sshd service: | + | Now restart the sshd service: |
| < | < | ||
| Ligne 2693: | Ligne 2692: | ||
| ===SSH Tunnels=== | ===SSH Tunnels=== | ||
| - | The SSH protocol can be used to secure protocols such as telnet, pop3 and so on. In fact, you can create an SSH //tunnel// through which unsecured protocol communications pass. | + | The SSH protocol can be used to secure protocols such as telnet, pop3 and so on. You can create an SSH //tunnel// through which unsecured protocol communications pass. |
| The command to create an ssh tunnel takes the following form: | The command to create an ssh tunnel takes the following form: | ||
