1 / 66

SUSE Linux Enterprise Desktop Administration

SUSE Linux Enterprise Desktop Administration. Objectives. Objective 1

bart
Download Presentation

SUSE Linux Enterprise Desktop Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. SUSE Linux Enterprise Desktop Administration Chapter 5 Manage the Network Configuration

    2. SUSE Linux Enterprise Desktop Administration Objectives Objective 1—Manage the Network Configuration Information from YaST Objective 2—Test the Network Connection with Command-Line Tools Objective 3—Use SuSEfirewall2 Objective 4—Use Network Manager to Configure the Network Objective 5—Provide Remote Access 2

    3. SUSE Linux Enterprise Desktop Administration Objective 1—Manage the Network Configuration Information from YaST The YaST module for configuring network cards and the network connection Can be accessed from the YaST Control Center See Figure 5-1 To activate the network configuration module, select Network Devices > Network Card Network setup methods: User Controlled with Network Manager Traditional Method with ifup 3

    4. SUSE Linux Enterprise Desktop Administration 4

    5. SUSE Linux Enterprise Desktop Administration 5

    6. SUSE Linux Enterprise Desktop Administration Objective 1—Manage the Network Configuration Information from YaST (continued) Cards are usually autodetected by YaST And the correct kernel module is used Select the card you want to configure Then select Edit (see Figure 5-4) If the card is not recognized by YaST, the required module must be entered manually Use the Manual Network Card Configuration dialog to configure: (see Figure 5-3) Network Configuration Kernel Module 6

    7. SUSE Linux Enterprise Desktop Administration 7

    8. SUSE Linux Enterprise Desktop Administration 8

    9. SUSE Linux Enterprise Desktop Administration Objective 1—Manage the Network Configuration Information from YaST (continued) Network address options None Address Setup Automatic Address Setup (via DHCP) Static Address Setup Hostname and Name Server Routing Advanced Hostname and Name Server configuration See Figure 5-6 9

    10. SUSE Linux Enterprise Desktop Administration 10

    11. SUSE Linux Enterprise Desktop Administration Objective 1—Manage the Network Configuration Information from YaST (continued) Routing configuration See Figure 5-7 General configuration options (see Figure 5-8) Firewall Zone No Zone, All Traffic Blocked Internal Zone (Unprotected) Demilitarized Zone External Zone Device Activation MTU (Maximum Transfer Unit) 11

    12. SUSE Linux Enterprise Desktop Administration 12

    13. SUSE Linux Enterprise Desktop Administration 13

    14. SUSE Linux Enterprise Desktop Administration Objective 1—Manage the Network Configuration Information from YaST (continued) If you selected Wireless as a Device Type for a WLAN card A dialog appears where you can enter WLAN-specific configuration parameters WEP keys are entered in a separate dialog after selecting WEP Keys Verify that the Ethernet card is available in the computer using the ip command 14

    15. SUSE Linux Enterprise Desktop Administration Exercise 5-1: Manage the Network Configuration Information from YaST In this exercise, change all important configuration information into static values Use the ip command to find out which IP address you are currently using Note your current hostname Then change the network configuration to a static IP address, using the values you found Use 10.0.0.254 as the default gateway and also as the address of the name server 15

    16. SUSE Linux Enterprise Desktop Administration Objective 2—Test the Network Connection with Command-Line Tools This objective will cover the following: View and Change the Network Configuration with ip Test Network Connections Trace Network Packets 16

    17. SUSE Linux Enterprise Desktop Administration View and Change the Network Configuration with ip IP address setup To display the IP address setup of all interfaces, enter ip address show 17

    18. SUSE Linux Enterprise Desktop Administration View and Change the Network Configuration with ip (continued) Device attributes If you are only interested in the device attributes and not in the IP address setup, you can enter ip link show 18

    19. SUSE Linux Enterprise Desktop Administration View and Change the Network Configuration with ip (continued) Device statistics You can use the option -s with the ip command to display additional statistics information about the devices 19

    20. SUSE Linux Enterprise Desktop Administration View and Change the Network Configuration with ip (continued) Routing table To view the current routing table, enter ip route show Assign an IP address to a device Delete the IP address from a device 20

    21. SUSE Linux Enterprise Desktop Administration View and Change the Network Configuration with ip (continued) Change device attributes You can also change device attributes with the ip tool Basic command: ip link set device attribute Set and delete routes Set a route to a different network Delete an entry from the routing table 21

    22. SUSE Linux Enterprise Desktop Administration Test Network Connections with ping Tool ping Lets you check network connections between two hosts in a simple way Sends special network packets to the target system and waits for a reply Basic syntax: ping 10.0.0.10 22

    23. SUSE Linux Enterprise Desktop Administration 23

    24. SUSE Linux Enterprise Desktop Administration Trace Network Packets with traceroute traceroute Diagnosis tool primarily used to check the routing between different networks Sends packets with an increasing TTL value to the destination host Uses UDP packets, which are called datagrams Syntax: traceroute hostname 24

    25. SUSE Linux Enterprise Desktop Administration Exercise 5-2: Test the Network Configuration In this exercise, you view the current network configuration with the ip command and test it using ping and traceroute Use ip to view the current IP address and current route Use ping to access your own IP address, that of the gateway, and that of www.novell.com Use traceroute to view the hops an IP packet takes to access www.novell.com 25

    26. SUSE Linux Enterprise Desktop Administration Objective 3—Use SuSEfirewall2 Packet filtering in Linux is done by the kernel and its netfilter framework SuSEfirewall2 Consists of a number of scripts that set rules to filter IP packets using the program iptables Can be configured using the YaST Firewall module An alternative would be to edit the file /etc/sysconfig/SuSEfirewall2 with a text editor See Figure 5-9 26

    27. SUSE Linux Enterprise Desktop Administration 27

    28. SUSE Linux Enterprise Desktop Administration 28

    29. SUSE Linux Enterprise Desktop Administration Objective 3—Use SuSEfirewall2 (continued) Allowing SSH services See Figure 5-11 Changes are stored in the file /etc/sysconfig/SuSEfirewall2 29

    30. SUSE Linux Enterprise Desktop Administration 30

    31. SUSE Linux Enterprise Desktop Administration 31

    32. SUSE Linux Enterprise Desktop Administration Objective 4—Use NetworkManager to Configure the Network NetworkManager Allows you to change the network configuration according to your needs Without switching to the root account Runs as a root-user system level daemon Programs used /usr/sbin/NetworkManager /usr/sbin/NetworkManagerDispatcher NetworkManager will first try a wired and then a wireless adapter 32

    33. SUSE Linux Enterprise Desktop Administration Objective 4—Use NetworkManager to Configure the Network (continued) NetworkManager keeps two lists of wireless networks: A trusted list and a preferred list NetworkManager applet Shows the current network configuration Also allows you to change the configuration To connect to a wireless network, select a wireless network entry Your computer will be disconnected from the wired network and connected to the wireless network 33

    34. SUSE Linux Enterprise Desktop Administration 34

    35. SUSE Linux Enterprise Desktop Administration 35 Objective 4—Use NetworkManager to Configure the Network (continued)

    36. SUSE Linux Enterprise Desktop Administration Objective 5—Provide Remote Access This objective explains how to: Use OpenSSH Configure VPN Connections Use VNC 36

    37. SUSE Linux Enterprise Desktop Administration Use OpenSSH SSH suite Developed to provide secure transmission by encrypting the authentication strings And all the other data exchanged between the hosts SUSE Linux Enterprise Desktop 10 installs the package OpenSSH by default Includes programs such as ssh, scp, and sftp as alternatives to Telnet, rlogin, rsh, rcp, and FTP 37

    38. SUSE Linux Enterprise Desktop Administration Use OpenSSH (continued) Cryptography basics Cryptography deals with procedures and techniques used to encrypt data And prove the authenticity of data Symmetric encryption DES (Data Encryption Standard) Triple DES IDEA Blowfish AES (Advanced Encryption Standard) 38

    39. SUSE Linux Enterprise Desktop Administration Use OpenSSH (continued) Cryptography basics (continued) Asymmetric encryption RSA DSA Diffie Hellman SSH features and architecture SSH features Login from a remote host Interactive or noninteractive command execution on remote hosts 39

    40. SUSE Linux Enterprise Desktop Administration Use OpenSSH (continued) SSH features and architecture (continued) SSH features (continued) File copying between different network hosts; optional support for compressing data Cryptographically secured authentication and communication across insecure networks Automatic and transparent encryption of all communication Complete substitution of the ‘‘r’’ utilities: rlogin, rsh, and rcp Port forwarding Tunneling 40

    41. SUSE Linux Enterprise Desktop Administration Use OpenSSH (continued) SSH features and architecture (continued) SSH protocol versions Protocol Version 1 (SSH1) (see Figure 5-16) Protocol Version 2 (SSH2) (see Figure 5-17) SSH authentication mechanism configuration SSH server can decrypt the session key generated and encrypted by the client only if it also has the private key Client can check if the public host key of the server really belongs to the server SSH currently does not use any directory services or any certificates for public key management 41

    42. SUSE Linux Enterprise Desktop Administration 42

    43. SUSE Linux Enterprise Desktop Administration 43

    44. SUSE Linux Enterprise Desktop Administration Use OpenSSH (continued) SSH features and architecture (continued) SSH authentication mechanism configuration (continued) The two most important mechanisms Public key (RSA/DSA) authentication Password authentication Configure the SSH server See Table 5-3 Configuration file for the server is /etc/ssh/sshd_config 44

    45. SUSE Linux Enterprise Desktop Administration Use OpenSSH (continued) 45

    46. SUSE Linux Enterprise Desktop Administration Use OpenSSH (continued) Configure the SSH client Edit the file /etc/ssh/ssh_config Users can edit their individual settings in the file /.ssh/config Ensure that only servers are accepted whose keys have been previously added to /.ssh/known_hosts or /etc/ssh/ssh_known_hosts Set the option StrictHostKeyChecking in the client configuration file (/.ssh/config) to yes 46

    47. SUSE Linux Enterprise Desktop Administration Use OpenSSH (continued) SSH-related commands See Table 5-4 Basic syntax for ssh: ssh options host command Basic syntax for scp is: scp options sourcefile destinationfile SSH can also be used to protect unencrypted traffic, like POP3, by tunneling it through an SSH connection 47

    48. SUSE Linux Enterprise Desktop Administration Use OpenSSH (continued) 48

    49. SUSE Linux Enterprise Desktop Administration Exercise 5-3: Practice Using OpenSSH Perform the following tasks: Log in to your partner’s computer as root Execute the ps aux command on your partner’s computer without logging in to his or her computer Copy the /etc/hosts file from your partner’s computer to your /tmp directory Copy the /etc/hosts file from your computer to the home directory of geeko on your partner’s computer Using sftp, copy the /bin/date file from your partner’s computer to /home/geeko/ on your computer 49

    50. SUSE Linux Enterprise Desktop Administration Use OpenSSH (continued) Public key authentication management Public key authentication process Public key of the user has to be stored on the server in the home directory of the user account being accessed Public keys are stored on the server in the file/.ssh/authorized_keys The corresponding private key must be stored on the client computer The secret key should be protected by a passphrase 50

    51. SUSE Linux Enterprise Desktop Administration Use OpenSSH (continued) Public key authentication management (continued) Create a key pair Create a key pair with the ssh-keygen command A different key is required for SSH1 than for SSH2 The keys are stored in the directory /.ssh Configure and use public key authentication For authentication using RSA or DSA keys, you need to copy the public key to the server And then append the public key to the file /.ssh/authorized_keys 51

    52. SUSE Linux Enterprise Desktop Administration Use OpenSSH (continued) Public key authentication management (continued) Configure and use public key authentication (continued) When authentication is done with keys, the passphrase is required when logging in to the server Or when copying with scp The ssh-agent can be used to avoid typing this passphrase upon each connection The ssh-agent serves as a wrapper for any other process You can also use the ssh-agent with a graphical login 52

    53. SUSE Linux Enterprise Desktop Administration Exercise 5-4: Perform Public Key Authentication Create an ssh-key pair, add the public key to the file ~geeko/.ssh/authorized_keys on your partner’s computer, and note the difference between logging in with and without a public key Then, use the ssh-agent to cache the private key and log in again to your partner’s machine as geeko As root, change the SSH server configuration to allow only public key authentication Restart sshd and, as root, try ssh geeko@localhost 53

    54. SUSE Linux Enterprise Desktop Administration Configure VPN Connections VPN and IPSec basics VPN (Virtual Private Network) Technology that uses one network infrastructure to carry the packets of another network A VPN does not necessarily have to encrypt the traffic, but encryption is used on most VPNs Technologies used to implement VPNs IPSec, OpenVPN, L2TP, HTTPS, and SSH 54

    55. SUSE Linux Enterprise Desktop Administration Configure VPN Connections (continued) 55

    56. SUSE Linux Enterprise Desktop Administration Configure VPN Connections (continued) Configure VPN connections with NetworkManager The NetworkManager applet makes it easy to connect to a VPN gateway See Figure 5-19 An assistant guides you through the VPN configuration See Figure 5-20 Types of VPN clients Novell VPN client, OpenVPN client, and Compatible Cisco VPN client (vpnc) See Figure 5-21 56

    57. SUSE Linux Enterprise Desktop Administration Configure VPN Connections (continued) 57

    58. SUSE Linux Enterprise Desktop Administration Configure VPN Connections (continued) 58

    59. SUSE Linux Enterprise Desktop Administration 59

    60. SUSE Linux Enterprise Desktop Administration Configure VPN Connections (continued) Configure VPN connections with NetworkManager (continued) GNOME keyring Application that allows you to store various credentials and protect them with a password Advantage of using the GNOME keyring You only have to remember one password to unlock the encrypted keyring Contains various usernames and corresponding passwords for different applications 60

    61. SUSE Linux Enterprise Desktop Administration Use VNC VNC (Virtual Network Computing) VNC server software component transmits the content of the screen to a remote computer Running the VNC viewer software Allows someone else to view your desktop Allows another user to interact with the mouse and keyboard Implementations used on SUSE Linux Enterprise Desktop 10 are TightVNC and vino See Figures 5-24 and 5-25 61

    62. SUSE Linux Enterprise Desktop Administration Use VNC (continued) 62

    63. SUSE Linux Enterprise Desktop Administration Use VNC (continued) 63

    64. SUSE Linux Enterprise Desktop Administration Exercise 5-5: Use VNC In this exercise, you will work with a partner You start the VNC server using vino-preferences and allow your partner to connect to your desktop with vncviewer 64

    65. SUSE Linux Enterprise Desktop Administration Summary The Network Card module of YaST can be used to easily manage your network interface configuration Common IP configuration parameters include an IP address, subnet mask, hostname, name server (DNS), and WLAN settings for wireless network interfaces Network interface and IP information is stored in the /etc/sysconfig/network directory Different IP networks are connected to one another via routers 65

    66. SUSE Linux Enterprise Desktop Administration Summary (continued) After system initialization, you can use the ip command to view, configure, and manage your network interfaces, IP configuration, and routing table You can use the Firewall module of YaST to configure packet filtering on your network interfaces NetworkManager can be used to keep track of several wired and wireless networks on portable or laptop computers The SSH daemon (sshd) provides a secure alternative to telnet, rlogin, rsh, rcp, and FTP by encrypting traffic 66

    67. SUSE Linux Enterprise Desktop Administration Summary (continued) SSH uses a combination of asymmetric and symmetric encryption and supports several standard encryption algorithms You can configure the SSH type, authentication, and encryption types in the SSH server configuration file /etc/ssh/sshd_config You can generate asymmetric SSH encryption keys using the ssh-keygen command and view them using the ssh-keyscan command You can use the vino-preferences command to configure a VNC server 67

More Related