1 / 67

SUSE Linux Enterprise Desktop Administration

SUSE Linux Enterprise Desktop Administration. Chapter 5 Manage the Network Configuration. Objectives. Objective 1—Manage the Network Configuration Information from YaST Objective 2—Test the Network Connection with Command-Line Tools Objective 3—Use SuSEfirewall2

genna
Download Presentation

SUSE Linux Enterprise Desktop Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SUSE Linux Enterprise Desktop Administration Chapter 5 Manage the Network Configuration

  2. Objectives • Objective 1—Manage the Network Configuration Information from YaST • Objective 2—Test the Network Connection with Command-Line Tools • Objective 3—Use SuSEfirewall2 • Objective 4—Use Network Manager to Configure the Network • Objective 5—Provide Remote Access SUSE Linux Enterprise Desktop Administration

  3. Objective 1—Manage the Network Configuration Information from YaST • The YaST module for configuring network cards and the network connection • Can be accessed from the YaST Control Center • See Figure 5-1 • To activate the network configuration module, select Network Devices > Network Card • Network setup methods: • User Controlled with Network Manager • Traditional Method with ifup SUSE Linux Enterprise Desktop Administration

  4. Figure 5-1 The YaST module for configuring network cards and the network connection SUSE Linux Enterprise Desktop Administration

  5. Figure 5-2 List of the detected network cards SUSE Linux Enterprise Desktop Administration

  6. Objective 1—Manage the Network Configuration Information from YaST (continued) • Cards are usually autodetected by YaST • And the correct kernel module is used • Select the card you want to configure • Then select Edit (see Figure 5-4) • If the card is not recognized by YaST, the required module must be entered manually • Use the Manual Network Card Configuration dialog to configure: (see Figure 5-3) • Network Configuration • Kernel Module SUSE Linux Enterprise Desktop Administration

  7. Figure 5-3 Manual Network Card Configuration dialog SUSE Linux Enterprise Desktop Administration

  8. Figure 5-4 Network Address Setup dialog SUSE Linux Enterprise Desktop Administration

  9. Objective 1—Manage the Network Configuration Information from YaST (continued) • Network address options • None Address Setup • Automatic Address Setup (via DHCP) • Static Address Setup • Hostname and Name Server • Routing • Advanced • Hostname and Name Server configuration • See Figure 5-6 SUSE Linux Enterprise Desktop Administration

  10. Figure 5-6 Hostname and Name Server Configuration dialog SUSE Linux Enterprise Desktop Administration

  11. Objective 1—Manage the Network Configuration Information from YaST (continued) • Routing configuration • See Figure 5-7 • General configuration options (see Figure 5-8) • Firewall Zone • No Zone, All Traffic Blocked • Internal Zone (Unprotected) • Demilitarized Zone • External Zone • Device Activation • MTU (Maximum Transfer Unit) SUSE Linux Enterprise Desktop Administration

  12. Figure 5-7 Routing Configuration dialog SUSE Linux Enterprise Desktop Administration

  13. Figure 5-8 General tab of the Network Address Setup dialog SUSE Linux Enterprise Desktop Administration

  14. Objective 1—Manage the Network Configuration Information from YaST (continued) • If you selected Wireless as a Device Type for a WLAN card • A dialog appears where you can enter WLAN-specific configuration parameters • WEP keys are entered in a separate dialog after selecting WEP Keys • Verify that the Ethernet card is available in the computer using the ip command SUSE Linux Enterprise Desktop Administration

  15. Exercise 5-1: Manage the Network Configuration Information from YaST • In this exercise, change all important configuration information into static values • Use the ip command to find out which IP address you are currently using • Note your current hostname • Then change the network configuration to a static IP address, using the values you found • Use 10.0.0.254 as the default gateway and also as the address of the name server SUSE Linux Enterprise Desktop Administration

  16. Objective 2—Test the Network Connection with Command-Line Tools • This objective will cover the following: • View and Change the Network Configuration with ip • Test Network Connections • Trace Network Packets SUSE Linux Enterprise Desktop Administration

  17. View and Change the Network Configuration with ip • IP address setup • To display the IP address setup of all interfaces, enter ip address show SUSE Linux Enterprise Desktop Administration

  18. View and Change the Network Configuration with ip (continued) • Device attributes • If you are only interested in the device attributes and not in the IP address setup, you can enter ip link show SUSE Linux Enterprise Desktop Administration

  19. View and Change the Network Configuration with ip (continued) • Device statistics • You can use the option -s with the ip command to display additional statistics information about the devices SUSE Linux Enterprise Desktop Administration

  20. View and Change the Network Configuration with ip (continued) • Routing table • To view the current routing table, enter ip route show • Assign an IP address to a device • Delete the IP address from a device SUSE Linux Enterprise Desktop Administration

  21. View and Change the Network Configuration with ip (continued) • Change device attributes • You can also change device attributes with the ip tool • Basic command: ip link set device attribute • Set and delete routes • Set a route to a different network • Delete an entry from the routing table SUSE Linux Enterprise Desktop Administration

  22. Test Network Connections with ping • Tool ping • Lets you check network connections between two hosts in a simple way • Sends special network packets to the target system and waits for a reply • Basic syntax: ping 10.0.0.10 SUSE Linux Enterprise Desktop Administration

  23. Table 5-1 Options for ping SUSE Linux Enterprise Desktop Administration

  24. Trace Network Packets with traceroute • traceroute • Diagnosis tool primarily used to check the routing between different networks • Sends packets with an increasing TTL value to the destination host • Uses UDP packets, which are called datagrams • Syntax: traceroute hostname SUSE Linux Enterprise Desktop Administration

  25. Exercise 5-2: Test the Network Configuration • In this exercise, you view the current network configuration with the ip command and test it using ping and traceroute • Use ip to view the current IP address and current route • Use ping to access your own IP address, that of the gateway, and that of www.novell.com • Use traceroute to view the hops an IP packet takes to access www.novell.com SUSE Linux Enterprise Desktop Administration

  26. Objective 3—Use SuSEfirewall2 • Packet filtering in Linux is done by the kernel and its netfilter framework • SuSEfirewall2 • Consists of a number of scripts that set rules to filter IP packets using the program iptables • Can be configured using the YaST Firewall module • An alternative would be to edit the file /etc/sysconfig/SuSEfirewall2 with a text editor • See Figure 5-9 SUSE Linux Enterprise Desktop Administration

  27. Figure 5-9 YaST Firewall module SUSE Linux Enterprise Desktop Administration

  28. Figure 5-10 Assign desktop system interfaces to the External Zone SUSE Linux Enterprise Desktop Administration

  29. Objective 3—Use SuSEfirewall2 (continued) • Allowing SSH services • See Figure 5-11 • Changes are stored in the file /etc/sysconfig/SuSEfirewall2 SUSE Linux Enterprise Desktop Administration

  30. Figure 5-11 Allowing SSH service SUSE Linux Enterprise Desktop Administration

  31. Figure 5-12 Firewall configuration summary SUSE Linux Enterprise Desktop Administration

  32. Objective 4—Use NetworkManager to Configure the Network • NetworkManager • Allows you to change the network configuration according to your needs • Without switching to the root account • Runs as a root-user system level daemon • Programs used • /usr/sbin/NetworkManager • /usr/sbin/NetworkManagerDispatcher • NetworkManager will first try a wired and then a wireless adapter SUSE Linux Enterprise Desktop Administration

  33. Objective 4—Use NetworkManager to Configure the Network (continued) • NetworkManager keeps two lists of wireless networks: • A trusted list and a preferred list • NetworkManager applet • Shows the current network configuration • Also allows you to change the configuration • To connect to a wireless network, select a wireless network entry • Your computer will be disconnected from the wired network and connected to the wireless network SUSE Linux Enterprise Desktop Administration

  34. Figure 5-13 Switching to NetworkManager SUSE Linux Enterprise Desktop Administration

  35. Objective 4—Use NetworkManager to Configure the Network (continued) Figure 5-14 NetworkManager applet SUSE Linux Enterprise Desktop Administration

  36. Objective 5—Provide Remote Access • This objective explains how to: • Use OpenSSH • Configure VPN Connections • Use VNC SUSE Linux Enterprise Desktop Administration

  37. Use OpenSSH • SSH suite • Developed to provide secure transmission by encrypting the authentication strings • And all the other data exchanged between the hosts • SUSE Linux Enterprise Desktop 10 installs the package OpenSSH by default • Includes programs such as ssh, scp, and sftp as alternatives to Telnet, rlogin, rsh, rcp, and FTP SUSE Linux Enterprise Desktop Administration

  38. Use OpenSSH (continued) • Cryptography basics • Cryptography deals with procedures and techniques used to encrypt data • And prove the authenticity of data • Symmetric encryption • DES (Data Encryption Standard) • Triple DES • IDEA • Blowfish • AES (Advanced Encryption Standard) SUSE Linux Enterprise Desktop Administration

  39. Use OpenSSH (continued) • Cryptography basics (continued) • Asymmetric encryption • RSA • DSA • Diffie Hellman • SSH features and architecture • SSH features • Login from a remote host • Interactive or noninteractive command execution on remote hosts SUSE Linux Enterprise Desktop Administration

  40. Use OpenSSH (continued) • SSH features and architecture (continued) • SSH features (continued) • File copying between different network hosts; optional support for compressing data • Cryptographically secured authentication and communication across insecure networks • Automatic and transparent encryption of all communication • Complete substitution of the ‘‘r’’ utilities: rlogin, rsh, and rcp • Port forwarding • Tunneling SUSE Linux Enterprise Desktop Administration

  41. Use OpenSSH (continued) • SSH features and architecture (continued) • SSH protocol versions • Protocol Version 1 (SSH1) (see Figure 5-16) • Protocol Version 2 (SSH2) (see Figure 5-17) • SSH authentication mechanism configuration • SSH server can decrypt the session key generated and encrypted by the client only if it also has the private key • Client can check if the public host key of the server really belongs to the server • SSH currently does not use any directory services or any certificates for public key management SUSE Linux Enterprise Desktop Administration

  42. Figure 5-16 SSH Protocol Version 1 (SSH1) SUSE Linux Enterprise Desktop Administration

  43. Figure 5-17 SSH Protocol Version 2 (SSH2) SUSE Linux Enterprise Desktop Administration

  44. Use OpenSSH (continued) • SSH features and architecture (continued) • SSH authentication mechanism configuration (continued) • The two most important mechanisms • Public key (RSA/DSA) authentication • Password authentication • Configure the SSH server • See Table 5-3 • Configuration file for the server is /etc/ssh/sshd_config SUSE Linux Enterprise Desktop Administration

  45. Use OpenSSH (continued) Table 5-3 SSH Server configuration options SUSE Linux Enterprise Desktop Administration

  46. Use OpenSSH (continued) • Configure the SSH client • Edit the file /etc/ssh/ssh_config • Users can edit their individual settings in the file /.ssh/config • Ensure that only servers are accepted whose keys have been previously added to /.ssh/known_hosts or /etc/ssh/ssh_known_hosts • Set the option StrictHostKeyChecking in the client configuration file (/.ssh/config) to yes SUSE Linux Enterprise Desktop Administration

  47. Use OpenSSH (continued) • SSH-related commands • See Table 5-4 • Basic syntax for ssh: • ssh options host command • Basic syntax for scp is: • scp options sourcefile destinationfile • SSH can also be used to protect unencrypted traffic, like POP3, by tunneling it through an SSH connection SUSE Linux Enterprise Desktop Administration

  48. Use OpenSSH (continued) Table 5-4 SSH-related commands SUSE Linux Enterprise Desktop Administration

  49. Exercise 5-3: Practice Using OpenSSH • Perform the following tasks: • Log in to your partner’s computer as root • Execute the ps aux command on your partner’s computer without logging in to his or her computer • Copy the /etc/hosts file from your partner’s computer to your /tmp directory • Copy the /etc/hosts file from your computer to the home directory of geeko on your partner’s computer • Using sftp, copy the /bin/date file from your partner’s computer to /home/geeko/ on your computer SUSE Linux Enterprise Desktop Administration

  50. Use OpenSSH (continued) • Public key authentication management • Public key authentication process • Public key of the user has to be stored on the server in the home directory of the user account being accessed • Public keys are stored on the server in the file/.ssh/authorized_keys • The corresponding private key must be stored on the client computer • The secret key should be protected by a passphrase SUSE Linux Enterprise Desktop Administration

More Related