Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Connecting to the Network Part V Setting Up IPv6: IPv6 uses the Neighbor Discovery Protocol(NDP)…this means that a node in an IPv6 network is capable of setting its own IPv6 address In every network, you need just one node to be configured with a reliable IPv6 address This address consists of two parts: o The first part is the network address o The second part is the node ID on that network o See example configuration below: o Show image on presentation As shown in example above, in interace “eth0”, two IPv6 addresses are set o 1st there is the address that starts with 2a01, then there is the address starting with fe80 o The 1st address is a unique, worldwide address handed out by an Internet Provider o The address starting with “fe80” is an aIPv6 address that is for internal use only o On every node that has IPv6 configured, you will see one of these addresses In IPv6 address, a total of 128 bits are used to create an address that consists of eith groups of 2 bytes, written in hexadecimal Since IPv6 has an enormous available address space, there is no need to use subnet masks o The 1st half of the address is used for the network o The 2nd half of the address is used for the node portion o This means in the imaginary address fe80:1234:bad:café:216:3eff:fe37:eacd, the part up to café is the network address and the part that starts with 216 is the node ID on the network o Look carefully at the node ID of the IPv6 address, you will see that it includes the MAC address of the network card on which the IPv6 address is set o Because the MAC address is just 6 bytes by default, the node ID is padded with the bytes ff:fe to make it an 8byte address in the 16-byte IPv6 address Now that you know how IPv6 uses the MAC address in the node ID of the address, it’s easy to imagine how NDP works. NDP detects the network address in use on this network and just adds the node ID to this network As for servers, it might be convenient to use a node ID that is easier to recognize. . You can also set it manually.. Let’s do that in the next Exercise: Setting a Fixed IPv6 Address After Completing Exercise: You’ve configured your server as an IPv6 host o This means that using the Neighbor Discovery Protocol, it is now able to hand out IPv6 addresses to other nodes in the network that are trying to find out which address to use o To complete the IPv6 configuration of your network, you should also configure the DNS server to enable address resolution for node names to IPv6 addresses and IPv6 addresses into node names Configuring SSH Most servers are in datacenters – hostile environments that are noisy and cold This means as an administrator of a Red Hat Enterprise Linux Server, you probably want to access the server from a distance The Secure Shell (SSH) protocol is the default service to obtain remote access to a server To use SSH: o You need an SSH server and SSH client SSH server is a process that runs on your server o On most Linux distros, the name of this process is “sshd” o To connect to it from a client computer, you can use the “ssh” client utility if the client is Linux OR you can use PuTTY if you’re on a Windows client Enabling the SSH Server The SSH service is installed on your server It’s enabled by default, however, make sure to start it manually by using the “service sshd start” command o After doing that, make sure that it is also started after a reboot of your server by using “chkconfig sshd on” Exercise: Enabling and Testing the SSH Server After completing exercise: As you can see, it’s not hard to enable SSH on your server. An SSH server that has been enabled with all the default settings isn’t a secure SSH server However, to make the SSH server secure, there are at least two modifications you should make to the: o /etc/ssh/sshd_config file The Port setting and the AllowRootLogin parameter o Make sure to consider the following SSH security settings: Port: By default, SSH listens on port 22. Every hacker knows this. This means that if you offer SSH services on port 22 of your server and it is connected directly to the Internet, you will see the first brute-force attack on your server within minutes. . .So, change the SSH port to something less obvious (if you’re directly connected to the internet). . .use any port you like, except 22. ListenAddress: By default, your SSH server offers its serverices on all IP addresses. In some cases, you might want to restrict this to only the IP addresses that are visible from the internal network and not from the Internet. . .If this is the case, change 0.0.0.0 to the specific IP address on which your SSH server should offer its services PermitRootLogin: By default, this parameter allows the user root to log in to your SSH server. This is not a good idea. If root is permitted to log in, the potential hacker only has to guess the root password. It’s best to switch off root login by giving this parameter the value no. This means you’ll have to connect as an ordinary user, and once connected, you’ll have to use su – to escalate your privileges to the root level PasswordAuthentication: By default, this parameter allows users to log in using passwords. If you have created public/private key pairs, you might consider switching off password authentication completely. Be careful, though: switching off password authentication also makes it difficult for you to log in from an unknown machine where your private key is not available AllowUsers: This is a very nice parameter that is not “sshd_config” by default. . .Everyone should use it and add a list of only those users you want to allow to log in to your SSH server. .This makes it really hard for hackers, because they will have to guess the name of that user before starting this evil work! o You can change the default sshd behavior using many other parameters. . .However, the parameters discussed are generally considered the most important parameters. TIP: There are two configuration files: o /etc/ssh/ssh_config is the configuration file in which you put default settings for the ssh client utility o /etc/ssh/sshd_config is the configuration file you specify default settings for the Secure Shell server Exercise: Securing the SSH Server Using the SSH Client: An SSH client is available on every Linux computer Using it is easy – just use the name of the server you’d like to connect to as the argument, and a connection with be established Example: use ssh 192.168.0.1 to establish an SSH session with SSH host 192.168.0.1 By default, SSH connects with the same user ID as the one with which you are currently logged in You can tell SSH client to connect as a different user, using “username@servername” as the argument while using the SSH command: For example: o To connect as user linda to server 192.168.0.1, you can use the command: ssh [email protected]