Download Connecting to the Network, Part FOUR

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
Document related concepts
no text concepts found
Transcript 
Connecting to the Network
Part V
Setting Up IPv6:
 IPv6 uses the Neighbor Discovery Protocol(NDP)…this means
that a node in an IPv6 network is capable of setting its
own IPv6 address
 In every network, you need just one node to be configured
with a reliable IPv6 address
 This address consists of two parts:
o The first part is the network address
o The second part is the node ID on that network
o See example configuration below:
o Show image on presentation
 As shown in example above, in interace “eth0”, two IPv6
addresses are set
o 1st there is the address that starts with 2a01, then
there is the address starting with fe80
o The 1st address is a unique, worldwide address handed
out by an Internet Provider
o The address starting with “fe80” is an aIPv6 address
that is for internal use only
o On every node that has IPv6 configured, you will see
one of these addresses
 In IPv6 address, a total of 128 bits are used to create an
address that consists of eith groups of 2 bytes, written in
hexadecimal
 Since IPv6 has an enormous available address space, there
is no need to use subnet masks
o The 1st half of the address is used for the network
o The 2nd half of the address is used for the node portion
o This means in the imaginary address
fe80:1234:bad:café:216:3eff:fe37:eacd, the part up to
café is the network address and the part that starts
with 216 is the node ID on the network
o Look carefully at the node ID of the IPv6 address, you
will see that it includes the MAC address of the
network card on which the IPv6 address is set
o Because the MAC address is just 6 bytes by default, the
node ID is padded with the bytes ff:fe to make it an 8byte address in the 16-byte IPv6 address
 Now that you know how IPv6 uses the MAC address in the node
ID of the address, it’s easy to imagine how NDP works.
 NDP detects the network address in use on this network and
just adds the node ID to this network
 As for servers, it might be convenient to use a node ID
that is easier to recognize. . You can also set it
manually..
Let’s do that in the next Exercise: Setting a Fixed IPv6
Address
After Completing Exercise:
 You’ve configured your server as an IPv6 host
o This means that using the Neighbor Discovery Protocol,
it is now able to hand out IPv6 addresses to other
nodes in the network that are trying to find out which
address to use
o To complete the IPv6 configuration of your network, you
should also configure the DNS server to enable address
resolution for node names to IPv6 addresses and IPv6
addresses into node names
Configuring SSH
 Most servers are in datacenters – hostile environments that
are noisy and cold
 This means as an administrator of a Red Hat Enterprise
Linux Server, you probably want to access the server from a
distance
 The Secure Shell (SSH) protocol is the default service to
obtain remote access to a server
 To use SSH:
o You need an SSH server and SSH client
 SSH server is a process that runs on your server
o On most Linux distros, the name of this process is
“sshd”
o To connect to it from a client computer, you can use
the “ssh” client utility if the client is Linux OR you
can use PuTTY if you’re on a Windows client
Enabling the SSH Server
 The SSH service is installed on your server
 It’s enabled by default, however, make sure to start it
manually by using the “service sshd start” command
o After doing that, make sure that it is also started
after a reboot of your server by using “chkconfig sshd
on”
Exercise:
Enabling and Testing the SSH Server
After completing exercise:
 As you can see, it’s not hard to enable SSH on your server.
 An SSH server that has been enabled with all the default
settings isn’t a secure SSH server
 However, to make the SSH server secure, there are at least
two modifications you should make to the:
o /etc/ssh/sshd_config file
 The Port setting and the AllowRootLogin parameter
o Make sure to consider the following SSH security
settings:
 Port: By default, SSH listens on port 22. Every
hacker knows this. This means that if you offer SSH
services on port 22 of your server and it is
connected directly to the Internet, you will see
the first brute-force attack on your server within
minutes. . .So, change the SSH port to something
less obvious (if you’re directly connected to the
internet). . .use any port you like, except 22.
 ListenAddress: By default, your SSH server offers
its serverices on all IP addresses. In some cases,
you might want to restrict this to only the IP
addresses that are visible from the internal
network and not from the Internet. . .If this is
the case, change 0.0.0.0 to the specific IP address
on which your SSH server should offer its services
 PermitRootLogin: By default, this parameter allows
the user root to log in to your SSH server. This is
not a good idea. If root is permitted to log in,
the potential hacker only has to guess the root
password. It’s best to switch off root login by
giving this parameter the value no. This means
you’ll have to connect as an ordinary user, and
once connected, you’ll have to use su – to escalate
your privileges to the root level
 PasswordAuthentication: By default, this parameter
allows users to log in using passwords. If you have
created public/private key pairs, you might
consider switching off password authentication
completely. Be careful, though: switching off
password authentication also makes it difficult for
you to log in from an unknown machine where your
private key is not available
 AllowUsers: This is a very nice parameter that is
not “sshd_config” by default. . .Everyone should
use it and add a list of only those users you want
to allow to log in to your SSH server. .This makes
it really hard for hackers, because they will have
to guess the name of that user before starting this
evil work!
o You can change the default sshd behavior using many
other parameters. . .However, the parameters discussed
are generally considered the most important parameters.
TIP:
 There are two configuration files:
o /etc/ssh/ssh_config is the configuration file in which
you put default settings for the ssh client utility
o /etc/ssh/sshd_config is the configuration file you
specify default settings for the Secure Shell server
Exercise:
Securing the SSH Server
Using the SSH Client:
 An SSH client is available on every Linux computer
 Using it is easy – just use the name of the server you’d
like to connect to as the argument, and a connection with
be established
 Example: use ssh 192.168.0.1 to establish an SSH session
with SSH host 192.168.0.1
 By default, SSH connects with the same user ID as the one
with which you are currently logged in
 You can tell SSH client to connect as a different user,
using “username@servername” as the argument while using the
SSH command: For example:
o To connect as user linda to server 192.168.0.1, you can
use the command: ssh [email protected]
Related documents
E-business Website Development Lab
E-business Website Development Lab
Strengths and Potential of Swiss SSH Research with regard to
Strengths and Potential of Swiss SSH Research with regard to
Physical and mental wellbeing: A program for the long term rehabilitation of psychiatric patients (PDF File 185.9 KB)
Physical and mental wellbeing: A program for the long term rehabilitation of psychiatric patients (PDF File 185.9 KB)
SSH
SSH
I`ve found some time to write one more article for forum Exploit.in In
I`ve found some time to write one more article for forum Exploit.in In
SSH - Information Services and Technology
SSH - Information Services and Technology
Title: ISPs ignore IP timebomb
Title: ISPs ignore IP timebomb
Chapter 9b IPv6 Subnetting
Chapter 9b IPv6 Subnetting
MCB 372 homology vs analogy homology Sequence Similarity vs
MCB 372 homology vs analogy homology Sequence Similarity vs
PHILOSOPHY OF ARTIFICIAL INTELLIGENCE Artificial intelligence
PHILOSOPHY OF ARTIFICIAL INTELLIGENCE Artificial intelligence
Social Sciences and Humanities in Research on Space Exploration
Social Sciences and Humanities in Research on Space Exploration
Here we would like to find the three indicated node... method. So I’ll begin at node 1.
Here we would like to find the three indicated node... method. So I’ll begin at node 1.
to be levied on AMS
to be levied on AMS
classification - Computing and Information Studies
classification - Computing and Information Studies
The UNIX/Linux Operating System Networking/Internet
The UNIX/Linux Operating System Networking/Internet