Difference between revisions of "IT-OS-Admin-Linux"
Jump to navigation
Jump to search
Samerhijazi (talk | contribs) (→Setting Firewall) |
Samerhijazi (talk | contribs) (→Kostenlose Kurse) |
||
| Line 1: | Line 1: | ||
==Kostenlose Kurse== | ==Kostenlose Kurse== | ||
*RHEL: https://www.redhat.com/en/services/training/rh024-red-hat-linux-technical-overview | *RHEL: https://www.redhat.com/en/services/training/rh024-red-hat-linux-technical-overview | ||
| + | ==SSH== | ||
| + | <pre class="code"> | ||
| + | sudo dnf install openssh-client | ||
| + | sudo dnf install openssh-server | ||
| + | sudo systemctl restart sshd.service | ||
| + | sudo systemctl enable sshd.service | ||
| + | .. | ||
| + | Key-Typs: RSA algorithm and DSA algorithm. | ||
| + | $HOME/.ssh/id_rsa: The file contains the RSA private key. | ||
| + | $HOME/.ssh/id_rsa.pub: The file contains the RSA public key. | ||
| + | $HOME/.ssh/authorized_keys: The file contains the keys that can be used for logging into system. | ||
| + | .. | ||
| + | sudo nano /etc/ssh/ssh_config | ||
| + | sudo nano /etc/ssh/sshd_config | ||
| + | ------------------------------ | ||
| + | RSAAuthentication yes | ||
| + | PubkeyAuthentication yes | ||
| + | AuthorizedKeysFile %h/.ssh/authorized_keys | ||
| + | PasswordAuthentication no # Yes: Can login with Password; No: Can’t login with Password | ||
| + | ------------------------------ | ||
| + | /etc/init.d/ssh restart | ||
| + | .. | ||
| + | ssh-keygen -t rsa -b 4096 -C "samerhijazi@hotmail.com" # Generate prv and pub Key | ||
| + | ssh-copy-id –i id_rsa.pub user@hostname # Copy Pub-Key to server | ||
| + | ssh –i id_rsa user@hotname # Login server with prv-key | ||
| + | ..or | ||
| + | cat ~/.ssh/id_rsa.pub | ssh user@hostname "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" | ||
| + | ssh user@hostname "echo `cat ~/.ssh/id_rsa.pub` >> ~/.ssh/authorized_keys" | ||
| + | </pre> | ||
==Setting Firewall== | ==Setting Firewall== | ||
Revision as of 21:18, 20 August 2019
Contents
Kostenlose Kurse
SSH
sudo dnf install openssh-client sudo dnf install openssh-server sudo systemctl restart sshd.service sudo systemctl enable sshd.service .. Key-Typs: RSA algorithm and DSA algorithm. $HOME/.ssh/id_rsa: The file contains the RSA private key. $HOME/.ssh/id_rsa.pub: The file contains the RSA public key. $HOME/.ssh/authorized_keys: The file contains the keys that can be used for logging into system. .. sudo nano /etc/ssh/ssh_config sudo nano /etc/ssh/sshd_config ------------------------------ RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys PasswordAuthentication no # Yes: Can login with Password; No: Can’t login with Password ------------------------------ /etc/init.d/ssh restart .. ssh-keygen -t rsa -b 4096 -C "samerhijazi@hotmail.com" # Generate prv and pub Key ssh-copy-id –i id_rsa.pub user@hostname # Copy Pub-Key to server ssh –i id_rsa user@hotname # Login server with prv-key ..or cat ~/.ssh/id_rsa.pub | ssh user@hostname "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" ssh user@hostname "echo `cat ~/.ssh/id_rsa.pub` >> ~/.ssh/authorized_keys"
Setting Firewall
Service
$ sudo systemctl disable firewalld $ sudo systemctl stop firewalld $ sudo systemctl disable NetworkManager $ sudo systemctl stop NetworkManager $ sudo systemctl enable network $ sudo systemctl start network
Zone
sudo firewall-cmd --get-zones sudo firewall-cmd --get-active-zones sudo firewall-cmd --get-default-zone sudo firewall-cmd --get-services sudo firewall-cmd --list-all sudo firewall-cmd --list-ports
Zone-home
sudo firewall-cmd --zone=home --list-all sudo firewall-cmd --zone=home --list-ports sudo firewall-cmd --zone=home --list-services
Setting
sudo firewall-cmd --set-default-zone=home sudo firewall-cmd --zone=home --change-interface=eth0 sudo firewall-cmd --zone=home --add-service=http sudo firewall-cmd --zone=home --add-port=80/tcp --permanent
New Zone "boxblue"
sudo firewall-cmd --permanent --new-zone=boxblue sudo firewall-cmd --permanent --zone=boxblue --add-service=ssh sudo firewall-cmd --permanent --zone=boxblue --add-service=http sudo firewall-cmd --permanent --zone=boxblue --add-service=https sudo firewall-cmd --permanent --zone=boxblue --add-port=80/tcp sudo firewall-cmd --permanent --zone=boxblue --add-port=22/tcp sudo firewall-cmd --permanent --zone=boxblue --change-interface=wlp0s19f2u1 sudo firewall-cmd --permanent --set-default-zone=boxblue
Update
sudo firewall-cmd --reload sudo systemctl restart network sudo systemctl reload firewalld
