Lesson 3

Dates: 2/6/2013
Linux networking
Linux for Engineering and IT Applications


Practical Exercises
  • Install ethtool by using APT: 
    apt-get install ethtool
    You can see the parameter settings for the network card, such connection status, speed, duplex mode, by using command ethtool 
    ethtool eth0
    You can also see the driver (kernel module) attached to the network card: 
    ethtool -i eth0
    By using ethtool, configure the network interface for 100 MBit half-duplex, 10 MBit half-duplex modes, then autonegotiate for the default mode. 
    ethtool eth0
ethtool -s eth0 autoneg off speed 100 duplex half
ethtool eth0
ethtool -s eth0 speed 10 duplex half
ethtool eth0
ethtool -s eth0 autoneg on
ethtool -r eth0
ethtool eth0
  • During the installation, the network settings on your computer are configured for DHCP.
    Renew the IP address lease: 
    dhclient
    Alternatively, you can renew the lease by restarting the network script: 
    /etc/init.d/networking restart

  • ARP command: 
    arp -a
ping desktop01
ping desktop02
ping node02
ping capone 
arp -a
    Every time when you are trying to access any remote machine via TCP/IP, your ARP cash gets updated first, then the MAC address of the remote host, or the gateway if the host is located outside of your subnet, is used to deliver the ethernet frame.

  • traceroute command: 
    /usr/sbin/traceroute -I capone 
/usr/sbin/traceroute -I engsoft.rutgers.edu
/usr/sbin/traceroute -I eden.rutgers.edu
    This shows you all the gateways between the subnets your packet travels towards the destination (engsoft.rutgers.edu for example).

  • Re-configure your network interface for network 192.5.1.0/24 using ifconfig command. If you are on desktop04 machine, for example: 
    /sbin/ifconfig eth0 192.5.1.4 netmask 255.255.255.0 up
    Ask your neighbor to reconfigure his machine on the same network (192.5.1.0/24 ); try to ping each other machines. Make sure you are using different IP addresses on the same subnet. Try to ping any machine on the original subnet, 192.168.5.0/24 As you understand, there is no routing set between subnets 192.5.1.0/24 and 192.168.5.0/24 so you can't pass network packets between them.
    Do the same network re-configuration using the network scipt file. Edit file /etc/network/interfaces and put the following settings there: 
    auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.1.4
netmask 255.255.255.0

    Restart the network: 
    /etc/init.d/networking restart

    Finally, configure your machine for the original network settings in /etc/network/interfaces: 
    auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
    Restart the network: 
    /etc/init.d/networking restart


  • Setting network services on the nodes.


    The "node" computer is located on the left side with the same m your desktop. It has the same number as your desktop. For example if you are on desktop04, your node is node04. Make sure the IP address of the node is listed in file /etc/hosts on your desktop: the IP addresses run from 192.168.5.21 to 192.168.5.36 for node01 to node16, accordingly.
    ssh to the node as user hostadm: 
    ssh hostadm@node04


  • Install telnet server on the node. 
    sudo -s
apt-get install telnetd
    Check /etc/inetd.conf and make sure you see the following entry: 
    telnet  stream  tcp   nowait  telnetd.telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd
    Command netstat -na should show open tcp/23 port: 
    tcp    0   0 0.0.0.0:23      0.0.0.0:*           LISTEN
    Telnet to the node from your desktop machine, for example: 
    telnet node04


  • Install FTP server on the node. 
    apt-get install ftpd
    Check out /etc/inetd.conf and notice the entry for FTP: 
    ftp  stream  tcp     nowait  root    /usr/sbin/tcpd  /usr/sbin/in.ftpd
    Command netstat -na shows open tcp/21 port: 
    tcp     0    0 0.0.0.0:21     0.0.0.0:*     LISTEN
    From the desktop, ftp to the node. 
    ftp  node04
    Use hostadm user credentials (login name and password).

  • Configure SSH.
    For SSH authentication, you can use either RSA or DSA public/private keys besides password. We'll be using RSA in the exercises below.
    To generate an RSA key pair, type the following command at a shell prompt on your desktop: 
    ssh-keygen -t rsa
    Accept the default file location of ~/.ssh/id_rsa. Enter a passphrase different from your account password and confirm it by entering it again.
    The public key is written to ~/.ssh/id_rsa.pub. The private key is written to ~/.ssh/id_rsa.
    Never distribute your private key to anyone.
    The contents of ~/.ssh/id_rsa.pub needs to be delivered onto the remote machine to which you want to connect, specifically the node, into file ~/.ssh/authorized_keys
    To accomplish the transfer task, here you can use ftp service installed in the previous exercise. 
    ftp  node04
Name (node16:hostadm): hostadm
ftp> cd .ssh
ftp> lcd .ssh
ftp> put id_rsa.pub authorized_keys
ftp>  quit
    Command cd in the ftp> shell above is for stepping into the directory, .ssh, on the remote host, node04.
    Command lcd is for stepping into the directory, .ssh, on the local desktop.

    Now try to ssh to the node. You should be prompted to enter your passphrase.

    The ssh-agent can be used to store your passphrase so that you do not have to enter it each time you make a ssh or scp connection.
    At a shell prompt on the desktop, type the following command: 
    exec /usr/bin/ssh-agent $SHELL
    Then type the command: 
    ssh-add
    and enter your passphrase(s). If you have more than one key pair configured, you will be prompted for each one. When you log out, your passphrase(s) will be forgotten. You must execute these two commands each time you log in to a virtual console or open a terminal window.

  • Run a remote command over ssh, for example: 
    ssh node04 "uname -a"
    Copy files from your desktop to the node and vise versa using scp command: 
    scp node04:/etc/hosts .
touch somef.txt
scp somef.txt node04:/home/$USER


  • Syncronizing directories between remote hosts by using rsync.
    This tool lets you copy files and directories between a local host and a remote host.
    Install rsync on your desktop: 
    apt-get install rsync
    Creat a directory tree and copy it over to the node with rsync command. 
    mkdir -p dir1/dir2/dir3
rsync  -avz dir1 node04:/home/$USER
    Option a stands for archive (preserve links and timestamps); v is for verbose and z is for data compression when sending-receiving.


  • Disable telnet, and ftp
    Since you have fully functioning SSH on the node, you can get rid of telnet and ftp servers. In file /etc/inetd.conf comment-out the lines for telnet and ftp. Make inetd daemon to re-read the modified /etc/inetd.conf by executing the following command: 
    kill -HUP inetd_PID
    where the process ID, inetd_PID, for inetd can be found from 
    ps -ef | grep inetd
    Alternatively, you can simply run 
    pkill -HUP inetd
    Make sure ports tcp/21, tcp/23 are not open by running 
    netstat -na
    Never run rsh, rlogin, telnet and ftp servers on the open Internet. They are very unsecure due to clear text authentication and data transfer.

    References
  • Linux Journal: Fun with ethtool
  • A good reference on network configuration settings

    • Take me to the Course Website