| |
Practical Exercises
Install ethtool by using APT:
You can see the parameter settings for the network card, such connection status, speed, duplex mode, by using command ethtool
You can also see the driver (kernel module) attached to the network card:
By using ethtool, configure the network interface for
100 MBit half-duplex, 10 MBit half-duplex modes, then autonegotiate for the
default mode.
During the installation, the network settings on your computer are configured for DHCP.
Renew the IP address lease:
Alternatively, you can renew the lease by restarting the network script:
ARP command:
Every time when you are trying to access any remote machine via TCP/IP,
your ARP cash gets updated first, then the MAC address of the remote host,
or the gateway if the host is located outside of your subnet,
is used to deliver the ethernet frame.
traceroute command:
This shows you all the gateways between the subnets your packet
travels towards the destination (engsoft.rutgers.edu for example).
Re-configure your network interface for network 192.5.1.0/24 using ifconfig
command. If you are on desktop04 machine, for example:
Ask your neighbor to reconfigure his machine on the same network (192.5.1.0/24 );
try to ping each other machines. Make sure you are using different
IP addresses on the same subnet. Try to ping any machine on the original
subnet, 192.168.2.0/24 As you understand, there is no routing set between
subnets 192.5.1.0/24 and 192.168.2.0/24 so you can't pass network packets between them.
Do the same network re-configuration using the network scipt file. Edit file
/etc/network/interfaces and put the following settings there:
Restart the network:
Finally, configure your machine for the original network settings
in /etc/network/interfaces:
Restart the network:
Setting network services on the cluster nodes.
Pick up a node with the same
number as your desktop. For example if you are on desktop04,
use node04. Power-up the rack-mount cluster node.
Make sure the IP address of the cluster node is listed in file
/etc/hosts on your desktop: the IP addresses run from 192.168.2.21 to 192.168.2.36 for node01 to node16, accordingly.
If you don't have it in your /etc/hosts, download
the hosts file from here.
ssh to the node as root (you know the root password):
Create a user account for yourself; give yourself a password.
Setup RSH, RLOGIN server on the cluster node.
Check the content of /etc/inetd.conf on the cluster node -- everything should
be commented out, which means there is no services runnable through
inetd
To see open ports on the node, run command
It should show enabled TCP/UDP ports. Among them, there are ports tcp/25 (exim4), tcp/22 (sshd),
udp/68 (dhclient3).
Install rsh-server and rsh-client:
Now you should see the following entry in /etc/inetd.conf:
They stand for rsh, rlogin and rexec services.
Restart inetd service:
Modify /etc/hosts.equiv and put the host name or IP address
of your desktop computer (rsh client).
On your desktop machine, install only rsh-client, then try
to run rsh (remote shell) command on the node as a non-root user:
Run rcp command to copy files between your desktop and the node.
For example, to copy
files from directory /etc/hosts on node04 to your current directory:
Make sure you see this file in you directory.
Create a new file in your home directory and rcp it to node04:
or
Then rsh to node04 and make sure you see the file there.
Now try to rsh as root - you shouldn't be able to.
To enable rsh access as root on the node,
and modify file /etc/securetty by including the following entries in
the end:
Try to rsh as root again.
Install telnet server on the cluster node.
Check /etc/inetd.conf and make sure you see the following entry:
Command netstat -na should show open tcp/23 port:
Telnet to the node from your desktop machine, for example:
Install FTP server on the cluster node.
Check out /etc/inetd.conf and notice the entry for FTP:
Command netstat -na shows open tcp/21 port:
From the desktop, ftp to the node as a user.
To be able to ftp as root, modify file /etc/ftpusers
and comment-out root.
Configure SSH.
For SSH authentication, you can use either RSA or DSA keys besides password.
To generate a RSA key pair to work with version 2 of the protocol,
type the following command at a shell prompt on your desktop:
Accept the default file location of ~/.ssh/id_rsa. Enter a passphrase
different from your account password and confirm it by entering it again.
The public key is written to ~/.ssh/id_rsa.pub. The private key is
written to ~/.ssh/id_rsa. Never distribute your private key to anyone.
Copy the contents of ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys on
the machine to which you want to connect, for example, using rcp
as in the previous exercise. If the file
~/.ssh/authorized_keys does not exist, you can copy the file
~/.ssh/id_rsa.pub to the file ~/.ssh/authorized_keys on the other
machine.
Try to ssh to the node.
To generate a DSA key pair to work with version 2 of the protocol,
type the following command at a shell prompt:
Accept the default file location of ~/.ssh/id_dsa. Enter a passphrase
different from your account password and confirm it by entering it again.
The public key is written to ~/.ssh/id_dsa.pub. The private key is
written to ~/.ssh/id_dsa. It is important never to give anyone the
private key.
Copy the contents of ~/.ssh/id_dsa.pub to ~/.ssh/authorized_keys on the
machine to which you want to connect. If the file ~/.ssh/authorized_keys
does not exist, you can copy the file ~/.ssh/id_dsa.pub to the
file ~/.ssh/authorized_keys on the other machine.
Try to ssh to the node. Note, if you haven't provided password when
generating DSA or RSA keys, you would be able to login without a
passfrase. If you want to ssh to the node from the other hosts, you
would need to generate the client RSA or DSA keys and add them to
~/.ssh/authorized_keys on the node.
The ssh-agent can be used to store your passphrase so that you do
not have to enter it each time you make a ssh or scp connection.
At a shell prompt, type the following command:
Then type the command:
and enter your passphrase(s). If you have more than one key pair
configured, you will be prompted for each one.
When you log out, your passphrase(s) will be forgotten. You must
execute these two commands each time you log in to a virtual console
or open a terminal window.
Run a remote command over ssh, for example:
Copy files from your desktop to the node and vise versa using scp command
as you already did in exercise with rcp above:
Syncronizing directories between remote hosts by using rsync.
rsync is a very useful alternative to rcp. This tool lets you copy files
and directories between a local host and a remote host using either rsh
or ssh.
Install rsync on both your tesktop and the node:
Creat a directory tree and copy it over to the node with rsync command:
Option a stands for archive (preserve links and timestamps);
v is for verbose and z is for data compression when sending-receiving.
In the case above, rsync was running over rsh.
To run rsync over ssh, specify "-e ssh" option:
In addition to using rcp/ssh for transport, you can also use Rsync itself,
in which case you will connect to TCP port 873, but it is beyond the scope of
this lecture.
Disable rsh, rlogin, telnet, and ftp
Since you have fully functioning SSH on the node, you can get rid of
rsh, rlogin, telnet and ftp servers.
In file /etc/inetd.conf comment-out the lines for
shell, login, exec, telnet and ftp.
Make inetd daemon to re-read the modified /etc/inetd.conf
by executing the following command:
where the process ID, inetd_PID, for inetd can be found from
Alternatively, you can simply run
Make sure ports tcp/21, tcp/23, tcp/513, tcp/514 are not open by running
Never run rsh, rlogin, telnet and ftp servers on the open Internet. They are very unsecure due to clear text authentication and data transfer.
A good reference on network configuration settings
|
|