https://wiki.ihitc.net/mediawiki/api.php?action=feedcontributions&feedformat=atom&user=JacoochITCwiki - User contributions [en]2026-04-08T19:35:55ZUser contributionsMediaWiki 1.38.5https://wiki.ihitc.net/mediawiki/index.php?title=Routing_Protocol_Commands&diff=4723Routing Protocol Commands2011-10-13T21:01:13Z<p>Jacooch: </p>
<hr />
<div>{{delete| duplicate}}<br />
<br />
{| class="wikitable"<br />
|-<br />
! '''Route Protocol'''<br />
! '''Builds Topology Map'''<br />
! '''Router can independently '''<br />
'''determine the shortest path '''<br />
'''to every network'''<br />
! '''Convergence'''<br />
! '''A periodic/event driven routing updates'''<br />
! '''Use of LSP'''<br />
|-<br />
| '''Distance Vector'''<br />
| No<br />
| No<br />
| Slow<br />
| Generally no<br />
| no<br />
|-<br />
| '''Link-state'''<br />
| Yes<br />
| Yes<br />
| Fast<br />
| Generally yes<br />
| Yes<br />
|-<br />
|}<br />
<br />
** Information taken from in-class presentation.<br />
<br />
{| class="wikitable"<br />
|-<br />
! '''Name'''<br />
! '''Class'''<br />
! '''Type'''<br />
! '''Interior/Exterior'''<br />
! '''Default Metric'''<br />
! '''Administrative''' <br />
'''Distance'''<br />
! '''Hop Count Limit'''<br />
! '''Convergance'''<br />
! '''Classful/'''<br />
'''Classless'''<br />
! '''Update Timers'''<br />
! '''Updates'''<br />
! '''VLSM Support'''<br />
! '''Algorithm'''<br />
! '''Update Address'''<br />
! '''Protocol and Port'''<br />
|-<br />
| '''RIPv1'''<br />
| Distance Vector<br />
| IGP<br />
| Interior<br />
| Hopcount<br />
| 120<br />
| 15<br />
| Slow<br />
| Classful<br />
| 30 Seconds<br />
| Full Table<br />
| No<br />
| Bellman-Ford<br />
| Broadcast<br />
| UDP port 520<br />
|-<br />
| '''RIPv2'''<br />
| Distance Vector<br />
| IGP<br />
| Interior<br />
| Hopcount<br />
| 120<br />
| 15<br />
| Slow<br />
| Classless<br />
| 30 Seconds<br />
| Full Table<br />
| Yes<br />
| Bellam-Ford<br />
| 224.0.0.9<br />
| UDP port 520<br />
|-<br />
| '''IGRP'''<br />
| Distance Vector<br />
| IGP<br />
| Interior<br />
| Bandwidth/Delay<br />
| 100<br />
| 255 (100 default)<br />
| Slow<br />
| Classful<br />
| 90 seconds<br />
| Full Table<br />
| No<br />
| Bellman-Ford<br />
| 224.0.0.10<br />
| IP Protocol 9<br />
|-<br />
| '''EIGRP'''<br />
| Hybrid (Advanced Distance Vector)<br />
| IGP<br />
| Interior<br />
| Bandwidth/Delay<br />
| 90 (Internal)<br />
170 (External)<br />
| 224 (100 default)<br />
| Very Fast<br />
| Classless<br />
| Only when change occurs<br />
| Only Changes<br />
| Yes<br />
| DUAL<br />
| 224.0.0.10<br />
| IP Protocol port 88<br />
|-<br />
| '''OSPF'''<br />
| Link-state<br />
| IGP<br />
| Interior<br />
| Cost<br />
| 110<br />
| None<br />
| Fast<br />
| Classless<br />
| Only when changes occur (LSA table is refreshed every 30 minutes, however)<br />
| Only Changes<br />
| Yes<br />
| Dijkstra (SPF)<br />
| 224.0.0.5 (All SPF Routers)<br />
224.0.0.6 (DR's and DBR's)<br />
| IP Protocol 89<br />
|-<br />
| '''IS-IS'''<br />
| Link-state<br />
| IGP<br />
| Interior<br />
| Cost<br />
| 115<br />
| None<br />
| Fast<br />
| Classless<br />
| Only when changes occur<br />
| Only changes<br />
| Yes<br />
| Dijkstra (SPF)<br />
| N/A<br />
| N/A<br />
|-<br />
| '''BGP'''<br />
| Path Vector<br />
| EGP<br />
| Exterior<br />
| Multiple Attributes<br />
| 20 (External)<br />
200(Internal)<br />
| EBGP Neighbors: 1 (Default)<br />
IBGP Neighbors: None<br />
| Average<br />
| Yes<br />
| Only when changes occur<br />
| Only changes<br />
| Yes<br />
| Best Path Algorithm<br />
| Unicast<br />
| TCP port 179<br />
|-<br />
|}<br />
<br />
<br />
<br />
** Information condensed from http://www.routeralley.com/ra/docs/routing_protocol_comparison.pdf and http://globalconfig.net/ccna-corner/1147/<br />
<br />
<br />
<br />
<br />
<br />
[[Image:Network.jpg]]<br />
<br />
== Commands for RIP ==<br />
<br />
<br />
<br />
Router(config)#'''router rip''' - Enables RIP as a protocol<br />
<br />
Router(config-router)#'''network''' ''w.x.y.z'' - ''w.x.y.z'' is the directly connected network you want to advertise<br />
<br />
Router(config)#'''no router rip''' - Turns off RIP<br />
<br />
Router(config-router)#'''no network w.x.y.z''' - Removes network<br />
<br />
Router(config-router)#'''version 2''' - Turns on V2 and now RIP will send and receive RIPv2 Packets<br />
<br />
Router(config-router)#'''version 1''' - RIP will send and receive RIPv1 Packets<br />
<br />
Router(config-router)#'''no auto-summary''' - RipV2 summarizes networks at the classful boundary. This command will turns auto summary off<br />
<br />
Router(config-router)#'''passive-interface s/0/0/1''' - RIP updates will not be sent out this interface<br />
<br />
Router(config-router)#'''neighbor a.b.c.d''' - Defines a specific neighbor to exchange information with<br />
<br />
Router(config-router)#'''no ip split-horizon''' - Turns off split horizon (this is on by default)<br />
<br />
Router(config-router)#'''ip split-horizon''' - Turns it back on<br />
<br />
Router(config-router)#'''timers basic 30 60 90 180 270 360''' - Changes timers in RIP: 30=Update timer, 90=Invalid Timer, 180=Hold down timer, 270= Flush timer, 360=Sleep timer<br />
<br />
Router(config-router)#'''default-information originate''' - Generates a default route into RIP<br />
<br />
<br />
** You can verify configurations by running the show commands at the Router# prompt<br />
** Show ip protocol, show ip route, show ip interface brief<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''debug ip rip''' - Displays all RIP activity in real time<br />
<br />
Router#'''show ip rip database''' - Displays contents of the RIP database<br />
<br />
<br />
== Commands for EIGRP ==<br />
<br />
<br />
<br />
Router(config)#'''router eigrp 100''' - Enables EIGRP as a process. The number "100" is an autonomous system number (ASN) which can be any number between 1 and 65,535. All routers in the same system must use the same ASN<br />
<br />
Router(config)#'''no router eigrp 100''' - Removes EIGRP as a process.<br />
<br />
Router(config-router)#'''network''' ''w.x.y.z'' - ''w.x.y.z'' is the directly connected network you want to advertise<br />
<br />
Router(config-router)#'''no network w.x.y.z''' - Removes advertised network<br />
<br />
Router(config-if)#'''bandwidth ''X''''' - Sets the bandwidth of this interface to X kilobits to allow EIGRP to make the best metric calculation<br />
<br />
Router(config-router)#'''network 1.1.1.1 0.0.0.3''' - Tells which interface or network to include in EIGRP. Interfaces are configured with addresses that fall within the wildcard mask range of the network statement.<br />
<br />
Router(config-router)#'''auto-summary''' - Enables auto summarization for the EIGRP process<br />
<br />
Router(config-router)#'''no auto-summary''' - Turns the auto summarization feature of EIGRP off<br />
<br />
** EIGRP automatically summarizes networks on the classful boundary<br />
** If you have discontigous subnets you could have issues with connectivity if summarization is left on<br />
** If turned off, it is recommended to use the '''ip summary-address''' command to summarize manually.<br />
<br />
<br />
<br />
<br />
Router(config)#'''interface s0/0/0''' - Enters interface configuration mode<br />
<br />
Router(config-if)#'''bandwidth 256''' - Sets the bandwidth of this interface<br />
<br />
<br />
<br />
** You can verify configurations by running the show commands at the Router# prompt<br />
** Show ip protocol, show ip route, sshow ip eigrp interfaces, show ip eigrp toploogy, show ip eigrp neighbors<br />
** show ip eigrp neighbors detail, show ip eigrp traffic, show ip route eigrp<br />
<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''debug eigrp fsm''' - Displays events and actions related to EIGRP feasible successor metrics (FSM)<br />
<br />
Router#'''debug eigrp packet''' - Displays events and actions related to EIGRP packets<br />
<br />
Router#'''debug eigrp neighbor''' - Displays events and actions related to EIGRP neighbors. Also '''debug ip eigrp neighbor'''<br />
<br />
Router#'''debug eigrp packet''' - Displays events and actions related to EIGRP packets<br />
<br />
Router#'''debug ip eigrp notifications''' - Displays EIGRP event notification<br />
<br />
<br />
== Commands for OSPF==<br />
<br />
<br />
Router(config)#'''router ospf 456''' - Enables OSPF process. The number "456" is any positive number between 1 and 65, 535. It is not related to the OSPF area. The process ID is use to distinguish one process from another within the device. These numbers DO NOT have to match the process ID of an other router.<br />
<br />
Router(config-router)#'''network''' ''172.10.0.0 0.0.0.255 area 0'' - OSPF advertises interfaces, not networks. It also uses the wildcard mask to determine whch interfaces to advertise. It is read as "any interface with the address of 172.10.0.0 is to be put in area 0.<br />
<br />
Router(config-if)#'''ip address x.x.x.x x.x.x.x''' - Assigns IP address to interface<br />
<br />
Router(config-router)#'''router-id 10.1.1.1''''' - Sets ID to 10.1.1.1 Takes affect at next reload.<br />
<br />
Router(config-router)#'''no router-id 10..1.1.1''' - Removes the static router ID from the configuration. Takes affect at next reload.<br />
<br />
Router(config)#'''interface S0/0 - Changes interface to be configured<br />
<br />
Router(config-if)#'''ip ospf priority 50''' - Changes the OSPF interface priority to 50. The assigned priority can be between 0 and 255. The higher the number the higher the priority. A 255 guarantees a tie in the election for DR/BDR. Ties are broken by the highest router ID.<br />
<br />
Router(config)#'''interface s0/0/0''' - Changes to interface config mode<br />
<br />
Router(config-if)#'''bandwidth 128''' - If changed, OSPF will recalculate the cost of the link.<br />
<br />
Router(config-if)#'''ip ospf hello-interval timer 20''' - Changes the hello interval to 20 seconds<br />
<br />
Router(config-if)#'''ip ospf dead-interval 80''' - Changes the dead interval to 80 seconds<br />
<br />
** Hello and Dead Timers must match for routers to become neighbors<br />
<br />
Router(config)#'''ip route 0.0.0.0 0.0.0.0.0 s0/0''' - Creates a default route<br />
<br />
Router(config-router)#'''default-information originate''' - Sets the default route to be advertised to all OSPF routers<br />
<br />
** You can verify configurations by running the show commands at the Router# prompt<br />
** Show ip protocol, show ip route, show ip ospf, show ip ospf interface, show ip ospf border-routers, show ip ospf neighbor<br />
** show ip ospf neighbor detail, show ip ospf database, show ip ospf database nssa-external<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''clear ip route *''' - Clears entire table forcing it to rebuild<br />
<br />
Router#'''clear ip route a.b.c.d''' - Clears specific route to network a.b.c.d<br />
<br />
Router#'''clear ip ospf counters''' - Resets OSPF counters<br />
<br />
Router#'''clear ip ospf process''' - Clears entire OSPF process forcing it to re-create neighbors, database, and routing table<br />
<br />
Router#'''debug ip ospf events''' - Displays all OSPF events<br />
<br />
Router#'''debug ip ospf adjacency''' - Displays various OSPF states and DR/BDR election between adjacent routers<br />
<br />
Router#'''debug ip ospf packets''' - Displays OSPF packets<br />
<br />
** ALL INFORMATION PROVIDED ON PAGE IS CONDENSED FROM "CCNA Portable Command Guide", by Scott Empson, cicsopress.com<br />
<br />
----</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Routing_Protocol_Features_and_Commands&diff=4719Routing Protocol Features and Commands2011-10-12T17:21:13Z<p>Jacooch: Created page with "{| class="wikitable" |- ! '''Route Protocol''' ! '''Builds Topology Map''' ! '''Router can independently ''' '''determine the shortest path ''' '''to every network''' ! '''Conver..."</p>
<hr />
<div>{| class="wikitable"<br />
|-<br />
! '''Route Protocol'''<br />
! '''Builds Topology Map'''<br />
! '''Router can independently '''<br />
'''determine the shortest path '''<br />
'''to every network'''<br />
! '''Convergence'''<br />
! '''A periodic/event driven routing updates'''<br />
! '''Use of LSP'''<br />
|-<br />
| '''Distance Vector'''<br />
| No<br />
| No<br />
| Slow<br />
| Generally no<br />
| no<br />
|-<br />
| '''Link-state'''<br />
| Yes<br />
| Yes<br />
| Fast<br />
| Generally yes<br />
| Yes<br />
|-<br />
|}<br />
<br />
** Information taken from in-class presentation.<br />
<br />
{| class="wikitable"<br />
|-<br />
! '''Name'''<br />
! '''Class'''<br />
! '''Type'''<br />
! '''Interior/Exterior'''<br />
! '''Default Metric'''<br />
! '''Administrative''' <br />
'''Distance'''<br />
! '''Hop Count Limit'''<br />
! '''Convergance'''<br />
! '''Classful/'''<br />
'''Classless'''<br />
! '''Update Timers'''<br />
! '''Updates'''<br />
! '''VLSM Support'''<br />
! '''Algorithm'''<br />
! '''Update Address'''<br />
! '''Protocol and Port'''<br />
|-<br />
| '''RIPv1'''<br />
| Distance Vector<br />
| IGP<br />
| Interior<br />
| Hopcount<br />
| 120<br />
| 15<br />
| Slow<br />
| Classful<br />
| 30 Seconds<br />
| Full Table<br />
| No<br />
| Bellman-Ford<br />
| Broadcast<br />
| UDP port 520<br />
|-<br />
| '''RIPv2'''<br />
| Distance Vector<br />
| IGP<br />
| Interior<br />
| Hopcount<br />
| 120<br />
| 15<br />
| Slow<br />
| Classless<br />
| 30 Seconds<br />
| Full Table<br />
| Yes<br />
| Bellam-Ford<br />
| 224.0.0.9<br />
| UDP port 520<br />
|-<br />
| '''IGRP'''<br />
| Distance Vector<br />
| IGP<br />
| Interior<br />
| Bandwidth/Delay<br />
| 100<br />
| 255 (100 default)<br />
| Slow<br />
| Classful<br />
| 90 seconds<br />
| Full Table<br />
| No<br />
| Bellman-Ford<br />
| 224.0.0.10<br />
| IP Protocol 9<br />
|-<br />
| '''EIGRP'''<br />
| Hybrid (Advanced Distance Vector)<br />
| IGP<br />
| Interior<br />
| Bandwidth/Delay<br />
| 90 (Internal)<br />
170 (External)<br />
| 224 (100 default)<br />
| Very Fast<br />
| Classless<br />
| Only when change occurs<br />
| Only Changes<br />
| Yes<br />
| DUAL<br />
| 224.0.0.10<br />
| IP Protocol port 88<br />
|-<br />
| '''OSPF'''<br />
| Link-state<br />
| IGP<br />
| Interior<br />
| Cost<br />
| 110<br />
| None<br />
| Fast<br />
| Classless<br />
| Only when changes occur (LSA table is refreshed every 30 minutes, however)<br />
| Only Changes<br />
| Yes<br />
| Dijkstra (SPF)<br />
| 224.0.0.5 (All SPF Routers)<br />
224.0.0.6 (DR's and DBR's)<br />
| IP Protocol 89<br />
|-<br />
| '''IS-IS'''<br />
| Link-state<br />
| IGP<br />
| Interior<br />
| Cost<br />
| 115<br />
| None<br />
| Fast<br />
| Classless<br />
| Only when changes occur<br />
| Only changes<br />
| Yes<br />
| Dijkstra (SPF)<br />
| N/A<br />
| N/A<br />
|-<br />
| '''BGP'''<br />
| Path Vector<br />
| EGP<br />
| Exterior<br />
| Multiple Attributes<br />
| 20 (External)<br />
200(Internal)<br />
| EBGP Neighbors: 1 (Default)<br />
IBGP Neighbors: None<br />
| Average<br />
| Yes<br />
| Only when changes occur<br />
| Only changes<br />
| Yes<br />
| Best Path Algorithm<br />
| Unicast<br />
| TCP port 179<br />
|-<br />
|}<br />
<br />
<br />
<br />
** Information condensed from http://www.routeralley.com/ra/docs/routing_protocol_comparison.pdf and http://globalconfig.net/ccna-corner/1147/<br />
<br />
<br />
<br />
<br />
<br />
[[Image:Network.jpg]]<br />
<br />
== Commands for RIP ==<br />
<br />
<br />
<br />
Router(config)#'''router rip''' - Enables RIP as a protocol<br />
<br />
Router(config-router)#'''network''' ''w.x.y.z'' - ''w.x.y.z'' is the directly connected network you want to advertise<br />
<br />
Router(config)#'''no router rip''' - Turns off RIP<br />
<br />
Router(config-router)#'''no network w.x.y.z''' - Removes network<br />
<br />
Router(config-router)#'''version 2''' - Turns on V2 and now RIP will send and receive RIPv2 Packets<br />
<br />
Router(config-router)#'''version 1''' - RIP will send and receive RIPv1 Packets<br />
<br />
Router(config-router)#'''no auto-summary''' - RipV2 summarizes networks at the classful boundary. This command will turns auto summary off<br />
<br />
Router(config-router)#'''passive-interface s/0/0/1''' - RIP updates will not be sent out this interface<br />
<br />
Router(config-router)#'''neighbor a.b.c.d''' - Defines a specific neighbor to exchange information with<br />
<br />
Router(config-router)#'''no ip split-horizon''' - Turns off split horizon (this is on by default)<br />
<br />
Router(config-router)#'''ip split-horizon''' - Turns it back on<br />
<br />
Router(config-router)#'''timers basic 30 60 90 180 270 360''' - Changes timers in RIP: 30=Update timer, 90=Invalid Timer, 180=Hold down timer, 270= Flush timer, 360=Sleep timer<br />
<br />
Router(config-router)#'''default-information originate''' - Generates a default route into RIP<br />
<br />
<br />
** You can verify configurations by running the show commands at the Router# prompt<br />
** Show ip protocol, show ip route, show ip interface brief<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''debug ip rip''' - Displays all RIP activity in real time<br />
<br />
Router#'''show ip rip database''' - Displays contents of the RIP database<br />
<br />
<br />
== Commands for EIGRP ==<br />
<br />
<br />
<br />
Router(config)#'''router eigrp 100''' - Enables EIGRP as a process. The number "100" is an autonomous system number (ASN) which can be any number between 1 and 65,535. All routers in the same system must use the same ASN<br />
<br />
Router(config)#'''no router eigrp 100''' - Removes EIGRP as a process.<br />
<br />
Router(config-router)#'''network''' ''w.x.y.z'' - ''w.x.y.z'' is the directly connected network you want to advertise<br />
<br />
Router(config-router)#'''no network w.x.y.z''' - Removes advertised network<br />
<br />
Router(config-if)#'''bandwidth ''X''''' - Sets the bandwidth of this interface to X kilobits to allow EIGRP to make the best metric calculation<br />
<br />
Router(config-router)#'''network 1.1.1.1 0.0.0.3''' - Tells which interface or network to include in EIGRP. Interfaces are configured with addresses that fall within the wildcard mask range of the network statement.<br />
<br />
Router(config-router)#'''auto-summary''' - Enables auto summarization for the EIGRP process<br />
<br />
Router(config-router)#'''no auto-summary''' - Turns the auto summarization feature of EIGRP off<br />
<br />
** EIGRP automatically summarizes networks on the classful boundary<br />
** If you have discontigous subnets you could have issues with connectivity if summarization is left on<br />
** If turned off, it is recommended to use the '''ip summary-address''' command to summarize manually.<br />
<br />
<br />
<br />
<br />
Router(config)#'''interface s0/0/0''' - Enters interface configuration mode<br />
<br />
Router(config-if)#'''bandwidth 256''' - Sets the bandwidth of this interface<br />
<br />
<br />
<br />
** You can verify configurations by running the show commands at the Router# prompt<br />
** Show ip protocol, show ip route, sshow ip eigrp interfaces, show ip eigrp toploogy, show ip eigrp neighbors<br />
** show ip eigrp neighbors detail, show ip eigrp traffic, show ip route eigrp<br />
<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''debug eigrp fsm''' - Displays events and actions related to EIGRP feasible successor metrics (FSM)<br />
<br />
Router#'''debug eigrp packet''' - Displays events and actions related to EIGRP packets<br />
<br />
Router#'''debug eigrp neighbor''' - Displays events and actions related to EIGRP neighbors. Also '''debug ip eigrp neighbor'''<br />
<br />
Router#'''debug eigrp packet''' - Displays events and actions related to EIGRP packets<br />
<br />
Router#'''debug ip eigrp notifications''' - Displays EIGRP event notification<br />
<br />
<br />
== Commands for OSPF==<br />
<br />
<br />
Router(config)#'''router ospf 456''' - Enables OSPF process. The number "456" is any positive number between 1 and 65, 535. It is not related to the OSPF area. The process ID is use to distinguish one process from another within the device. These numbers DO NOT have to match the process ID of an other router.<br />
<br />
Router(config-router)#'''network''' ''172.10.0.0 0.0.0.255 area 0'' - OSPF advertises interfaces, not networks. It also uses the wildcard mask to determine whch interfaces to advertise. It is read as "any interface with the address of 172.10.0.0 is to be put in area 0.<br />
<br />
Router(config-if)#'''ip address x.x.x.x x.x.x.x''' - Assigns IP address to interface<br />
<br />
Router(config-router)#'''router-id 10.1.1.1''''' - Sets ID to 10.1.1.1 Takes affect at next reload.<br />
<br />
Router(config-router)#'''no router-id 10..1.1.1''' - Removes the static router ID from the configuration. Takes affect at next reload.<br />
<br />
Router(config)#'''interface S0/0 - Changes interface to be configured<br />
<br />
Router(config-if)#'''ip ospf priority 50''' - Changes the OSPF interface priority to 50. The assigned priority can be between 0 and 255. The higher the number the higher the priority. A 255 guarantees a tie in the election for DR/BDR. Ties are broken by the highest router ID.<br />
<br />
Router(config)#'''interface s0/0/0''' - Changes to interface config mode<br />
<br />
Router(config-if)#'''bandwidth 128''' - If changed, OSPF will recalculate the cost of the link.<br />
<br />
Router(config-if)#'''ip ospf hello-interval timer 20''' - Changes the hello interval to 20 seconds<br />
<br />
Router(config-if)#'''ip ospf dead-interval 80''' - Changes the dead interval to 80 seconds<br />
<br />
** Hello and Dead Timers must match for routers to become neighbors<br />
<br />
Router(config)#'''ip route 0.0.0.0 0.0.0.0.0 s0/0''' - Creates a default route<br />
<br />
Router(config-router)#'''default-information originate''' - Sets the default route to be advertised to all OSPF routers<br />
<br />
** You can verify configurations by running the show commands at the Router# prompt<br />
** Show ip protocol, show ip route, show ip ospf, show ip ospf interface, show ip ospf border-routers, show ip ospf neighbor<br />
** show ip ospf neighbor detail, show ip ospf database, show ip ospf database nssa-external<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''clear ip route *''' - Clears entire table forcing it to rebuild<br />
<br />
Router#'''clear ip route a.b.c.d''' - Clears specific route to network a.b.c.d<br />
<br />
Router#'''clear ip ospf counters''' - Resets OSPF counters<br />
<br />
Router#'''clear ip ospf process''' - Clears entire OSPF process forcing it to re-create neighbors, database, and routing table<br />
<br />
Router#'''debug ip ospf events''' - Displays all OSPF events<br />
<br />
Router#'''debug ip ospf adjacency''' - Displays various OSPF states and DR/BDR election between adjacent routers<br />
<br />
Router#'''debug ip ospf packets''' - Displays OSPF packets<br />
<br />
** ALL INFORMATION PROVIDED ON PAGE IS CONDENSED FROM "CCNA Portable Command Guide", by Scott Empson, cicsopress.com<br />
<br />
----</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Routing_Protocol_Commands&diff=4706Routing Protocol Commands2011-10-09T21:10:07Z<p>Jacooch: </p>
<hr />
<div>[[Image:Network.jpg]]<br />
<br />
== Commands for RIP ==<br />
<br />
<br />
<br />
Router(config)#'''router rip''' - Enables RIP as a protocol<br />
<br />
Router(config-router)#'''network''' ''w.x.y.z'' - ''w.x.y.z'' is the directly connected network you want to advertise<br />
<br />
Router(config)#'''no router rip''' - Turns off RIP<br />
<br />
Router(config-router)#'''no network w.x.y.z''' - Removes network<br />
<br />
Router(config-router)#'''version 2''' - Turns on V2 and now RIP will send and receive RIPv2 Packets<br />
<br />
Router(config-router)#'''version 1''' - RIP will send and receive RIPv1 Packets<br />
<br />
Router(config-router)#'''no auto-summary''' - RipV2 summarizes networks at the classful boundary. This command will turns auto summary off<br />
<br />
Router(config-router)#'''passive-interface s/0/0/1''' - RIP updates will not be sent out this interface<br />
<br />
Router(config-router)#'''neighbor a.b.c.d''' - Defines a specific neighbor to exchange information with<br />
<br />
Router(config-router)#'''no ip split-horizon''' - Turns off split horizon (this is on by default)<br />
<br />
Router(config-router)#'''ip split-horizon''' - Turns it back on<br />
<br />
Router(config-router)#'''timers basic 30 60 90 180 270 360''' - Changes timers in RIP: 30=Update timer, 90=Invalid Timer, 180=Hold down timer, 270= Flush timer, 360=Sleep timer<br />
<br />
Router(config-router)#'''default-information originate''' - Generates a default route into RIP<br />
<br />
<br />
** You can verify configurations by running the show commands at the Router# prompt<br />
** Show ip protocol, show ip route, show ip interface brief<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''debug ip rip''' - Displays all RIP activity in real time<br />
<br />
Router#'''show ip rip database''' - Displays contents of the RIP database<br />
<br />
<br />
== Commands for EIGRP ==<br />
<br />
<br />
<br />
Router(config)#'''router eigrp 100''' - Enables EIGRP as a process. The number "100" is an autonomous system number (ASN) which can be any number between 1 and 65,535. All routers in the same system must use the same ASN<br />
<br />
Router(config)#'''no router eigrp 100''' - Removes EIGRP as a process.<br />
<br />
Router(config-router)#'''network''' ''w.x.y.z'' - ''w.x.y.z'' is the directly connected network you want to advertise<br />
<br />
Router(config-router)#'''no network w.x.y.z''' - Removes advertised network<br />
<br />
Router(config-if)#'''bandwidth ''X''''' - Sets the bandwidth of this interface to X kilobits to allow EIGRP to make the best metric calculation<br />
<br />
Router(config-router)#'''network 1.1.1.1 0.0.0.3''' - Tells which interface or network to include in EIGRP. Interfaces are configured with addresses that fall within the wildcard mask range of the network statement.<br />
<br />
Router(config-router)#'''auto-summary''' - Enables auto summarization for the EIGRP process<br />
<br />
Router(config-router)#'''no auto-summary''' - Turns the auto summarization feature of EIGRP off<br />
<br />
** EIGRP automatically summarizes networks on the classful boundary<br />
** If you have discontigous subnets you could have issues with connectivity if summarization is left on<br />
** If turned off, it is recommended to use the '''ip summary-address''' command to summarize manually.<br />
<br />
<br />
<br />
<br />
Router(config)#'''interface s0/0/0''' - Enters interface configuration mode<br />
<br />
Router(config-if)#'''bandwidth 256''' - Sets the bandwidth of this interface<br />
<br />
<br />
<br />
** You can verify configurations by running the show commands at the Router# prompt<br />
** Show ip protocol, show ip route, sshow ip eigrp interfaces, show ip eigrp toploogy, show ip eigrp neighbors<br />
** show ip eigrp neighbors detail, show ip eigrp traffic, show ip route eigrp<br />
<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''debug eigrp fsm''' - Displays events and actions related to EIGRP feasible successor metrics (FSM)<br />
<br />
Router#'''debug eigrp packet''' - Displays events and actions related to EIGRP packets<br />
<br />
Router#'''debug eigrp neighbor''' - Displays events and actions related to EIGRP neighbors. Also '''debug ip eigrp neighbor'''<br />
<br />
Router#'''debug eigrp packet''' - Displays events and actions related to EIGRP packets<br />
<br />
Router#'''debug ip eigrp notifications''' - Displays EIGRP event notification<br />
<br />
<br />
== Commands for OSPF==<br />
<br />
<br />
Router(config)#'''router ospf 456''' - Enables OSPF process. The number "456" is any positive number between 1 and 65, 535. It is not related to the OSPF area. The process ID is use to distinguish one process from another within the device. These numbers DO NOT have to match the process ID of an other router.<br />
<br />
Router(config-router)#'''network''' ''172.10.0.0 0.0.0.255 area 0'' - OSPF advertises interfaces, not networks. It also uses the wildcard mask to determine whch interfaces to advertise. It is read as "any interface with the address of 172.10.0.0 is to be put in area 0.<br />
<br />
Router(config-if)#'''ip address x.x.x.x x.x.x.x''' - Assigns IP address to interface<br />
<br />
Router(config-router)#'''router-id 10.1.1.1''''' - Sets ID to 10.1.1.1 Takes affect at next reload.<br />
<br />
Router(config-router)#'''no router-id 10..1.1.1''' - Removes the static router ID from the configuration. Takes affect at next reload.<br />
<br />
Router(config)#'''interface S0/0 - Changes interface to be configured<br />
<br />
Router(config-if)#'''ip ospf priority 50''' - Changes the OSPF interface priority to 50. The assigned priority can be between 0 and 255. The higher the number the higher the priority. A 255 guarantees a tie in the election for DR/BDR. Ties are broken by the highest router ID.<br />
<br />
Router(config)#'''interface s0/0/0''' - Changes to interface config mode<br />
<br />
Router(config-if)#'''bandwidth 128''' - If changed, OSPF will recalculate the cost of the link.<br />
<br />
Router(config-if)#'''ip ospf hello-interval timer 20''' - Changes the hello interval to 20 seconds<br />
<br />
Router(config-if)#'''ip ospf dead-interval 80''' - Changes the dead interval to 80 seconds<br />
<br />
** Hello and Dead Timers must match for routers to become neighbors<br />
<br />
Router(config)#'''ip route 0.0.0.0 0.0.0.0.0 s0/0''' - Creates a default route<br />
<br />
Router(config-router)#'''default-information originate''' - Sets the default route to be advertised to all OSPF routers<br />
<br />
** You can verify configurations by running the show commands at the Router# prompt<br />
** Show ip protocol, show ip route, show ip ospf, show ip ospf interface, show ip ospf border-routers, show ip ospf neighbor<br />
** show ip ospf neighbor detail, show ip ospf database, show ip ospf database nssa-external<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''clear ip route *''' - Clears entire table forcing it to rebuild<br />
<br />
Router#'''clear ip route a.b.c.d''' - Clears specific route to network a.b.c.d<br />
<br />
Router#'''clear ip ospf counters''' - Resets OSPF counters<br />
<br />
Router#'''clear ip ospf process''' - Clears entire OSPF process forcing it to re-create neighbors, database, and routing table<br />
<br />
Router#'''debug ip ospf events''' - Displays all OSPF events<br />
<br />
Router#'''debug ip ospf adjacency''' - Displays various OSPF states and DR/BDR election between adjacent routers<br />
<br />
Router#'''debug ip ospf packets''' - Displays OSPF packets<br />
<br />
** ALL INFORMATION PROVIDED ON PAGE IS CONDENSED FROM "CCNA Portable Command Guide", by Scott Empson, cicsopress.com<br />
<br />
----</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Routing_Protocol_Commands&diff=4705Routing Protocol Commands2011-10-09T21:02:53Z<p>Jacooch: </p>
<hr />
<div>[[Image:Network.jpg]]<br />
<br />
== Commands for RIP ==<br />
<br />
<br />
<br />
Router(config)#'''router rip''' - Enables RIP as a protocol<br />
<br />
Router(config-router)#'''network''' ''w.x.y.z'' - ''w.x.y.z'' is the directly connected network you want to advertise<br />
<br />
Router(config)#'''no router rip''' - Turns off RIP<br />
<br />
Router(config-router)#'''no network w.x.y.z''' - Removes network<br />
<br />
Router(config-router)#'''version 2''' - Turns on V2 and now RIP will send and receive RIPv2 Packets<br />
<br />
Router(config-router)#'''version 1''' - RIP will send and receive RIPv1 Packets<br />
<br />
Router(config-router)#'''no auto-summary''' - RipV2 summarizes networks at the classful boundary. This command will turns auto summary off<br />
<br />
Router(config-router)#'''passive-interface s/0/0/1''' - RIP updates will not be sent out this interface<br />
<br />
Router(config-router)#'''neighbor a.b.c.d''' - Defines a specific neighbor to exchange information with<br />
<br />
Router(config-router)#'''no ip split-horizon''' - Turns off split horizon (this is on by default)<br />
<br />
Router(config-router)#'''ip split-horizon''' - Turns it back on<br />
<br />
Router(config-router)#'''timers basic 30 60 90 180 270 360''' - Changes timers in RIP: 30=Update timer, 90=Invalid Timer, 180=Hold down timer, 270= Flush timer, 360=Sleep timer<br />
<br />
Router(config-router)#'''default-information originate''' - Generates a default route into RIP<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''debug ip rip''' - Displays all RIP activity in real time<br />
<br />
Router#'''show ip rip database''' - Displays contents of the RIP database<br />
<br />
<br />
== Commands for EIGRP ==<br />
<br />
<br />
<br />
Router(config)#'''router eigrp 100''' - Enables EIGRP as a process. The number "100" is an autonomous system number (ASN) which can be any number between 1 and 65,535. All routers in the same system must use the same ASN<br />
<br />
Router(config)#'''no router eigrp 100''' - Removes EIGRP as a process.<br />
<br />
Router(config-router)#'''network''' ''w.x.y.z'' - ''w.x.y.z'' is the directly connected network you want to advertise<br />
<br />
Router(config-router)#'''no network w.x.y.z''' - Removes advertised network<br />
<br />
Router(config-if)#'''bandwidth ''X''''' - Sets the bandwidth of this interface to X kilobits to allow EIGRP to make the best metric calculation<br />
<br />
Router(config-router)#'''network 1.1.1.1 0.0.0.3''' - Tells which interface or network to include in EIGRP. Interfaces are configured with addresses that fall within the wildcard mask range of the network statement.<br />
<br />
Router(config-router)#'''auto-summary''' - Enables auto summarization for the EIGRP process<br />
<br />
Router(config-router)#'''no auto-summary''' - Turns the auto summarization feature of EIGRP off<br />
<br />
** EIGRP automatically summarizes networks on the classful boundary.<br />
<br />
** If you have discontigous subnets you could have issues with connectivity if summarization is left on.<br />
<br />
** If turned off, it is recommended to use the '''ip summary-address''' command to summarize manually.<br />
<br />
<br />
<br />
Router(config)#'''interface s0/0/0''' - Enters interface configuration mode<br />
<br />
Router(config-if)#'''bandwidth 256''' - Sets the bandwidth of this interface<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''debug eigrp fsm''' - Displays events and actions related to EIGRP feasible successor metrics (FSM)<br />
<br />
Router#'''debug eigrp packet''' - Displays events and actions related to EIGRP packets<br />
<br />
Router#'''debug eigrp neighbor''' - Displays events and actions related to EIGRP neighbors. Also '''debug ip eigrp neighbor'''<br />
<br />
Router#'''debug eigrp packet''' - Displays events and actions related to EIGRP packets<br />
<br />
Router#'''debug ip eigrp notifications''' - Displays EIGRP event notification<br />
<br />
<br />
== Commands for OSPF==<br />
<br />
<br />
Router(config)#'''router ospf 456''' - Enables OSPF process. The number "456" is any positive number between 1 and 65, 535. It is not related to the OSPF area. The process ID is use to distinguish one process from another within the device. These numbers DO NOT have to match the process ID of an other router.<br />
<br />
Router(config-router)#'''network''' ''172.10.0.0 0.0.0.255 area 0'' - OSPF advertises interfaces, not networks. It also uses the wildcard mask to determine whch interfaces to advertise. It is read as "any interface with the address of 172.10.0.0 is to be put in area 0.<br />
<br />
Router(config-if)#'''ip address x.x.x.x x.x.x.x''' - Assigns IP address to interface<br />
<br />
Router(config-router)#'''router-id 10.1.1.1''''' - Sets ID to 10.1.1.1 Takes affect at next reload.<br />
<br />
Router(config-router)#'''no router-id 10..1.1.1''' - Removes the static router ID from the configuration. Takes affect at next reload.<br />
<br />
Router(config)#'''interface S0/0 - Changes interface to be configured<br />
<br />
Router(config-if)#'''ip ospf priority 50''' - Changes the OSPF interface priority to 50. The assigned priority can be between 0 and 255. The higher the number the higher the priority. A 255 guarantees a tie in the election for DR/BDR. Ties are broken by the highest router ID.<br />
<br />
Router(config)#'''interface s0/0/0''' - Changes to interface config mode<br />
<br />
Router(config-if)#'''bandwidth 128''' - If changed, OSPF will recalculate the cost of the link.<br />
<br />
Router(config-if)#'''ip ospf hello-interval timer 20''' - Changes the hello interval to 20 seconds<br />
<br />
Router(config-if)#'''ip ospf dead-interval 80''' - Changes the dead interval to 80 seconds<br />
<br />
** Hello and Dead Timers must match for routers to become neighbors<br />
<br />
Router(config)#'''ip route 0.0.0.0 0.0.0.0.0 s0/0''' - Creates a default route<br />
<br />
Router(config-router)#'''default-information originate''' - Sets the default route to be advertised to all OSPF routers<br />
<br />
** You can verify configurations by running the show commands at the Router# prompt<br />
** Show ip protocol, show ip route, show ip ospf, show ip ospf interface, show ip ospf border-routers, show ip ospf neighbor<br />
** show ip ospf neighbor detail, show ip ospf database, show ip ospf database nssa-external<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''clear ip route *''' - Clears entire table forcing it to rebuild<br />
<br />
Router#'''clear ip route a.b.c.d''' - Clears specific route to network a.b.c.d<br />
<br />
Router#'''clear ip ospf counters''' - Resets OSPF counters<br />
<br />
Router#'''clear ip ospf process''' - Clears entire OSPF process forcing it to re-create neighbors, database, and routing table<br />
<br />
Router#'''debug ip ospf events''' - Displays all OSPF events<br />
<br />
Router#'''debug ip ospf adjacency''' - Displays various OSPF states and DR/BDR election between adjacent routers<br />
<br />
Router#'''debug ip ospf packets''' - Displays OSPF packets<br />
<br />
** ALL INFORMATION PROVIDED ON PAGE IS FROM CCNA Portable Command Guide, Scott Empson, cicsopress.com<br />
----</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Routing_Protocol_Commands&diff=4703Routing Protocol Commands2011-10-09T20:20:54Z<p>Jacooch: Created page with "Image:Network.jpg == Commands for RIP == Router(config)#'''router rip''' - Enables RIP as a protocol Router(config-router)#'''network''' ''w.x.y.z'' - ''w.x.y.z'' is ..."</p>
<hr />
<div>[[Image:Network.jpg]]<br />
<br />
== Commands for RIP ==<br />
<br />
<br />
<br />
Router(config)#'''router rip''' - Enables RIP as a protocol<br />
<br />
Router(config-router)#'''network''' ''w.x.y.z'' - ''w.x.y.z'' is the directly connected network you want to advertise<br />
<br />
Router(config)#'''no router rip''' - Turns off RIP<br />
<br />
Router(config-router)#'''no network w.x.y.z''' - Removes network<br />
<br />
Router(config-router)#'''version 2''' - Turns on V2 and now RIP will send and receive RIPv2 Packets<br />
<br />
Router(config-router)#'''version 1''' - RIP will send and receive RIPv1 Packets<br />
<br />
Router(config-router)#'''no auto-summary''' - RipV2 summarizes networks at the classful boundary. This command will turns auto summary off<br />
<br />
Router(config-router)#'''passive-interface s/0/0/1''' - RIP updates will not be sent out this interface<br />
<br />
Router(config-router)#'''neighbor a.b.c.d''' - Defines a specific neighbor to exchange information with<br />
<br />
Router(config-router)#'''no ip split-horizon''' - Turns off split horizon (this is on by default)<br />
<br />
Router(config-router)#'''ip split-horizon''' - Turns it back on<br />
<br />
Router(config-router)#'''timers basic 30 60 90 180 270 360''' - Changes timers in RIP: 30=Update timer, 90=Invalid Timer, 180=Hold down timer, 270= Flush timer, 360=Sleep timer<br />
<br />
Router(config-router)#'''default-information originate''' - Generates a default route into RIP<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''debug ip rip''' - Displays all RIP activity in real time<br />
<br />
Router#'''show ip rip database''' - Displays contents of the RIP database<br />
<br />
<br />
== Commands for EIGRP ==<br />
<br />
<br />
<br />
Router(config)#'''router eigrp 100''' - Enables EIGRP as a process. The number "100" is an autonomous system number (ASN) which can be any number between 1 and 65,535. All routers in the same system must use the same ASN<br />
<br />
Router(config)#'''no router eigrp 100''' - Removes EIGRP as a process.<br />
<br />
Router(config-router)#'''network''' ''w.x.y.z'' - ''w.x.y.z'' is the directly connected network you want to advertise<br />
<br />
Router(config-router)#'''no network w.x.y.z''' - Removes advertised network<br />
<br />
Router(config-if)#'''bandwidth ''X''''' - Sets the bandwidth of this interface to X kilobits to allow EIGRP to make the best metric calculation<br />
<br />
Router(config-router)#'''network 1.1.1.1 0.0.0.3''' - Tells which interface or network to include in EIGRP. Interfaces are configured with addresses that fall within the wildcard mask range of the network statement.<br />
<br />
Router(config-router)#'''auto-summary''' - Enables auto summarization for the EIGRP process<br />
<br />
Router(config-router)#'''no auto-summary''' - Turns the auto summarization feature of EIGRP off<br />
<br />
** EIGRP automatically summarizes networks on the classful boundary.<br />
<br />
** If you have discontigous subnets you could have issues with connectivity if summarization is left on.<br />
<br />
** If turned off, it is recommended to use the '''ip summary-address''' command to summarize manually.<br />
<br />
<br />
<br />
Router(config)#'''interface s0/0/0''' - Enters interface configuration mode<br />
<br />
Router(config-if)#'''bandwidth 256''' - Sets the bandwidth of this interface<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''debug eigrp fsm''' - Displays events and actions related to EIGRP feasible successor metrics (FSM)<br />
<br />
Router#'''debug eigrp packet''' - Displays events and actions related to EIGRP packets<br />
<br />
Router#'''debug eigrp neighbor''' - Displays events and actions related to EIGRP neighbors. Also '''debug ip eigrp neighbor'''<br />
<br />
Router#'''debug eigrp packet''' - Displays events and actions related to EIGRP packets<br />
<br />
Router#'''debug ip eigrp notifications''' - Displays EIGRP event notification<br />
<br />
<br />
== Commands for OSPF==<br />
<br />
<br />
Router(config)#'''router ospf 456''' - Enables OSPF process. The number "456" is any positive number between 1 and 65, 535. It is not related to the OSPF area. The process ID is use to distinguish one process from another within the device. These numbers DO NOT have to match the process ID of an other router.<br />
<br />
_________________________________ STOPPED HERE FOR NOW _____________________________________________________<br />
<br />
Router(config)#'''no router eigrp 100''' - Removes EIGRP as a process.<br />
<br />
Router(config-router)#'''network''' ''w.x.y.z'' - ''w.x.y.z'' is the directly connected network you want to advertise<br />
<br />
Router(config-router)#'''no network w.x.y.z''' - Removes advertised network<br />
<br />
Router(config-if)#'''bandwidth ''X''''' - Sets the bandwidth of this interface to X kilobits to allow EIGRP to make the best metric calculation<br />
<br />
Router(config-router)#'''network 1.1.1.1 0.0.0.3''' - Tells which interface or network to include in EIGRP. Interfaces are configured with addresses that fall within the wildcard mask range of the network statement.<br />
<br />
Router(config-router)#'''auto-summary''' - Enables auto summarization for the EIGRP process<br />
<br />
Router(config-router)#'''no auto-summary''' - Turns the auto summarization feature of EIGRP off<br />
<br />
** EIGRP automatically summarizes networks on the classful boundary.<br />
<br />
** If you have discontigous subnets you could have issues with connectivity if summarization is left on.<br />
<br />
** If turned off, it is recommended to use the '''ip summary-address''' command to summarize manually.<br />
<br />
<br />
<br />
Router(config)#'''interface s0/0/0''' - Enters interface configuration mode<br />
<br />
Router(config-if)#'''bandwidth 256''' - Sets the bandwidth of this interface<br />
<br />
<br />
'''Commands for Troubleshooting'''<br />
<br />
<br />
Router#'''debug eigrp fsm''' - Displays events and actions related to EIGRP feasible successor metrics (FSM)<br />
<br />
Router#'''debug eigrp packet''' - Displays events and actions related to EIGRP packets<br />
<br />
Router#'''debug eigrp neighbor''' - Displays events and actions related to EIGRP neighbors. Also '''debug ip eigrp neighbor'''<br />
<br />
Router#'''debug eigrp packet''' - Displays events and actions related to EIGRP packets<br />
<br />
Router#'''debug ip eigrp notifications''' - Displays EIGRP event notification</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=File:Network.jpg&diff=4702File:Network.jpg2011-10-09T19:21:19Z<p>Jacooch: </p>
<hr />
<div></div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Franske_CNT-2311&diff=4573Franske CNT-23112011-07-14T14:42:44Z<p>Jacooch: /* Chapter Project Notes */</p>
<hr />
<div>This is the homepage for the CNT-2311 classes taught by Dr. Ben Franske.<br />
<br />
=Current Course Materials=<br />
<br />
== General Course Information ==<br />
* [https://spreadsheets.google.com/a/ihcnt.net/spreadsheet/viewform?formkey=dF94ODJ2cFZ0WmtTLWluUGFGaUxlcFE6MQ First Day Sign In Form]<br />
* [[Franske CNT-2311 Syllabus|Course Syllabus]]<br />
* [[Franske CNT-2311 SU11 Schedule|Summer 2011 Course Schedule]]<br />
* [[Franske CNT-2311 SU11 Labs|Lab List]]<br />
* [[Franske Lab Report Format|Lab Report Format]]<br />
<br />
== Unit Notes ==<br />
<br />
== Resources ==<br />
* [[Writing Moodle Questions]]<br />
* [[Editing Moodle Questions]]<br />
<br />
=== Software ===<br />
* [http://www.virtualbox.org Virtualbox]<br />
** [[VirtualBox Startup Script]]<br />
<br />
==== Major Linux Distributions ====<br />
* [http://www.debian.org Debian]<br />
** [http://www.ubuntu.com Ubuntu]<br />
* [http://www.redhat.com Redhat Enterprise Linux (RHEL)]<br />
** [http://centos.org CentOS]<br />
** [http://fedoraproject.org Fedora]<br />
* [http://www.gentoo.org Gentoo]<br />
* [http://www.opensuse.org OpenSUSE (Novell)]<br />
<br />
=== General Help ===<br />
==== Online Linux Tutuorials ====<br />
* [http://www.linux.org/lessons/beginner Beginning Linux from Linux.org]<br />
* [https://help.ubuntu.com/community/PostfixBasicSetupHowto Postfix Basic Setup]<br />
* [http://lartc.org Linux Advanced Routing & Traffic Control (Advanced Networking)]<br />
<br />
=== Command Guides ===<br />
* [http://vic.gedris.org/Manual-ShellIntro/1.2/ShellIntro.pdf Inroduction to basic BASH shell commands]<br />
* [http://www.digilife.be/quickreferences/QRC/The%20One%20Page%20Linux%20Manual.pdf The One Page Linux Manual]<br />
<br />
=== Specific Topic Help ===<br />
==== GRUB2 ====<br />
* [https://help.ubuntu.com/community/Grub2 Ubuntu Community Documentation - GRUB2]<br />
* [http://www.dedoimedo.com/computers/grub-2.html GRUB2 Bootloader Full Tutorial]<br />
* [http://ubuntuforums.org/showthread.php?t=1195275 The GRUB2 Guide]<br />
<br />
==== Runlevels ====<br />
* [http://www.ibm.com/developerworks/linux/library/l-lpic1-v3-101-3/?ca=drs- IBM Learn Linux, 101: Runlevels, shutdown, and reboot]<br />
* [http://www.linux.com/news/enterprise/systems-management/8116-an-introduction-to-services-runlevels-and-rcd-scripts An introduction to services, runlevels, and rc.d scripts]<br />
<br />
==== Partitioning, Formatting and Mounting====<br />
* [http://tldp.org/HOWTO/Partition/ Linux Partition HOWTO]<br />
* [http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/4/html/Introduction_To_System_Administration/s2-storage-fs-mounting.html RedHat Documentation Mount Points]<br />
* [http://docs.fedoraproject.org/en-US/Fedora/15/html/Installation_Guide/ch-partitions-x86.html Fedora Documentation: An Introduction to Disk Partitions]<br />
<br />
==== SSH ====<br />
* [http://macnugget.org/projects/publickeys/ David McNett: using ssh public key authentication]<br />
* [https://help.ubuntu.com/community/SSH/OpenSSH/Keys Ubuntu SSH Keys Documentation]<br />
* [http://www.linuxtutorialblog.com/post/ssh-and-scp-howto-tips-tricks Linux Tutorial Blog: SSH and SCP: Howto, tips & tricks]<br />
<br />
==== Network Configuration ====<br />
* [http://www.debian-administration.org/articles/254 Debian-style Network Configuration] (Ubuntu Server uses the same style)<br />
* [http://docs.fedoraproject.org/en-US/Fedora/15/html/Deployment_Guide/s1-networkscripts-interfaces.html Fedora Nekwork Interface Configuration Files] <br />
<br />
==== Regular Expressions, Grep and SED ====<br />
* [http://www.zytrax.com/tech/web/regex.htm Regular Expressions - A Simple User Guide]<br />
* [http://linuxreviews.org/beginner/tao_of_regular_expressions Tao of Regular Expressions]<br />
<br />
=Archived Course Materials=<br />
== General Course Information ==<br />
* [[Franske CNT-2311 Labs|Lab List]]<br />
<br />
== Chapter Project Notes ==<br />
[[CNT-2311-Chapter 2 Notes]] <br><br />
[[CNT-2311-Chapter 3 Notes]] <br><br />
[[CNT-2311-Chapter 4 Notes]] <br><br />
[[CNT-2311-Chapter 5 Notes]] <br><br />
[[CNT-2311-Chapter 7 Notes]] <br><br />
[[CNT-2311-Chapter 8 Notes]] <br><br />
[[CNT-2311-Chapter 9 Notes]] <br><br />
[[CNT-2311-Chapter 10 Notes]] <br><br />
<br />
'''<br />
[http://wiki.ihcnt.net/w/Chapter_21_%26_24 CNT-2311-Chapter 21 & 24 Notes]'''<br />
<br />
== Projects ==<br />
<br />
* [[Dual Booting Ubuntu and Windows 7]]<br />
* [[GUID Partiton Table]]<br />
* [[Linux VLAN Trunking]]<br />
* [[Installing Webmin]]<br />
* [[Nat Masquerading and Firewall]]<br />
* [[Control Web Access With Squid]]<br />
* [[Installing MyBB Forum]]<br />
* [[openvpn]]<br />
* [[Zoneminder]]<br />
* [[Understanding Linux Permission Sets]]<br />
* [[Franske CNT-2311 SP10 Commands|Spring 2010 Commands by Session]]<br />
* [[Converting VMWare .vmdk To VirtualBox .vdi Using Qemu+ and VBoxManage]]<br />
* [[Linux command guide]]<br />
* [[Windows File Sharing and Printer Sharing with SAMBA]]<br />
* [[How to Setup NAT]]<br />
* [[Linux-command-list]]</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Linux_SSH_and_Samba_Notes&diff=4572Linux SSH and Samba Notes2011-07-14T14:34:47Z<p>Jacooch: </p>
<hr />
<div>Chapter 21 Linux Administration: A Beginners Guide<br />
<br />
<br />
'''Secure Shell (SSH)'''<br />
<br />
<br />
'''SSH Basics''' (Page 479)<br />
<br />
Linux supports remote login access through several different servers including Telnet, VNC and even X. They all transfer data over the network in unencrypted form. SSH encrypts the password exchange and all subsequent data transfers. SSH provides file transfer features & the ability to tunnel other network protocols Several SSH servers are available, the most popular is the OpenSSH server OpenSSH can be launched using a super script or with a SysV startup script (preferred) Configuring Basic SSH Features (page 486) The main configuration file for the OpenSSH server is /etc/ssh/sshd_config (page 490) The default settings work for most systems. You might want to check or modify: Protocol Level: Version 2.0 is preferred due to known vulnerabilities in earlier versions. Permit_Root_Login: The default is yes, but this is a security risk. X11_Forwarding: (X tunneling features) The default is no If you make changes to the configuration file, be sure to restart the server.<br />
<br />
<br />
<br />
'''SSH Keys (Page 480)'''<br />
<br />
<br />
<br />
SSH uses a security system that involves two keys: a Private Key and Public Key All parties that engage in an SSH communication have their own keys. These keys are mathematically linked so that data encrypted with a Public Key may only be decrypted with the matching Private Key. On the server, there are normally 4 to 6 keys and they are stored in /etc/ssh If keys are not present, you can generate them with the ssh-keygen command On the client, keys are stored in the ~/.ssh/known_hosts file. You can pre-populate this file on the client to prevent security warnings. <br />
Some good references are listed on page 483 if you want to delve further into encryption.<br />
<br />
'''SSH Clients (Page 485)'''<br />
<br />
<br />
There are several clients available for use with SSH.<br />
<br />
<br />
'''PuTTY''' is one of the oldest and most popular SSH Clients for Win32 platforms. It is free and can be downloaded at http://www.chiark.greenend.org.uk/~sgtatham/putty/<br />
<br />
'''OpenSSH''' for Mac OS X<br />
<br />
'''MindTerm''' This program supports V1 and 2 of SSH. Written in java it works on many UNIX platforms. http://www.cryptzone.com/products/agmindterm/<br />
<br />
'''FreeSSH''' for Windows http://www.freessh.org/ keeps track of programs both free and commercial for SSH clients and implementations.<br />
<br />
'''SecureCRT''' for windows. Commercial product. http://www.vandyke.com/products/securecrt/index.html<br />
<br />
<br />
'''Secure Copy''' (SCP) via SSH (page 495) <br />
<br />
SSH includes a file-copying command: scp It works like cp but you must specify the target computer You must use a colon at the end of this command to prevent renaming the file<br />
<br />
<br />
'''Secure FTP''' (SFTP) (page 495)<br />
<br />
<br />
Secure FTP is a subsystem of the ssh daemon. You can access the secure FTP server by using the sftp command line tool.<br />
Configuring Logins without Passwords<br />
SSH can be configured to allow logins without passing a password A security risk is if someone gains access to your account on the client, then they have your access to the server. To do this, you must generate a special key pair on the client, transfer the Public Key to the server, and place it in the ~/.ssh/authorized_keys file. <br />
Setting Up SSH Port Tunnels (page 491) <br />
SSH has the ability to encrypt other protocols and thus protect them in transit On the server side, must make sure that the /etc/ssh/sshd_config file has the option AllowTCPForwarding set to yes On the client side, you must establish a special SSH connection using the -N, -f, and the -L options.<br />
<br />
<br />
'''Chapter 24 Linux Administration: A Beginners Guide'''<br />
<br />
<br />
'''SAMBA'''<br />
<br />
<br />
'''Samba Basics''' (page 548)<br />
<br />
<br />
Samba is a suite of applications for allowing UINX based systems to operate with Windows based operating systems. Samba provides file and print sharing services to Windows clients. It does this through the use of native Microsoft networking protocols SMB/CIFS. Samba has been ported to many number of platforms including most variants of UNIX and several non-unix environments. <br />
<br />
<br />
'''Samba Mechanics''' (page 548)<br />
<br />
<br />
The Linux password and login mechanism is different from Windows PDC (Primary Domain Controller) model and the Windows Active Directory model. It is important for system administrators to keep passwords and logins consistent across both platforms. Relative to Samba there are several options for handling username and password issuers. <br />
<br />
Some of these are:<br />
<br />
'''The Linux Pluggable Authentication Modules (PAM)'''. Allows you to authenticate users against the PDC. This means you will have 2 users lists, one local and one on the PDC but users only need to remember one.<br />
<br />
'''Samba as PDC''' Allows you to keep all logins and passwords on the Linux system while all your windows systems authenticate with Samba.<br />
'''<br />
Roll your own solution using Perl''' Allows for the use of your own custom script. This can be done with WinPerl and Perl modules that allow changes to the Security Access manager (SAM) to update PDC’s password list.<br />
'''<br />
Encrypted Passwords'''<br />
<br />
Windows uses encrypted passwords when communicating with the PDC and any server requiring authentication (including Linux and Samba). The encryption algorithm used by windows is different from UNIX so it is therefore not compatible. <br />
<br />
Your choices in dealing with this are:<br />
1. Edit the registry on windows clients to disable the use of encrypted passwords. (As of v3 of Samba, this is no longer necessary)<br />
2. Configure Samba to use encrypted passwords.<br />
<br />
'''Samba Daemons'''<br />
<br />
The Samba code is actually composed of several components. The book examines three.<br />
1. SMBD – handles the actual sharing of file systems and printer services<br />
2. NMBD – is responsible for handling NETBIOS name service requests<br />
3. WINBINDD – can be used to query native Windows servers for user and group information that can then be used on purely Linux/UNIX platforms<br />
<br />
'''Installing and Running Samba'''<br />
<br />
Can be installed using yum, apt-get, or can be done via source. Once installed Samba can be configured thru the command line. It can also be configured with Webmin using its GUI interface.</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Linux_SSH_and_Samba_Notes&diff=4571Linux SSH and Samba Notes2011-07-14T14:31:33Z<p>Jacooch: </p>
<hr />
<div>Chapter 21 Linux Administration: A Beginners Guide<br />
<br />
<br />
'''Secure Shell (SSH)'''<br />
<br />
<br />
SSH Basics (Page 479)<br />
<br />
Linux supports remote login access through several different servers including Telnet, VNC and even X. They all transfer data over the network in unencrypted form. SSH encrypts the password exchange and all subsequent data transfers. SSH provides file transfer features & the ability to tunnel other network protocols Several SSH servers are available, the most popular is the OpenSSH server OpenSSH can be launched using a super script or with a SysV startup script (preferred) Configuring Basic SSH Features (page 486) The main configuration file for the OpenSSH server is /etc/ssh/sshd_config (page 490) The default settings work for most systems. You might want to check or modify: Protocol Level: Version 2.0 is preferred due to known vulnerabilities in earlier versions. Permit_Root_Login: The default is yes, but this is a security risk. X11_Forwarding: (X tunneling features) The default is no If you make changes to the configuration file, be sure to restart the server.<br />
<br />
'''<br />
SSH Keys (Page 480)'''<br />
<br />
SSH uses a security system that involves two keys: a Private Key and Public Key All parties that engage in an SSH communication have their own keys. These keys are mathematically linked so that data encrypted with a Public Key may only be decrypted with the matching Private Key. On the server, there are normally 4 to 6 keys and they are stored in /etc/ssh If keys are not present, you can generate them with the ssh-keygen command On the client, keys are stored in the ~/.ssh/known_hosts file. You can pre-populate this file on the client to prevent security warnings. <br />
Some good references are listed on page 483 if you want to delve further into encryption.<br />
<br />
'''<br />
<br />
SSH Clients (Page 485)''' <br />
<br />
There are several clients available for use with SSH.<br />
<br />
'''PuTTY''' is one of the oldest and most popular SSH Clients for Win32 platforms. It is free and can be downloaded at http://www.chiark.greenend.org.uk/~sgtatham/putty/<br />
<br />
'''OpenSSH''' for Mac OS X<br />
<br />
'''MindTerm''' This program supports V1 and 2 of SSH. Written in java it works on many UNIX platforms. http://www.cryptzone.com/products/agmindterm/<br />
<br />
'''FreeSSH''' for Windows http://www.freessh.org/ keeps track of programs both free and commercial for SSH clients and implementations.<br />
<br />
'''SecureCRT''' for windows. Commercial product. http://www.vandyke.com/products/securecrt/index.html<br />
<br />
<br />
'''Secure Copy''' (SCP) via SSH (page 495) <br />
<br />
SSH includes a file-copying command: scp It works like cp but you must specify the target computer You must use a colon at the end of this command to prevent renaming the file<br />
<br />
<br />
'''Secure FTP''' (SFTP) (page 495)<br />
<br />
<br />
Secure FTP is a subsystem of the ssh daemon. You can access the secure FTP server by using the sftp command line tool.<br />
Configuring Logins without Passwords<br />
SSH can be configured to allow logins without passing a password A security risk is if someone gains access to your account on the client, then they have your access to the server. To do this, you must generate a special key pair on the client, transfer the Public Key to the server, and place it in the ~/.ssh/authorized_keys file. <br />
Setting Up SSH Port Tunnels (page 491) <br />
SSH has the ability to encrypt other protocols and thus protect them in transit On the server side, must make sure that the /etc/ssh/sshd_config file has the option AllowTCPForwarding set to yes On the client side, you must establish a special SSH connection using the -N, -f, and the -L options.<br />
<br />
'''<br />
Chapter 24 Linux Administration: A Beginners Guide'''<br />
<br />
'''SAMBA'''<br />
<br />
'''Samba Basics''' (page 548)<br />
<br />
<br />
Samba is a suite of applications for allowing UINX based systems to operate with Windows based operating systems. Samba provides file and print sharing services to Windows clients. It does this through the use of native Microsoft networking protocols SMB/CIFS. Samba has been ported to many number of platforms including most variants of UNIX and several non-unix environments. <br />
<br />
'''Samba Mechanics''' (page 548)<br />
<br />
<br />
The Linux password and login mechanism is different from Windows PDC (Primary Domain Controller) model and the Windows Active Directory model. It is important for system administrators to keep passwords and logins consistent across both platforms. Relative to Samba there are several options for handling username and password issuers. <br />
<br />
Some of these are:<br />
<br />
'''The Linux Pluggable Authentication Modules (PAM)'''. Allows you to authenticate users against the PDC. This means you will have 2 users lists, one local and one on the PDC but users only need to remember one.<br />
<br />
'''Samba as PDC''' Allows you to keep all logins and passwords on the Linux system while all your windows systems authenticate with Samba.<br />
'''<br />
Roll your own solution using Perl''' Allows for the use of your own custom script. This can be done with WinPerl and Perl modules that allow changes to the Security Access manager (SAM) to update PDC’s password list.<br />
'''<br />
Encrypted Passwords'''<br />
<br />
Windows uses encrypted passwords when communicating with the PDC and any server requiring authentication (including Linux and Samba). The encryption algorithm used by windows is different from UNIX so it is therefore not compatible. <br />
<br />
Your choices in dealing with this are:<br />
1. Edit the registry on windows clients to disable the use of encrypted passwords. (As of v3 of Samba, this is no longer necessary)<br />
2. Configure Samba to use encrypted passwords.<br />
<br />
'''Samba Daemons'''<br />
<br />
The Samba code is actually composed of several components. The book examines three.<br />
1. SMBD – handles the actual sharing of file systems and printer services<br />
2. NMBD – is responsible for handling NETBIOS name service requests<br />
3. WINBINDD – can be used to query native Windows servers for user and group information that can then be used on purely Linux/UNIX platforms<br />
<br />
'''Installing and Running Samba'''<br />
<br />
Can be installed using yum, apt-get, or can be done via source. Once installed Samba can be configured thru the command line. It can also be configured with Webmin using its GUI interface.</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Linux_SSH_and_Samba_Notes&diff=4570Linux SSH and Samba Notes2011-07-14T14:30:25Z<p>Jacooch: </p>
<hr />
<div>Chapter 21 Linux Administration: A Beginners Guide<br />
<br />
'''Secure Shell (SSH)<br />
'''<br />
<br />
SSH Basics (Page 479) <br />
<br />
Linux supports remote login access through several different servers including Telnet, VNC and even X. They all transfer data over the network in unencrypted form. SSH encrypts the password exchange and all subsequent data transfers. SSH provides file transfer features & the ability to tunnel other network protocols Several SSH servers are available, the most popular is the OpenSSH server OpenSSH can be launched using a super script or with a SysV startup script (preferred) Configuring Basic SSH Features (page 486) The main configuration file for the OpenSSH server is /etc/ssh/sshd_config (page 490) The default settings work for most systems. You might want to check or modify: Protocol Level: Version 2.0 is preferred due to known vulnerabilities in earlier versions. Permit_Root_Login: The default is yes, but this is a security risk. X11_Forwarding: (X tunneling features) The default is no If you make changes to the configuration file, be sure to restart the server. <br />
<br />
'''SSH Keys (Page 480)''' <br />
<br />
SSH uses a security system that involves two keys: a Private Key and Public Key All parties that engage in an SSH communication have their own keys. These keys are mathematically linked so that data encrypted with a Public Key may only be decrypted with the matching Private Key. On the server, there are normally 4 to 6 keys and they are stored in /etc/ssh If keys are not present, you can generate them with the ssh-keygen command On the client, keys are stored in the ~/.ssh/known_hosts file. You can pre-populate this file on the client to prevent security warnings. <br />
Some good references are listed on page 483 if you want to delve further into encryption.<br />
'''<br />
<br />
SSH Clients (Page 485)''' <br />
<br />
There are several clients available for use with SSH.<br />
<br />
'''PuTTY''' is one of the oldest and most popular SSH Clients for Win32 platforms. It is free and can be downloaded at http://www.chiark.greenend.org.uk/~sgtatham/putty/<br />
<br />
'''OpenSSH''' for Mac OS X<br />
<br />
'''MindTerm''' This program supports V1 and 2 of SSH. Written in java it works on many UNIX platforms. http://www.cryptzone.com/products/agmindterm/<br />
<br />
'''FreeSSH''' for Windows http://www.freessh.org/ keeps track of programs both free and commercial for SSH clients and implementations.<br />
<br />
'''SecureCRT''' for windows. Commercial product. http://www.vandyke.com/products/securecrt/index.html<br />
<br />
<br />
'''Secure Copy''' (SCP) via SSH (page 495) <br />
<br />
SSH includes a file-copying command: scp It works like cp but you must specify the target computer You must use a colon at the end of this command to prevent renaming the file<br />
<br />
<br />
'''Secure FTP''' (SFTP) (page 495)<br />
<br />
<br />
Secure FTP is a subsystem of the ssh daemon. You can access the secure FTP server by using the sftp command line tool.<br />
Configuring Logins without Passwords<br />
SSH can be configured to allow logins without passing a password A security risk is if someone gains access to your account on the client, then they have your access to the server. To do this, you must generate a special key pair on the client, transfer the Public Key to the server, and place it in the ~/.ssh/authorized_keys file. <br />
Setting Up SSH Port Tunnels (page 491) <br />
SSH has the ability to encrypt other protocols and thus protect them in transit On the server side, must make sure that the /etc/ssh/sshd_config file has the option AllowTCPForwarding set to yes On the client side, you must establish a special SSH connection using the -N, -f, and the -L options.<br />
<br />
'''<br />
Chapter 24 Linux Administration: A Beginners Guide'''<br />
<br />
'''SAMBA'''<br />
<br />
'''Samba Basics''' (page 548)<br />
<br />
<br />
Samba is a suite of applications for allowing UINX based systems to operate with Windows based operating systems. Samba provides file and print sharing services to Windows clients. It does this through the use of native Microsoft networking protocols SMB/CIFS. Samba has been ported to many number of platforms including most variants of UNIX and several non-unix environments. <br />
<br />
'''Samba Mechanics''' (page 548)<br />
<br />
<br />
The Linux password and login mechanism is different from Windows PDC (Primary Domain Controller) model and the Windows Active Directory model. It is important for system administrators to keep passwords and logins consistent across both platforms. Relative to Samba there are several options for handling username and password issuers. <br />
<br />
Some of these are:<br />
<br />
'''The Linux Pluggable Authentication Modules (PAM)'''. Allows you to authenticate users against the PDC. This means you will have 2 users lists, one local and one on the PDC but users only need to remember one.<br />
<br />
'''Samba as PDC''' Allows you to keep all logins and passwords on the Linux system while all your windows systems authenticate with Samba.<br />
'''<br />
Roll your own solution using Perl''' Allows for the use of your own custom script. This can be done with WinPerl and Perl modules that allow changes to the Security Access manager (SAM) to update PDC’s password list.<br />
'''<br />
Encrypted Passwords'''<br />
<br />
Windows uses encrypted passwords when communicating with the PDC and any server requiring authentication (including Linux and Samba). The encryption algorithm used by windows is different from UNIX so it is therefore not compatible. <br />
<br />
Your choices in dealing with this are:<br />
1. Edit the registry on windows clients to disable the use of encrypted passwords. (As of v3 of Samba, this is no longer necessary)<br />
2. Configure Samba to use encrypted passwords.<br />
<br />
'''Samba Daemons'''<br />
<br />
The Samba code is actually composed of several components. The book examines three.<br />
1. SMBD – handles the actual sharing of file systems and printer services<br />
2. NMBD – is responsible for handling NETBIOS name service requests<br />
3. WINBINDD – can be used to query native Windows servers for user and group information that can then be used on purely Linux/UNIX platforms<br />
<br />
'''Installing and Running Samba'''<br />
<br />
Can be installed using yum, apt-get, or can be done via source. Once installed Samba can be configured thru the command line. It can also be configured with Webmin using its GUI interface.</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Linux_SSH_and_Samba_Notes&diff=4547Linux SSH and Samba Notes2011-07-13T18:09:36Z<p>Jacooch: </p>
<hr />
<div>Chapter 21 Linux Administration: A Beginners Guide<br />
<br />
'''Secure Shell (SSH)<br />
'''<br />
SSH Basics (Page 479) <br />
Linux supports remote login access through several different servers including Telnet, VNC and even X. They all transfer data over the network in unencrypted form. SSH encrypts the password exchange and all subsequent data transfers. SSH provides file transfer features & the ability to tunnel other network protocols Several SSH servers are available, the most popular is the OpenSSH server OpenSSH can be launched using a super script or with a SysV startup script (preferred) Configuring Basic SSH Features (page 486) The main configuration file for the OpenSSH server is /etc/ssh/sshd_config (page 490) The default settings work for most systems. You might want to check or modify: Protocol Level: Version 2.0 is preferred due to known vulnerabilities in earlier versions. Permit_Root_Login: The default is yes, but this is a security risk. X11_Forwarding: (X tunneling features) The default is no If you make changes to the configuration file, be sure to restart the server. <br />
<br />
'''SSH Keys (Page 480)''' <br />
<br />
SSH uses a security system that involves two keys: a Private Key and Public Key All parties that engage in an SSH communication have their own keys. These keys are mathematically linked so that data encrypted with a Public Key may only be decrypted with the matching Private Key. On the server, there are normally 4 to 6 keys and they are stored in /etc/ssh If keys are not present, you can generate them with the ssh-keygen command On the client, keys are stored in the ~/.ssh/known_hosts file. You can pre-populate this file on the client to prevent security warnings. <br />
Some good references are listed on page 483 if you want to delve further into encryption.<br />
'''<br />
SSH Clients (Page 485)''' <br />
<br />
There are several clients available for use with SSH.<br />
<br />
'''PuTTY''' is one of the oldest and most popular SSH Clients for Win32 platforms. It is free and can be downloaded at http://www.chiark.greenend.org.uk/~sgtatham/putty/<br />
<br />
'''OpenSSH''' for Mac OS X<br />
<br />
'''MindTerm''' This program supports V1 and 2 of SSH. Written in java it works on many UNIX platforms. http://www.cryptzone.com/products/agmindterm/<br />
<br />
'''FreeSSH''' for Windows http://www.freessh.org/ keeps track of programs both free and commercial for SSH clients and implementations.<br />
<br />
'''SecureCRT''' for windows. Commercial product. http://www.vandyke.com/products/securecrt/index.html<br />
<br />
<br />
'''Secure Copy''' (SCP) via SSH (page 495) <br />
<br />
SSH includes a file-copying command: scp It works like cp but you must specify the target computer You must use a colon at the end of this command to prevent renaming the file<br />
<br />
<br />
'''Secure FTP''' (SFTP) (page 495)<br />
<br />
<br />
Secure FTP is a subsystem of the ssh daemon. You can access the secure FTP server by using the sftp command line tool.<br />
Configuring Logins without Passwords<br />
SSH can be configured to allow logins without passing a password A security risk is if someone gains access to your account on the client, then they have your access to the server. To do this, you must generate a special key pair on the client, transfer the Public Key to the server, and place it in the ~/.ssh/authorized_keys file. <br />
Setting Up SSH Port Tunnels (page 491) <br />
SSH has the ability to encrypt other protocols and thus protect them in transit On the server side, must make sure that the /etc/ssh/sshd_config file has the option AllowTCPForwarding set to yes On the client side, you must establish a special SSH connection using the -N, -f, and the -L options.<br />
<br />
'''<br />
Chapter 24 Linux Administration: A Beginners Guide'''<br />
<br />
'''SAMBA'''<br />
<br />
'''Samba Basics''' (page 548)<br />
<br />
<br />
Samba is a suite of applications for allowing UINX based systems to operate with Windows based operating systems. Samba provides file and print sharing services to Windows clients. It does this through the use of native Microsoft networking protocols SMB/CIFS. Samba has been ported to many number of platforms including most variants of UNIX and several non-unix environments. <br />
<br />
'''Samba Mechanics''' (page 548)<br />
<br />
<br />
The Linux password and login mechanism is different from Windows PDC (Primary Domain Controller) model and the Windows Active Directory model. It is important for system administrators to keep passwords and logins consistent across both platforms. Relative to Samba there are several options for handling username and password issuers. <br />
<br />
Some of these are:<br />
<br />
'''The Linux Pluggable Authentication Modules (PAM)'''. Allows you to authenticate users against the PDC. This means you will have 2 users lists, one local and one on the PDC but users only need to remember one.<br />
<br />
'''Samba as PDC''' Allows you to keep all logins and passwords on the Linux system while all your windows systems authenticate with Samba.<br />
'''<br />
Roll your own solution using Perl''' Allows for the use of your own custom script. This can be done with WinPerl and Perl modules that allow changes to the Security Access manager (SAM) to update PDC’s password list.<br />
'''<br />
Encrypted Passwords'''<br />
<br />
Windows uses encrypted passwords when communicating with the PDC and any server requiring authentication (including Linux and Samba). The encryption algorithm used by windows is different from UNIX so it is therefore not compatible. <br />
<br />
Your choices in dealing with this are:<br />
1. Edit the registry on windows clients to disable the use of encrypted passwords. (As of v3 of Samba, this is no longer necessary)<br />
2. Configure Samba to use encrypted passwords.<br />
<br />
'''Samba Daemons'''<br />
<br />
The Samba code is actually composed of several components. The book examines three.<br />
1. SMBD – handles the actual sharing of file systems and printer services<br />
2. NMBD – is responsible for handling NETBIOS name service requests<br />
3. WINBINDD – can be used to query native Windows servers for user and group information that can then be used on purely Linux/UNIX platforms<br />
<br />
'''Installing and Running Samba'''<br />
<br />
Can be installed using yum, apt-get, or can be done via source. Once installed Samba can be configured thru the command line. It can also be configured with Webmin using its GUI interface.</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Linux_SSH_and_Samba_Notes&diff=4546Linux SSH and Samba Notes2011-07-13T18:08:19Z<p>Jacooch: </p>
<hr />
<div>Chapter 21 Linux Administration: A Beginners Guide<br />
<br />
'''Secure Shell (SSH)<br />
'''<br />
SSH Basics (Page 479) <br />
Linux supports remote login access through several different servers including Telnet, VNC and even X. They all transfer data over the network in unencrypted form. SSH encrypts the password exchange and all subsequent data transfers. SSH provides file transfer features & the ability to tunnel other network protocols Several SSH servers are available, the most popular is the OpenSSH server OpenSSH can be launched using a super script or with a SysV startup script (preferred) Configuring Basic SSH Features (page 486) The main configuration file for the OpenSSH server is /etc/ssh/sshd_config (page 490) The default settings work for most systems. You might want to check or modify: Protocol Level: Version 2.0 is preferred due to known vulnerabilities in earlier versions. Permit_Root_Login: The default is yes, but this is a security risk. X11_Forwarding: (X tunneling features) The default is no If you make changes to the configuration file, be sure to restart the server. <br />
<br />
'''SSH Keys (Page 480)''' <br />
<br />
SSH uses a security system that involves two keys: a Private Key and Public Key All parties that engage in an SSH communication have their own keys. These keys are mathematically linked so that data encrypted with a Public Key may only be decrypted with the matching Private Key. On the server, there are normally 4 to 6 keys and they are stored in /etc/ssh If keys are not present, you can generate them with the ssh-keygen command On the client, keys are stored in the ~/.ssh/known_hosts file. You can pre-populate this file on the client to prevent security warnings. <br />
Some good references are listed on page 483 if you want to delve further into encryption.<br />
'''<br />
SSH Clients (Page 485)''' <br />
<br />
There are several clients available for use with SSH. <br />
'''PuTTY''' is one of the oldest and most popular SSH Clients for Win32 platforms. It is free and can be downloaded at http://www.chiark.greenend.org.uk/~sgtatham/putty/<br />
<br />
'''OpenSSH''' for Mac OS X<br />
<br />
'''MindTerm''' This program supports V1 and 2 of SSH. Written in java it works on many UNIX platforms. http://www.cryptzone.com/products/agmindterm/<br />
<br />
'''FreeSSH''' for Windows http://www.freessh.org/ keeps track of programs both free and commercial for SSH clients and implementations.<br />
<br />
'''SecureCRT''' for windows. Commercial product. http://www.vandyke.com/products/securecrt/index.html<br />
<br />
<br />
'''Secure Copy''' (SCP) via SSH (page 495) <br />
<br />
SSH includes a file-copying command: scp It works like cp but you must specify the target computer You must use a colon at the end of this command to prevent renaming the file <br />
<br />
'''Secure FTP''' (SFTP) (page 495)<br />
<br />
Secure FTP is a subsystem of the ssh daemon. You can access the secure FTP server by using the sftp command line tool.<br />
Configuring Logins without Passwords<br />
SSH can be configured to allow logins without passing a password A security risk is if someone gains access to your account on the client, then they have your access to the server. To do this, you must generate a special key pair on the client, transfer the Public Key to the server, and place it in the ~/.ssh/authorized_keys file. <br />
Setting Up SSH Port Tunnels (page 491) <br />
SSH has the ability to encrypt other protocols and thus protect them in transit On the server side, must make sure that the /etc/ssh/sshd_config file has the option AllowTCPForwarding set to yes On the client side, you must establish a special SSH connection using the -N, -f, and the -L options. <br />
'''<br />
Chapter 24 Linux Administration: A Beginners Guide'''<br />
<br />
SAMBA – Chapter 24<br />
<br />
'''Samba Basics''' (page 548)<br />
<br />
Samba is a suite of applications for allowing UINX based systems to operate with Windows based operating systems. Samba provides file and print sharing services to Windows clients. It does this through the use of native Microsoft networking protocols SMB/CIFS. Samba has been ported to many number of platforms including most variants of UNIX and several non-unix environments. <br />
<br />
'''Samba Mechanics (page 548)'''<br />
<br />
The Linux password and login mechanism is different from Windows PDC (Primary Domain Controller) model and the Windows Active Directory model. It is important for system administrators to keep passwords and logins consistent across both platforms. Relative to Samba there are several options for handling username and password issuers. <br />
<br />
Some of these are:<br />
<br />
'''The Linux Pluggable Authentication Modules (PAM)'''. Allows you to authenticate users against the PDC. This means you will have 2 users lists, one local and one on the PDC but users only need to remember one.<br />
<br />
'''Samba as PDC''' Allows you to keep all logins and passwords on the Linux system while all your windows systems authenticate with Samba.<br />
'''<br />
Roll your own solution using Perl''' Allows for the use of your own custom script. This can be done with WinPerl and Perl modules that allow changes to the Security Access manager (SAM) to update PDC’s password list.<br />
'''<br />
Encrypted Passwords'''<br />
<br />
Windows uses encrypted passwords when communicating with the PDC and any server requiring authentication (including Linux and Samba). The encryption algorithm used by windows is different from UNIX so it is therefore not compatible. <br />
<br />
Your choices in dealing with this are:<br />
1. Edit the registry on windows clients to disable the use of encrypted passwords. (As of v3 of Samba, this is no longer necessary)<br />
2. Configure Samba to use encrypted passwords.<br />
<br />
'''Samba Daemons'''<br />
<br />
The Samba code is actually composed of several components. The book examines three.<br />
1. SMBD – handles the actual sharing of file systems and printer services<br />
2. NMBD – is responsible for handling NETBIOS name service requests<br />
3. WINBINDD – can be used to query native Windows servers for user and group information that can then be used on purely Linux/UNIX platforms<br />
<br />
'''Installing and Running Samba'''<br />
<br />
Can be installed using yum, apt-get, or can be done via source. Once installed Samba can be configured thru the command line. It can also be configured with Webmin using its GUI interface.</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Chapter_21%2624&diff=4545Chapter 21&242011-07-13T18:02:33Z<p>Jacooch: moved Chapter 21&24 to Chapter 21 & 24</p>
<hr />
<div>#REDIRECT [[Chapter 21 & 24]]</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Linux_SSH_and_Samba_Notes&diff=4544Linux SSH and Samba Notes2011-07-13T18:02:33Z<p>Jacooch: moved Chapter 21&24 to Chapter 21 & 24</p>
<hr />
<div>Chapter 21 Linux Administration: A Beginners Guide<br />
<br />
'''Secure Shell (SSH)<br />
'''<br />
SSH Basics (Page 479) <br />
Linux supports remote login access through several different servers including Telnet, VNC and even X. They all transfer data over the network in unencrypted form. SSH encrypts the password exchange and all subsequent data transfers. SSH provides file transfer features & the ability to tunnel other network protocols Several SSH servers are available, the most popular is the OpenSSH server OpenSSH can be launched using a super script or with a SysV startup script (preferred) Configuring Basic SSH Features (page 486) The main configuration file for the OpenSSH server is /etc/ssh/sshd_config (page 490) The default settings work for most systems. You might want to check or modify: Protocol Level: Version 2.0 is preferred due to known vulnerabilities in earlier versions. Permit_Root_Login: The default is yes, but this is a security risk. X11_Forwarding: (X tunneling features) The default is no If you make changes to the configuration file, be sure to restart the server. <br />
<br />
'''SSH Keys (Page 480)''' <br />
<br />
SSH uses a security system that involves two keys: a Private Key and Public Key All parties that engage in an SSH communication have their own keys. These keys are mathematically linked so that data encrypted with a Public Key may only be decrypted with the matching Private Key. On the server, there are normally 4 to 6 keys and they are stored in /etc/ssh If keys are not present, you can generate them with the ssh-keygen command On the client, keys are stored in the ~/.ssh/known_hosts file. You can pre-populate this file on the client to prevent security warnings. <br />
Some good references are listed on page 483 if you want to delve further into encryption.<br />
'''<br />
SSH Clients (Page 485)''' <br />
<br />
There are several clients available for use with SSH. <br />
'''PuTTY''' is one of the oldest and most popular SSH Clients for Win32 platforms. It is free and can be downloaded at http://www.chiark.greenend.org.uk/~sgtatham/putty/<br />
'''OpenSSH''' for Mac OS X<br />
'''MindTerm''' This program supports V1 and 2 of SSH. Written in java it works on many UNIX platforms. http://www.cryptzone.com/products/agmindterm/<br />
'''FreeSSH''' for Windows http://www.freessh.org/ keeps track of programs both free and commercial for SSH clients and implementaions.<br />
'''SecureCRT''' for windows. Commercial product. http://www.vandyke.com/products/securecrt/index.html<br />
<br />
'''Secure Copy''' (SCP) via SSH (page 495) <br />
<br />
SSH includes a file-copying command: scp It works like cp but you must specify the target computer You must use a colon at the end of this command to prevent renaming the file <br />
<br />
'''Secure FTP''' (SFTP) (page 495)<br />
<br />
Secure FTP is a subsystem of the ssh daemon. You can access the secure FTP server by using the sftp command line tool.<br />
Configuring Logins without Passwords<br />
SSH can be configured to allow logins without passing a password A security risk is if someone gains access to your account on the client, then they have your access to the server. To do this, you must generate a special key pair on the client, transfer the Public Key to the server, and place it in the ~/.ssh/authorized_keys file. <br />
Setting Up SSH Port Tunnels (page 491) <br />
SSH has the ability to encrypt other protocols and thus protect them in transit On the server side, must make sure that the /etc/ssh/sshd_config file has the option AllowTCPForwarding set to yes On the client side, you must establish a special SSH connection using the -N, -f, and the -L options. <br />
'''<br />
Chapter 24 Linux Administration: A Beginners Guide'''<br />
<br />
SAMBA – Chapter 24<br />
<br />
'''Samba Basics''' (page 548)<br />
<br />
Samba is a suite of applications for allowing UINX based systems to operate with Windows based operating systems. Samba provides file and print sharing services to Windows clients. It does this through the use of native Microsoft networking protocols SMB/CIFS. Samba has been ported to many number of platforms including most variants of UNIX and several non-unix environments. <br />
Samba Mechanics (page 548)<br />
<br />
The Linux password and login mechanism is different from Windows PDC (Primary Domain Controller) model and the Windows Active Directory model. It is important for system administrators to keep passwords and logins consistent across both platforms. Relative to Samba there are several options for handling username and password issuers. Some of these are: <br />
The Linux Pluggable Authentication Modules (PAM). Allows you to authenticate users against the PDC. This means you will have 2 users lists, one local and one on the PDC but users only need to remember one.<br />
Samba as PDC Allows you to keep all logins and passwords on the Linux system while all your windows systems authenticate with Samba.<br />
Roll your own solution using Perl Allows for the use of your own custom script. This can be done with WinPerl and Perl modules that allow changes to the Security Access manager (SAM) to update PDC’s password list.<br />
Encrypted Passwords - Windows uses encrypted passwords when communicating with the PDC and any server requiring authentication (including Linux and Samba). The encryption algorithm used by windows is different from UNIX so it is therefore not compatible. Your choices in dealing with this are 1) Edit the registry on windows clients to disable the use of encrypted passwords. (As of v3 of Samba, this is no longer necessary); or 2) Configure Samba to use encrypted passwords.<br />
<br />
'''Samba Daemons'''<br />
<br />
The Samba code is actually composed of several components. The book examines three.<br />
1. SMBD – handles the actual sharing of file systems and printer services<br />
2. NMBD – is responsible for handling NETBIOS name service requests<br />
3. WINBINDD – can be used to query native Windows servers for user and group information that can then be used on purely Linux/UNIX platforms<br />
<br />
'''Installing and Running Samba'''<br />
<br />
Can be installed using yum, apt-get, or can be done via source. Once installed Samba can be configured thru the command line. It can also be configured with Webmin using its GUI interface.</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Chapter2124&diff=4543Chapter21242011-07-13T18:02:21Z<p>Jacooch: moved Chapter2124 to Chapter 21&24</p>
<hr />
<div>#REDIRECT [[Chapter 21&24]]</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Linux_SSH_and_Samba_Notes&diff=4542Linux SSH and Samba Notes2011-07-13T18:02:21Z<p>Jacooch: moved Chapter2124 to Chapter 21&24</p>
<hr />
<div>Chapter 21 Linux Administration: A Beginners Guide<br />
<br />
'''Secure Shell (SSH)<br />
'''<br />
SSH Basics (Page 479) <br />
Linux supports remote login access through several different servers including Telnet, VNC and even X. They all transfer data over the network in unencrypted form. SSH encrypts the password exchange and all subsequent data transfers. SSH provides file transfer features & the ability to tunnel other network protocols Several SSH servers are available, the most popular is the OpenSSH server OpenSSH can be launched using a super script or with a SysV startup script (preferred) Configuring Basic SSH Features (page 486) The main configuration file for the OpenSSH server is /etc/ssh/sshd_config (page 490) The default settings work for most systems. You might want to check or modify: Protocol Level: Version 2.0 is preferred due to known vulnerabilities in earlier versions. Permit_Root_Login: The default is yes, but this is a security risk. X11_Forwarding: (X tunneling features) The default is no If you make changes to the configuration file, be sure to restart the server. <br />
<br />
'''SSH Keys (Page 480)''' <br />
<br />
SSH uses a security system that involves two keys: a Private Key and Public Key All parties that engage in an SSH communication have their own keys. These keys are mathematically linked so that data encrypted with a Public Key may only be decrypted with the matching Private Key. On the server, there are normally 4 to 6 keys and they are stored in /etc/ssh If keys are not present, you can generate them with the ssh-keygen command On the client, keys are stored in the ~/.ssh/known_hosts file. You can pre-populate this file on the client to prevent security warnings. <br />
Some good references are listed on page 483 if you want to delve further into encryption.<br />
'''<br />
SSH Clients (Page 485)''' <br />
<br />
There are several clients available for use with SSH. <br />
'''PuTTY''' is one of the oldest and most popular SSH Clients for Win32 platforms. It is free and can be downloaded at http://www.chiark.greenend.org.uk/~sgtatham/putty/<br />
'''OpenSSH''' for Mac OS X<br />
'''MindTerm''' This program supports V1 and 2 of SSH. Written in java it works on many UNIX platforms. http://www.cryptzone.com/products/agmindterm/<br />
'''FreeSSH''' for Windows http://www.freessh.org/ keeps track of programs both free and commercial for SSH clients and implementaions.<br />
'''SecureCRT''' for windows. Commercial product. http://www.vandyke.com/products/securecrt/index.html<br />
<br />
'''Secure Copy''' (SCP) via SSH (page 495) <br />
<br />
SSH includes a file-copying command: scp It works like cp but you must specify the target computer You must use a colon at the end of this command to prevent renaming the file <br />
<br />
'''Secure FTP''' (SFTP) (page 495)<br />
<br />
Secure FTP is a subsystem of the ssh daemon. You can access the secure FTP server by using the sftp command line tool.<br />
Configuring Logins without Passwords<br />
SSH can be configured to allow logins without passing a password A security risk is if someone gains access to your account on the client, then they have your access to the server. To do this, you must generate a special key pair on the client, transfer the Public Key to the server, and place it in the ~/.ssh/authorized_keys file. <br />
Setting Up SSH Port Tunnels (page 491) <br />
SSH has the ability to encrypt other protocols and thus protect them in transit On the server side, must make sure that the /etc/ssh/sshd_config file has the option AllowTCPForwarding set to yes On the client side, you must establish a special SSH connection using the -N, -f, and the -L options. <br />
'''<br />
Chapter 24 Linux Administration: A Beginners Guide'''<br />
<br />
SAMBA – Chapter 24<br />
<br />
'''Samba Basics''' (page 548)<br />
<br />
Samba is a suite of applications for allowing UINX based systems to operate with Windows based operating systems. Samba provides file and print sharing services to Windows clients. It does this through the use of native Microsoft networking protocols SMB/CIFS. Samba has been ported to many number of platforms including most variants of UNIX and several non-unix environments. <br />
Samba Mechanics (page 548)<br />
<br />
The Linux password and login mechanism is different from Windows PDC (Primary Domain Controller) model and the Windows Active Directory model. It is important for system administrators to keep passwords and logins consistent across both platforms. Relative to Samba there are several options for handling username and password issuers. Some of these are: <br />
The Linux Pluggable Authentication Modules (PAM). Allows you to authenticate users against the PDC. This means you will have 2 users lists, one local and one on the PDC but users only need to remember one.<br />
Samba as PDC Allows you to keep all logins and passwords on the Linux system while all your windows systems authenticate with Samba.<br />
Roll your own solution using Perl Allows for the use of your own custom script. This can be done with WinPerl and Perl modules that allow changes to the Security Access manager (SAM) to update PDC’s password list.<br />
Encrypted Passwords - Windows uses encrypted passwords when communicating with the PDC and any server requiring authentication (including Linux and Samba). The encryption algorithm used by windows is different from UNIX so it is therefore not compatible. Your choices in dealing with this are 1) Edit the registry on windows clients to disable the use of encrypted passwords. (As of v3 of Samba, this is no longer necessary); or 2) Configure Samba to use encrypted passwords.<br />
<br />
'''Samba Daemons'''<br />
<br />
The Samba code is actually composed of several components. The book examines three.<br />
1. SMBD – handles the actual sharing of file systems and printer services<br />
2. NMBD – is responsible for handling NETBIOS name service requests<br />
3. WINBINDD – can be used to query native Windows servers for user and group information that can then be used on purely Linux/UNIX platforms<br />
<br />
'''Installing and Running Samba'''<br />
<br />
Can be installed using yum, apt-get, or can be done via source. Once installed Samba can be configured thru the command line. It can also be configured with Webmin using its GUI interface.</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Linux_SSH_and_Samba_Notes&diff=4541Linux SSH and Samba Notes2011-07-13T18:00:57Z<p>Jacooch: Created page with "Chapter 21 Linux Administration: A Beginners Guide '''Secure Shell (SSH) ''' SSH Basics (Page 479) Linux supports remote login access through several different servers includin..."</p>
<hr />
<div>Chapter 21 Linux Administration: A Beginners Guide<br />
<br />
'''Secure Shell (SSH)<br />
'''<br />
SSH Basics (Page 479) <br />
Linux supports remote login access through several different servers including Telnet, VNC and even X. They all transfer data over the network in unencrypted form. SSH encrypts the password exchange and all subsequent data transfers. SSH provides file transfer features & the ability to tunnel other network protocols Several SSH servers are available, the most popular is the OpenSSH server OpenSSH can be launched using a super script or with a SysV startup script (preferred) Configuring Basic SSH Features (page 486) The main configuration file for the OpenSSH server is /etc/ssh/sshd_config (page 490) The default settings work for most systems. You might want to check or modify: Protocol Level: Version 2.0 is preferred due to known vulnerabilities in earlier versions. Permit_Root_Login: The default is yes, but this is a security risk. X11_Forwarding: (X tunneling features) The default is no If you make changes to the configuration file, be sure to restart the server. <br />
<br />
'''SSH Keys (Page 480)''' <br />
<br />
SSH uses a security system that involves two keys: a Private Key and Public Key All parties that engage in an SSH communication have their own keys. These keys are mathematically linked so that data encrypted with a Public Key may only be decrypted with the matching Private Key. On the server, there are normally 4 to 6 keys and they are stored in /etc/ssh If keys are not present, you can generate them with the ssh-keygen command On the client, keys are stored in the ~/.ssh/known_hosts file. You can pre-populate this file on the client to prevent security warnings. <br />
Some good references are listed on page 483 if you want to delve further into encryption.<br />
'''<br />
SSH Clients (Page 485)''' <br />
<br />
There are several clients available for use with SSH. <br />
'''PuTTY''' is one of the oldest and most popular SSH Clients for Win32 platforms. It is free and can be downloaded at http://www.chiark.greenend.org.uk/~sgtatham/putty/<br />
'''OpenSSH''' for Mac OS X<br />
'''MindTerm''' This program supports V1 and 2 of SSH. Written in java it works on many UNIX platforms. http://www.cryptzone.com/products/agmindterm/<br />
'''FreeSSH''' for Windows http://www.freessh.org/ keeps track of programs both free and commercial for SSH clients and implementaions.<br />
'''SecureCRT''' for windows. Commercial product. http://www.vandyke.com/products/securecrt/index.html<br />
<br />
'''Secure Copy''' (SCP) via SSH (page 495) <br />
<br />
SSH includes a file-copying command: scp It works like cp but you must specify the target computer You must use a colon at the end of this command to prevent renaming the file <br />
<br />
'''Secure FTP''' (SFTP) (page 495)<br />
<br />
Secure FTP is a subsystem of the ssh daemon. You can access the secure FTP server by using the sftp command line tool.<br />
Configuring Logins without Passwords<br />
SSH can be configured to allow logins without passing a password A security risk is if someone gains access to your account on the client, then they have your access to the server. To do this, you must generate a special key pair on the client, transfer the Public Key to the server, and place it in the ~/.ssh/authorized_keys file. <br />
Setting Up SSH Port Tunnels (page 491) <br />
SSH has the ability to encrypt other protocols and thus protect them in transit On the server side, must make sure that the /etc/ssh/sshd_config file has the option AllowTCPForwarding set to yes On the client side, you must establish a special SSH connection using the -N, -f, and the -L options. <br />
'''<br />
Chapter 24 Linux Administration: A Beginners Guide'''<br />
<br />
SAMBA – Chapter 24<br />
<br />
'''Samba Basics''' (page 548)<br />
<br />
Samba is a suite of applications for allowing UINX based systems to operate with Windows based operating systems. Samba provides file and print sharing services to Windows clients. It does this through the use of native Microsoft networking protocols SMB/CIFS. Samba has been ported to many number of platforms including most variants of UNIX and several non-unix environments. <br />
Samba Mechanics (page 548)<br />
<br />
The Linux password and login mechanism is different from Windows PDC (Primary Domain Controller) model and the Windows Active Directory model. It is important for system administrators to keep passwords and logins consistent across both platforms. Relative to Samba there are several options for handling username and password issuers. Some of these are: <br />
The Linux Pluggable Authentication Modules (PAM). Allows you to authenticate users against the PDC. This means you will have 2 users lists, one local and one on the PDC but users only need to remember one.<br />
Samba as PDC Allows you to keep all logins and passwords on the Linux system while all your windows systems authenticate with Samba.<br />
Roll your own solution using Perl Allows for the use of your own custom script. This can be done with WinPerl and Perl modules that allow changes to the Security Access manager (SAM) to update PDC’s password list.<br />
Encrypted Passwords - Windows uses encrypted passwords when communicating with the PDC and any server requiring authentication (including Linux and Samba). The encryption algorithm used by windows is different from UNIX so it is therefore not compatible. Your choices in dealing with this are 1) Edit the registry on windows clients to disable the use of encrypted passwords. (As of v3 of Samba, this is no longer necessary); or 2) Configure Samba to use encrypted passwords.<br />
<br />
'''Samba Daemons'''<br />
<br />
The Samba code is actually composed of several components. The book examines three.<br />
1. SMBD – handles the actual sharing of file systems and printer services<br />
2. NMBD – is responsible for handling NETBIOS name service requests<br />
3. WINBINDD – can be used to query native Windows servers for user and group information that can then be used on purely Linux/UNIX platforms<br />
<br />
'''Installing and Running Samba'''<br />
<br />
Can be installed using yum, apt-get, or can be done via source. Once installed Samba can be configured thru the command line. It can also be configured with Webmin using its GUI interface.</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Franske_Current_Student_Projects&diff=4294Franske Current Student Projects2011-04-06T16:32:55Z<p>Jacooch: /* CNT 2510 */</p>
<hr />
<div>=SPRING 2011=<br />
==CNT 2510==<br />
* List of resources that correspond to chapter for self study - John Cocchiarella<br />
<br />
==CNT 2520==<br />
* Add to and update [[Intro to IPv6]]<br />
* Create router/switch reference guide for CCNA 1 students<br />
* Update VirtualBox startup script and create instructions for moving VMs between home and school with new version of Virualbox<br />
<br />
=FALL 2010=<br />
==CNT 2311==<br />
* [[Understanding Linux Permission Sets]] - Casey McBride<br />
* [[How to Setup NAT|NAT with a Linux System]] - Tsega Terefe<br />
* Alphabetical Linux Command List - Don Bliss<br />
* Linux vs. Windows 7 vs. Mac OS X - Andrew Westin<br />
<br />
==CNT 2540==<br />
* Lab Maintenance - Samuel Francis<br />
* Update/Correct Frame Relay and ISDN Labs - Adam Nelson & Dan Martin<br />
<br />
<br />
=Spring 2011=<br />
==CNT 2612==<br />
* CatOS Guide, comparison to IOS - Mike Kaschner, Nouthou Vang, Mark Benolken</div>Jacoochhttps://wiki.ihitc.net/mediawiki/index.php?title=Franske_Current_Student_Projects&diff=4293Franske Current Student Projects2011-04-06T16:32:20Z<p>Jacooch: /* SPRING 2011 */</p>
<hr />
<div>=SPRING 2011=<br />
==CNT 2510==<br />
* List of resources that correspond to chapter for self study<br />
==CNT 2520==<br />
* Add to and update [[Intro to IPv6]]<br />
* Create router/switch reference guide for CCNA 1 students<br />
* Update VirtualBox startup script and create instructions for moving VMs between home and school with new version of Virualbox<br />
<br />
=FALL 2010=<br />
==CNT 2311==<br />
* [[Understanding Linux Permission Sets]] - Casey McBride<br />
* [[How to Setup NAT|NAT with a Linux System]] - Tsega Terefe<br />
* Alphabetical Linux Command List - Don Bliss<br />
* Linux vs. Windows 7 vs. Mac OS X - Andrew Westin<br />
<br />
==CNT 2540==<br />
* Lab Maintenance - Samuel Francis<br />
* Update/Correct Frame Relay and ISDN Labs - Adam Nelson & Dan Martin<br />
<br />
<br />
=Spring 2011=<br />
==CNT 2612==<br />
* CatOS Guide, comparison to IOS - Mike Kaschner, Nouthou Vang, Mark Benolken</div>Jacooch