Chapter 4. Class #4 - Networking, Routing & SSH

Table of Contents

Networking & Routing Introduction
Installing Networking
Networking Configuration
Networking as a Service
Commands to Manipulate Networking
Securing Networking
Additional Notes & Considerations for Networking
Intro to SSH
Installing SSH
SSH Configuration
SSH as a Service
Commands to Manipulate SSH
Securing SSH
Additional Notes & Considerations for SSH
Reference Material for this Chapter

This class covers some crucial information regarding general System Administration on Linux machines. A thorough understanding of Networking & SSH are crucial to passing the RHCSA/RHCE exam as well as survival and literacy in the world of System Administration.

Networking & Routing Introduction

The following information is crucial to proper networking on a Linux (or any other) machine. Various operating systems have different ways to configure these elements. However, these elements are crucial to proper networking.

Table 4.1. Crucial Networking Configuration Elements

Element Config File Command Description
IP Address '/etc/sysconfig/network-scripts/ifcfg-eth*' (and others). `ifconfig` Provides a unique identifier for the location of the machine on the network.
Subnet Mask '/etc/sysconfig/network-scripts/ifcfg-eth*' (and others). `ifconfig` Segments and assigns the machine to a particular group of machines.
Default Gateway '/etc/sysconfig/network-scripts/ifcfg-eth*' (and others). `ifconfig`[a] Directs outbound traffic to the proper location for routing purposes.
MAC Address '/etc/sysconfig/network-scripts/ifcfg-eth*' (and others). `ifconfig` Uniquely identifies the physical device or interface.
Routes '/etc/sysconfig/network-scripts/route-<name>' `route` Config file for static routes (where needed) that sends (routes) various traffic to the proper location.
Hostname '/etc/sysconfig/network' `hostname` Human-friendly name of the machine.
Domainname not sure where it's kept... `domainname` Used for NIS or LDAP identification.
Name Resolution '/etc/resolv.conf' and/or '/etc/hosts' `vi /etc/resolv.conf` or `vi /etc/hosts` Provides name to IP address resolution via DNS or static entries.

[a] See also the `route` command.


Installing Networking

The network service is typically installed by default on Linux systems. The service and/or configuration of devices may need to be verified after install if there is no network connectivity. Also remember to check and verify all physical devices, such as network cables, etc.

Networking Configuration

In addition to the config files that are listed in the networking table above, there are several other files that are important to proper network operation.

  1. '/etc/nsswitch' - provides ordered prioritizing of which protocols take precedence during network interaction.
  2. All files in '/etc/sysconfig/network-scripts' - check the contents of this directory for more information.
  3. See also the Table 4.1, "Crucial Networking Configuration Elements" above.
[Caution] Editing '/etc/sysconfig/network

The network config file '/etc/sysconfig/network' is modified by the command `system-config-network`, and a conflict may occur if it is manually edited.

Note the format of the '/etc/hosts' file shown below.

Figure 4.1. Format of the '/etc/hosts' File

Format of the '/etc/hosts' File

Networking as a Service

Networking has two controlling services. They are listed below with details.

NetworkManager
  1. RHEL6 default.
  2. Ideal for client systems and systems with dynamic network conditions.
  3. No support for bonding/bridging/aliases, etc.
The network service
  1. RHEL5 and earlier default.
  2. Ideal for systems with static network conditions.
  3. Bonding/bridging/aliases supported.

It's possible to switch between these two network services. To disable NetworkManager and enable network:

      # service NetworkManager stop; chkconfig NetworkManager off
      # service network start; chkconfig network on

To disable network and enable NetworkManager:

      # service network stop; chkconfig network off
      # service NetworkManager start; chkconfig NetworkManager on

It is possible to exempt a particular interface from control by NetworkManager, but leave it in control of other interfaces. This is accomplished by manually editing the interface configuration file in '/etc/sysconfig/network-scripts. In the interface configuration file of the interface to be exempted, insert the line:

    NM_CONTROLLED=no

Then, ensure both services are on and running. Configured interfaces can be brought up with the command `ifup eth<x>` or taken down with the command `ifdown eth<x>` regardless of whether they are managed by NetworkManager or not.

Commands to Manipulate Networking

Listed below are the most popular commands used to manipulate networking services, devices, and configuration.[8]

  1. `ifconfig`
  2. `system-config-network`
  3. `vi /etc/sysconfig/network-scripts/ifcfg-ethX`
  4. `ip a`
  5. `netstat`
  6. `route`
  7. `hostname`
  8. `dig`
  9. `nslookup`

The above list contains two commands (`dig` & `nslookup`) that are used for verifying DNS resolution. This topic is covered in more detail in Chapter 11, Class #11 - DNS & SMTP.

Securing Networking

The most crucial element to securing the network aspect of the system is the firewall. That facility will be covered in Chapter 5, Class #5 - Securing Linux: IP Tables, SELinux & TCP Wrappers.

Additional Notes & Considerations for Networking

There are changes on the horizon as Red Hat moves forward into new releases. The NetworkManager interface is slated to become more robust and replace manual interaction with the network service. Also, the way devices are named in the system (i.e. ifcfg-eth0) has been problematic in the past. This is slated to change in the future as well, and devices are to be named according to the physical bus to which they are attached.[9]

Quiz item: ask your instructor about `nmap`.



[8] Check the Man Pages Online Reference or local `man` pages for each command for further details.

[9] See Device Naming Scheme for more details.