|
Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers |
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix |
Extracted from Professor Nikolai Bezroukov unpublished lecture notes.
Copyright 2010-2018, Dr. Nikolai Bezroukov. This is a fragment of the copyrighted unpublished work. All rights reserved.
NOTE: Exercises are partially derived from:
On the exam you will work with the server directly. But s multiple servers are used you need to connect to them via ssh. To speed up the work you need to work with multiple windows and on other methods to increase you productivity in command line environment. One of such methods is to use screen -- terminal multiplexor which is included in RHEL ISO. It allow open multiple terminal windows (one for each directory you are using on the remote server) and this save time on switching between various, sometimes deeply nested directories.
The other more complex, time consuming and risky method (for the exam) is to try to install GUI and use GUI environment, if it was not provided by default. During training you preferably should use GUI environment as it more convenient. If you connect from Windows laptop you can also use multiple terminals.
In a non=graphical environment, you just have a set of six virtual consoles -- six terminal windows. To switch use Alt+F1 through Alt+F6.
Tip: A convenient alternative to using the Alt+F1 Alt-F6 in non-graphical environment when you access the console directly (if and only if you access the console directly, ssh session does not qualify) is offered by the chat command which is installed by default of RHEL7. For example, type chvt 3. This brings you to a login prompt on virtual terminal 3. Switch back to the graphical environment using the chvt 1 command.
The first virtual terminal is so called the default console. the first corresponds to the device /dev/tty1. The other virtual consoles to devices /dev/tty2 through /dev/tty6.
The graphical environment is the most convenient environment to work as it allow open any number of terminal sessions (aka virtual consoles) on the screen. And if you have large display you can position 4 terminal sessions on the screen which make working with multiple sessions very convenient.
Gnome also has multiple virtual screen, which is another big advantage as you can have several sets of terminal session on different virtual screens.
If you connect from windows you can open multiple session via your terminal emulator and also potion then side byside on the screen. Window does not have multiple virtual screens though.
NOTE:
When you connect via ssh you connect to so called pseudo terminals. These pseudo terminals are corresponds to devices /dev/pts directory. The first is /dev/pts/1, the second is /dev/pts/2, and so on. You can see then if you type the command last
[0][email protected]:/mnt/Packages # last bezroun pts/0 ool-44c79867.dyn Mon Oct 15 22:41 still logged in reboot system boot 3.10.0-862.14.4. Mon Oct 15 22:37 - 05:35 (06:57) bezroun pts/1 ool-44c79867.dyn Sun Oct 14 08:45 - 06:04 (21:18) bezroun pts/0 ool-44c79867.dyn Sun Oct 14 08:32 - 06:04 (21:31) reboot system boot 3.10.0-862.14.4. Sun Oct 14 08:23 - 06:04 (21:40) bezroun pts/0 ool-44c79867.dyn Sat Oct 13 22:30 - 05:03 (06:32) reboot system boot 3.10.0-862.14.4. Sat Oct 13 22:29 - 05:04 (06:35) bezroun pts/0 ool-44c79867.dyn Fri Oct 12 22:27 - 05:02 (06:35) bezroun pts/0 ool-44c79867.dyn Fri Oct 12 17:43 - 21:02 (03:18) reboot system boot 3.10.0-862.14.4. Fri Oct 12 17:43 - 05:02 (11:19) alterego pts/1 ool-44c79867.dyn Fri Oct 12 04:16 - 05:03 (00:47) bezroun pts/0 ool-44c79867.dyn Fri Oct 12 02:33 - 05:03 (02:30)
In this exercise, you learn how to work with pseudo terminals. You also learn how to get more information on user activity on specific pseudo interfaces.
1. Login via ssh to your test server. Switch to root.
2. From the terminal window, type w. This will give an overview of all users who are currently logged in.
[0][email protected]:/mnt/Packages # w 05:37:28 up 6:59, 1 user, load average: 0.00, 0.01, 0.05 USER TTY FROM [email protected] IDLE JCPU PCPU WHAT bezroun pts/0 dsk-44 22:41 0.00s 0.32s 0.20s sshd: bezroun [priv]
In RHEL7 to issue a proper reboot you need to use the systemd. The "addition" to RHEL7 make administration of RHEL7 drastically different from administration of RHEL6 and this is not a good thing. So now you need use:
The systemctl poweroff command should shut off power on the machine. While systemctl halt should shutdown and then hang the server without switching the power off.
When other users are login issuing systemd reboot and similar commands is dangerous as those you might not be able to save their work. You need to warn them first.
Note: systemd is very complex and thus notoriously unreliable (and problems with it significantly slowed down adoption of RHEL7 in enterprise environment) and might not work if the server is malfunctioning. In such cases you need to try to force a machine to reset, you can try to type echo b > /proc/sysrq-trigger. This command immediately resets the machine without saving anything. Of course, this command should be used only if there are no other options!
Those days sysadmins typically connect to servers from corporate Windows laptop in his/her office or cubical. And often servers are in remote locations, that if are not physically accessible. To manage these servers, Secure Shell (SSH) is normally used. In this section, you learn how to work with SSH.
In RHEL7 ssh service (sshd daemon) is running by default and offering services at port 22, and it not blocked by the firewall. You use iether terminal emulator like PuTTY or if you are on other linux server command like ssh command to reach the other server. The ssh command by default uses port 22. If you ssh server was reconfigured to run on other port (which happen in some Web hosting companies), use ssh -p followed by the port number you want to connect to.
to connect to other Linux server from a Linux session just type ssh followed by the name of the other Linux machine. For example
ssh test02
ssh will try to connect you as the same user ID under which you are logged on the first machine (for example root). If you need other user you need specify the name. For example
ssh [email protected]
If, for example, you are logged as regular use on you current server and want to connect as root to the other server you need to use the command ssh [email protected].
An alternative way of specifying the user account is by using the option -l userID. So, ssh remoteserver -l root test02 will try to establish a root session to the remote server test02
NOTE: On Windows there is reach choice of terminal emulators including Teraterm and MobaXterm. The latter is so called "rich" terminal emulator and also offers major Unix command in windows environment as well as the ability to transfer files.
1. From the root shell on server1 type systemctl status sshd. This command in RHEL7 replaces server command of RHEL6 and allows to determine the status of this service.
2. To avoid any firewall-related problems, type systemctl stop firewalld. (this product of systemd team replaced iptables and you you learn how to configure this firewall to limit traffic).
3. Type ip a | grep 'inet '. (Notice the space between inet and the closing quote. Command ip is also a "new brave world", although unlike farewald it has some advantages over ifconfig command ( unlike firewalld it also was available in RHEL6 )
[0][email protected]:/mnt/Packages # ip a | grep 'inet ' inet 127.0.0.1/8 scope host lo inet 10.0.0.4/24 brd 10.0.0.255 scope global eth0
That is a new way to determine the IPv4 address on RHEL7 server tha tyou now is supposed to know. But old good command ifconfig -a is still availbe too:
[0][email protected]:/mnt/Packages # ifconfig -a eth0: flags=4163mtu 1500 inet 10.0.0.4 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::20d:3aff:fe14:13ca prefixlen 64 scopeid 0x20 ether 00:0d:3a:14:13:ca txqueuelen 1000 (Ethernet) RX packets 3483378 bytes 4885873205 (4.5 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 812773 bytes 105224318 (100.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
4. Now type cat /etc/hosts and determine ip of your second server. Let's assume that it is 10.0.0.5
5. On server1, type ssh -l root 10.0.0.5 This connects to the sshd process on test02 server and opens a root shell.
6. Before being prompted for a password, you see a message indicating that the authenticity of host 10.0.0.5 cannot be established. This message is shown because the host you are connecting to is not yet known on your current host, which might involve a security risk. that also is normal message if the remote server has never been contacted before and therefore there is no way to verify the identity of the remote server. After connecting to the remote server, a public key fingerprint is stored in the file ~/.ssh/known_hosts. Type yes to continue. You should not be prompted if you connect the second time.
7. When prompted, enter the root password. After entering it, you now are logged in to test02 and can investigate it. To terminate this session type exit
NOTES:
If you connect to other computer form terminal window in GUI environment you might wish to see X11 screen of the terget computer too. It is possible if X server is running of target computer too. If this is the case you can add option -X to the ssh command. for example ssh -X [email protected] you can also create a systemwide configuration that allows you to use “X forwarding,” which is starting graphical applications through an SSH session. As root, open the configuration file /etc/ssh/ssh_config and make sure it includes the following line:
ForwardX11 yes
The next time you use the ssh command, X forwarding will be available by default.
Instead of using password for authentication ssh provide more secure method based on you a public/private key pair. The private key needs to be kept private and will never be distributed outside server on which it was generated. The public key is stored in the home directory of the target user on each og the servers you want to communicate with
When authenticating using key pairs, the ssh client generates a hash derived from the private key. This hash is sent to the server, then the server sends something bask to complete authentication. This is called ssh handshake.
To create a key pair, use the ssh-keygen command. The ssh-copy-id command is used to copy the public key to the target server.
When creating a public/private key pair, you are prompted for a passphrase. If you want maximal security, you should enter a passphrase. If not you can skip this step and get so called passwordless public/private paie which is still more secure then any password based authentication and is enough for most purposes outside financial and military applications. You should never transfer your private key using unencrypted channel, or send it by email, though.
Creating Public/Private Keys and distribution private key to the target server
NOTE: if multiple users are using keys to log in with that specific account, the authorized_keys file may contain several public keys. If you accidentally overwrite this file, you will destroy ability of other users to login on the server using ssh private key authentication
scp command allow to transmit files form computer to another using secure encrypted channel. For example, to transfere the /etc/hosts file to the /tmp directory on test02 server using your current user account, use the following command:
scp /etc/hosts test02:/tmp
You can also use scp to copy an entire subdirectory structure. To do so, use the -r command, as in the following command:
scp -r /etc test02:/tmp
that creates a backup copy of /etc of server test01 on server test01. which is useful for transfering common files to another server. It also allow you to restore files if you did something wrong in your /etc/directory on server test01.
ssh test01 mv /root/.bash_profile /root/.bash_profile.default ssh test01 mv /root/.bashrc /root/.bashrc.default scp /root/.bash_profile /root/.bashrc test02:/root
This command transfer you modified files .bash_profile and .bashrc (with added aliases) to server test02. That makes working as root on server test02 more convenient. Old files are overwritten so we make backup of them first.
NOTES:
The screen command allows you to multiplex single session. It does not just allow you to run multiple terminals, but also allows you to share a session with other users, or to detach to remote terminal sessions and later resume it getting exactly the same environment as when you left.
Screen is not installed by default but is available from Red Hat RPM. To install it use the yum install -y screen command. Then, type screen to open a screen session. After installation the most important file to know about is screen configuration file which is located in etc directory:
[email protected]:/home/bezroun # rpm -ql screen /etc/pam.d/screen /etc/screenrc
You need to make at least three changes in the /etc/screenrc to make screen more user friendly:
[0][email protected]:/etc # egrep "^#autodetach|#shell|caption always" /etc/screenrc #autodetach off #shell -$SHELL # caption always "%3n %t%? @%u%?%? [%h]%?%=%c" # caption always "%{wk}%?%-Lw%?%{bw}%n*%f %t%?(%u)%?%{wk}%?%+Lw %=%{mk}@%H %{yk}%D %{ck}%M%{wk} %{ck}%d %{gk}%c"
After that screen is workable condition and you can start screen session by simply typing screen on the command line. You will get terminal window with the last line reserved for screen information. and can type any command it in it. If you close session, screen autodetach its session and it will be preserved so if you connect letter you can connect to is by typing screen -r and get the same environment which you left. Which in most cases is a big productivity booster.
NOTE: line mc (Midnight commander screen can initially intimidating if you want to use its full capabilities. In this case you need to know around a dozen of command which start with prefix Ctrl-A (see below). Custom screenrc can help (see .screenrc examples).
Those who find it difficult can find the package byobu available from EPEL repository which originated in Ubuntu and provide more user friendly screen interface and ton of bells and whistles. After installation of the package just type byobu-screen and perform configuration by pressing F9. I did not find this package useful because it is way too complex. But it is written in bash and as such can be a useful example of extending screen capabilities. That's probably the main value of the package.
The screen command is particularly useful on remote server (in our setup this test02 server). In this case when you connect to this server after disconnecting you are able to return in the same environment that you had left previous time, includes current working directory and value of env variables.
As this is command line utility it has a set of commands. Every screen command is started with the Ctrl+A key sequence. To get help type Ctrl+A, ?. This shows a list of all commands that are available. An important command to remember is Ctrl+A, /, which will close the screen session. Make sure to remove screen sessions that you do not need anymore, otherwise they will stay active until the next time you reboot your server!
All you need to know to work with screen is 12 command listed below:
To learn how to use screen please do the following exercise:
If while trying to attach to a screen session you get a message that multiple screen sessions are currently running, you need to be more specific. To find out which screen sessions currently are running, use the screen -ls command. In this case you need to adding the number of the screen session to the screen -r command to reconnect to the particular session.
NOTE: You can also use screen to work together with other users in the same session. So they are able to see what you are doing in your teminal session. The second user can just connect to your pre-existing screen session using screen -x command. If multiple screen instances are running you need to provide the name of the the instance from screen -ls command.
Here are common screen command (from How do I Use Multiple Screens on One Terminal over ssh session - nixCraft
screen command Task Ctrl+a c Create new window Ctrl+a k Kill the current window / session Ctrl+a w List all windows Ctrl+a 0-9 Go to a window numbered 0 9, use Ctrl+a w to see number Ctrl+a Ctrl+a Toggle / switch between the current and previous window Ctrl+a S Split terminal horizontally into regions and press Ctrl+a c to create new window there Ctrl+a :resize Resize region Ctrl+a :fit Fit screen size to new terminal size. You can also hit Ctrl+a F for the the same task Ctrl+a :remove Remove / delete region. You can also hit Ctrl+a X for the same taks Ctrl+a tab Move to next region Ctrl+a D (Shift-d) Power detach and logout Ctrl+a d Detach but keep shell window open Ctrl-a Ctrl-\ Quit screen Ctrl-a ? Display help screen i.e. display a list of commands
![]() |
![]() |
![]() |
Working with Linux Screen Windows
When you start a new screen session by default it creates a single window with a shell in it.
You can have multiple windows inside a Screen session.
To create a new window with shell type
Ctrl+a
c
, the first available number from the range0...9
will be assigned to it.Bellow are some most common commands for managing Linux Screen Windows:
Ctrl+a
c
Create a new window (with shell)Ctrl+a
"
List all windowCtrl+a
0
Switch to window 0 (by number )Ctrl+a
A
Rename the current windowCtrl+a
S
Split current region horizontally into two regionsCtrl+a
|
Split current region vertically into two regionsCtrl+a
tab
Switch the input focus to the next regionCtrl+a
Ctrl+a
Toggle between current and previous regionCtrl+a
Q
Close all regions but the current oneCtrl+a
X
Close the current regionDetach from Linux Screen Session
You can detach from the screen session at anytime by typing:
Ctrl+a
d
The program running in the screen session will continue to run after you detach from the session.
To resume your screen session use the following command:
Copyscreen -r
In case you have multiple screen sessions running on you machine you will need to append the screen session ID after the
r
switch.To find the session ID list the current running screen sessions with:
Copyscreen -ls
CopyThere are screens on: 10835.pts-0.linuxize-desktop (Detached) 10366.pts-0.linuxize-desktop (Detached) 2 Sockets in /run/screens/S-linuxize.
If you want to restore screen 10835.pts-0, then type the following command:
Copyscreen -r 10835
When screen is started it reads its configuration parameters from
/etc/screenrc
and~/.screenrc
if the file is present. We can modify the default Screen settings according to our own preferences using the.screenrc
file.Here is a sample
~/.screenrc~/.screenrc
configuration with customized status line and few additional options:# Turn off the welcome message startup_message off # Disable visual bell vbell off # Set scrollback buffer to 10000 defscrollback 10000 # Customize the status line hardstatus alwayslastline hardstatus string '%{= kG}[ %{G}%H %{g}][%= %{= kw}%?%-Lw%?%{r}(%{W}%n*%f%t%?(%u)%?%{r})%{w}%?%+
Google matched content |
Passwordless login
Society
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
Quotes
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Bulletin:
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
History:
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
Classic books:
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|
You can use PayPal to to buy a cup of coffee for authors of this site |
Disclaimer:
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.
Last modified: December 13, 2020