Andrew Hudson - Fedora™ Unleashed, 2008 edition

► https://agora.cs.uiuc.edu/display/tsg/Technology+Services+Group+Home— Wireless networking using Red Hat Linux at the Computing Research Laboratory (CRL) , the information technology support group for the Department of Computer Science at the University of Illinois at Urbana-Champaign.

► http://www.sorgonet.com/network/wirelessnoap/— Building a wireless network without using an access point, using Red Hat 8.0.

► Sams Teach Yourself TCP/IP Network Administration in 21 Days , Sams Publishing, ISBN: 0-672-31250-6

► TCP/IP Network Administration , O'Reilly Publishing, ISBN: 1-56592-322-7

► Practical Networking , Que Publishing, ISBN: 0-7897-2252-6

► The DHCP Handbook , Sams Publishing, ISBN: 0-672-32327-3

The ability to control your system remotely is one of the high points of Fedora Core Linux — you can connect from any Linux box to another Linux box in a variety of ways. If you just want to check something quickly or if you have limited bandwidth, you have the option of using only the command line, but you can also connect directly to the X server and get full graphical control.

Understanding the selection of tools available is largely a history lesson. For example, Telnet was an earlier way of connecting to another computer through the command line, but it has since been superseded by SSH. That is not to say that you should ignore Telnet; you need to know how to use it so that you have it as a fallback. However, SSH is preferred because it is more secure. We cover both in this chapter.

Please keep in mind that although Telnet is worth keeping around as a fail-safe, last-resort option, SSH is superior in virtually every way. Telnet is fast but also insecure. It sends all your text, including your password, in plain text that can be read by anyone with the right tools. SSH, on the other hand, encrypts all your communication and so is more resource intensive but secure—even a government security agency sniffing your packets for some reason would still have a hard time cracking the encryption.

Andy Green, posting to the fedora-listmailing list, summed up the Telnet situation perfectly when he said, "As Telnet is universally acknowledged to encourage evil, the service telnetd is not enabled by default." It is worthwhile taking the hint: Use Telnet as a last resort only.

Having been superseded by SSH, you will find the Telnet server installation packages under Legacy Network Server in the Add or Remove Packages dialog box. You need to select it from the Details selection because it is not one of the default selections for the package group. After it's installed, select System Settings, Server Settings, Services and enable Telnet for runlevel 5. Note your IP address while you are here (switch to root and run ifconfig).

With that done, you can now fire up your other Linux box and type telnet < your IP > . If you are unsure of your IP address, switch to root and use the ifconfig command. You are prompted to enter your username and password. The whole conversation should look like this:

[paul@susannah ~]$ telnet 10.0.0.1

Trying 10.0.0.1...

Connected to 10.0.0.1 (10.0.0.1)

Escape character is '^]'.

Welcome to Caitlin

Running Fedora

* All access is logged *

login: paul

Password:

Last login: Sat Jul 9 12:05:41 from 10.0.0.5

[paul@caitlin ~]$

Note that the server responds with Welcome to Caitlin, running Fedora, which is a customized message. Your machine will probably respond with Fedoraand your kernel version. This is insecure: Giving away version numbers is never a smart move. In fact, even saying Fedorais questionable. Edit the issueand issue.netfiles in your /etcdirectory to change these messages.

Running the wcommand now shows you as connecting from the external IP address.

The OpenSSH server is set up to be automatically installed and run in Fedora, which means it should already be working on your system. However, if you have disabled it, you can re-enable it by selecting System Settings, Server Settings, Services and selecting the sshd box. As you might have gathered, sshdis the name for the SSH server daemon.

Two different versions of SSH exist, called SSH1 and SSH2. The latter is newer, is more secure, comes with more features, and is the default in Fedora Core Linux. However, support for SSH1 clients is also left enabled by default so that older clients can connect. Because it is less secure, you should disable SSH1 if you have no one who specifically relies on it.

To do this, edit the /etc/ssh/sshd_configfile and look for this line:

#Protocol 2,1

Edit this line so that it becomes:

Protocol 2

This removes the comment sign (#) and tells sshdthat you want it to only allow SSH2 connections. Save the file and exit your editor. The next step is to tell sshdto reread its configuration file, by executing this command:

kill -HUP `cat /var/run/sshd.pid`

If this returns cat: /var/run/sshd.pid: No such file or directory, it means you didn't have sshdrunning. Next time you start it, it reads the configuration file and uses SSH2 only.

You can test this change by trying to connect to your SSH server in SSH1 mode. From the same machine, type this:

ssh -1 localhost

The -1switch forces SSH1 mode. If you successfully forced the SSH2 protocol, you should get the message Protocol major versions differ: 1 vs. 2.

To the surprise of many, OpenSSH actually comprises a suite of tools. You have already seen ssh, the secure shell command that connects to other machines, and sshd,the SSH server daemon that accepts incoming SSH connections. However, there is also sftp,a replacement for ftp,and scp, a replacement for rcp.

You should already be familiar with the ftpcommand because it is the lowest-common- denominator system for handling FTP file transfers. Like Telnet, though, ftpis insecure: It sends your data in plain text across the network and anyone can sniff your packets to pick out a username and password. The SSH replacement, sftp,puts FTP traffic over an SSH link, thus securing it.

The rcpcommand might be new to you, largely because it is not used much anymore. Back in its day, rcpwas the primary way of copying a single file to another server. As with ftp, scpreplaces rcpby simply channeling the data over a secure SSH connection. The difference between sftpand scpis that the former allows you to copy many files, whereas the latter sends just one.

The most basic use of the scpcommand is to copy a file from your current machine to a remote machine. You can do that with the following command:

scp test.txt 10.0.0.1:

The first parameter is the name of the file you want to send, and the second is the server to which you want to send it. Note that there is a colon at the end of the IP address. This is where you can specify an exact location for the file to be copied. If you have nothing after the colon, as in the previous example, scpcopies the file to your home directory. As with SSH, scpprompts you for your password before copying takes place.