User Tools

Site Tools


network-and-communication

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
network-and-communication [2019/10/07 12:04]
Miroslav Bernát
network-and-communication [2020/05/25 19:02] (current)
Miroslav Bernát
Line 28: Line 28:
 | **iwconfig** <​device>​\\ **iwconfig** <​device>​ <​option>​ | prints the status of a wireless network interface\\ configures a wireless network interface, **essid** <​network_name>​ network name, **ap** <​AP_address>​ access point address, **mode** <​mode>​ card mode („Managed“ = client, „Master“ = access point), **key** <key> encrypted transfer\\ ''#​ iwconfig eth1 essid AP_profik ap 00:​60:​1D:​01:​23:​45 key 0123-4567-89 mode Managed''​ | | **iwconfig** <​device>​\\ **iwconfig** <​device>​ <​option>​ | prints the status of a wireless network interface\\ configures a wireless network interface, **essid** <​network_name>​ network name, **ap** <​AP_address>​ access point address, **mode** <​mode>​ card mode („Managed“ = client, „Master“ = access point), **key** <key> encrypted transfer\\ ''#​ iwconfig eth1 essid AP_profik ap 00:​60:​1D:​01:​23:​45 key 0123-4567-89 mode Managed''​ |
 | **iwlist** <​device>​ <​option>​ | prints detailed information from a wireless interface, **scan** prints available wireless networks including IP addresses of access points, frequency, mode, encryption and quality | | **iwlist** <​device>​ <​option>​ | prints detailed information from a wireless interface, **scan** prints available wireless networks including IP addresses of access points, frequency, mode, encryption and quality |
-| **nmcli** (<​object>​ <​command>​ (<​argument>​%%))%% | controls NetworkManager (creates, deletes, displays, edits, activates and deactivates network profiles, as well as controls and displays network device status); profile (connection) = collection of settings that can be configured for a specified device, each profile has a name or ID that identifies it\\ ''​$ nmcli dev status''​\\ (displays device status)\\ ''​$ nmcli dev show enp3s0''​\\ (displays the settings for a specified device)\\ ''​$ nmcli con show''​\\ (displays all profiles)\\ ''​$ nmcli con show --active''​\\ (displays only the active profiles)\\ ''​$ nmcli con show enp3s0''​\\ (displays all configuration settings for a specified profile)\\ ''#​ nmcli con add con-name static ifname enp3s0 type ethernet ipv4.method manual ipv4.address 192.168.15.105/​24 ipv4.gateway 192.168.15.1 ipv4.dns 192.168.15.1''​\\ (creates a new profile "​static"​ with a specified IP address, network prefix, default gateway and DNS)\\ ''#​ nmcli con mod static +ipv4.address 192.168.15.106/​24''​\\ (modifies a profile adding another IP address)\\ ''#​ nmcli con up static''​\\ (activates a profile)\\ ''#​ nmcli con mod static connection.id primary''​\\ (renames a profile to "​primary"​)\\ ''#​ nmcli con mod enp3s0 autoconnect no''​\\ (disables the original profile from autostarting at boot)\\ ''#​ nmcli con reload''​\\ (reloads the configuration file changes)\\ ''#​ nmcli con del enp3s0''​\\ (deletes profile "​enp3s0"​) |+| **nmcli** (<​object>​ <​command>​ (<​argument>​%%))%% | controls NetworkManager (creates, deletes, displays, edits, activates and deactivates network profiles, as well as controls and displays network device status); profile (connection) = collection of settings that can be configured for a specified device, each profile has a name or ID that identifies it\\ ''​$ nmcli dev status''​\\ (displays device status)\\ ''​$ nmcli dev show enp3s0''​\\ (displays the settings for a specified device)\\ ''​$ nmcli con show''​\\ (displays all profiles)\\ ''​$ nmcli con show --active''​\\ (displays only the active profiles)\\ ''​$ nmcli con show enp3s0''​\\ (displays all configuration settings for a specified profile)\\ ''#​ nmcli con add con-name static ifname enp3s0 type ethernet ipv4.method manual ipv4.address 192.168.15.105/​24 ipv4.gateway 192.168.15.1 ipv4.dns 192.168.15.1''​\\ (creates a new profile "​static"​ with a specified IP address, network prefix, default gateway and DNS)\\ ''#​ nmcli con mod static +ipv4.address 192.168.15.106/​24''​\\ (modifies a profile adding another IP address)\\ ''#​ nmcli con mod static +ipv4.routes 192.168.15.0/​24 10.10.10.1''​\\ (modifies a profile adding a static route)\\ ''#​ nmcli con up static''​\\ (activates a profile)\\ ''#​ nmcli con mod static connection.id primary''​\\ (renames a profile to "​primary"​)\\ ''#​ nmcli con mod enp3s0 autoconnect no''​\\ (disables the original profile from autostarting at boot)\\ ''#​ nmcli con reload''​\\ (reloads the configuration file changes)\\ ''#​ nmcli con del enp3s0''​\\ (deletes profile "​enp3s0"​) |
 | **tcpdump** | prints traffic on a network, **-i** <​device>​ specifies a specified interface (the first one by default), **port** <​port>​ specified port, **tcp**/​**udp**/​**icmp** particular protocol, **host** <​host>​ between a specified host, **ether host** <​MAC_address>​ between a specified MAC address, **-n** prints IP addresses, **-v** detailed output\\ ''#​ tcpdump -i eth0 -nv port 22''​\\ ''#​ tcpdump -nv ether host 00:​02:​3F:​09:​FA:​F1''​ | | **tcpdump** | prints traffic on a network, **-i** <​device>​ specifies a specified interface (the first one by default), **port** <​port>​ specified port, **tcp**/​**udp**/​**icmp** particular protocol, **host** <​host>​ between a specified host, **ether host** <​MAC_address>​ between a specified MAC address, **-n** prints IP addresses, **-v** detailed output\\ ''#​ tcpdump -i eth0 -nv port 22''​\\ ''#​ tcpdump -nv ether host 00:​02:​3F:​09:​FA:​F1''​ |
 | **ifstat** (<​device>​) | displays network traffic statistics – the size of received and transmitted data on all or specified network interfaces | | **ifstat** (<​device>​) | displays network traffic statistics – the size of received and transmitted data on all or specified network interfaces |
Line 40: Line 40:
 | **iptables** (**-t** <​table>​) <​option>​ <​chain>​ <​specification>​ <​target>​ | sets up and maintains firewall rules in the network; table „filter“ is used for packets filtering (default) and contains builtin chains „INPUT“ for incoming packets, „OUTPUT“ for outgoing packets and „FORWARD“ for packet forwarding between the networks, table „nat“ is used for IP address translations and port forwarding with chain „PREROUTING“ for incoming packets, „OUTPUT“ for altering locally-generated packets before routing and „POSTROUTING“ for outgoing packets, table „mangle“ is used for specialized packet alterations and contains all the above chains; the correct firewall setup strictly depends on the particular rules order listed in ///​etc/​sysconfig/​iptables//;​ option **-I** (<n>) inserts a rule at the head of the chain or in the selected chain specified by the rule number, **-A** appends a rule to the end of the selected chain, **-D** (<n>) deletes a rule from the selected chain, **-L** lists all rules in the selected chain, if no chain is selected, all chains are listed; option **-n** prints IP addresses and ports in a numeric format, **-v** prints the number of packets and bytes for each rule including the protocol and interface, **--line-numbers** numbers the rules of a particular chain (useful for further use with option „-I“ or „-D“), **-F** removes the rules for a particular chain, if no chain is selected, all rules are removed, **-P** sets the default policy for the chain (all is allowed by default), **-N** creates a new user-defined chain by the specified name, usually used for more detailed specifications of the rules (a default policy cannot be applied for these chains), **-X** removes a user-defined chain; follows the rule specification **-i** <​interface>​ input interface, **-o** <​interface>​ output interface, **-s** <​address>​ source address, **-d** <​address>​ destination address, **-p** <​protocol>​ type of protocol, **-m** <​module>​ rule extension (**state** --state <​connection_type>​ specifies the connection type – NEW new connection, ESTABLISHED existing connection, RELATED new connection related to an already existing communication,​ INVALID invalid connection meaning the packets cannot be identified; **time** specifies the time of connection --timestart <​hh:​mm>,​ --timestop <​hh:​mm>,​ --monthdays <​day_in_month>,​ --weekdays <​day_in_week>;​ **iprange** --src-range / --dst-range <​IP-IP>​ specifies the range of source/​destination addresses; **limit** --limit <​n>/<​**s** / **m** / **h** / **d**> specifies the time value, --limit-burst <n> specifies the number of packets), **--sport** <​port>​ source port, **--dport** <​port>​ destination port; and finally **-j** <​target>​ specifies how to deal with the packets – for table „filter“ ACCEPT = accept, DROP = drop, LOG = log the packets, REJECT = send back an error packet in response to the matched packet, for table „nat“ SNAT --to <​IP_address>​ = change the source address, DNAT --to <​IP_address>​ = change the destination address, REDIRECT --to-ports <​port>​ = redirect the port\\ ''#​ iptables -nvL --line-numbers''​\\ (prints the firewall rules in detailed output)\\ ''#​ iptables -P INPUT DROP''​\\ (drops all incoming packets)\\ ''#​ iptables -I INPUT -s 147.229.28.4 -j DROP''​\\ (drops all packets incoming from the particular IP address)\\ ''#​ iptables -A INPUT -p tcp --dport 22 -j DROP''​\\ (drops all packets incoming to the particular port)\\ ''#​ iptables -A INPUT -p tcp --dport 443 -j REJECT''​\\ (sends information about the service unavailability)\\ ''#​ iptables -I OUTPUT -d '​!'​ 147.229.28.4 -j DROP''​\\ (allows only packets outgoing to the particular IP address)\\ ''#​ iptables -A OUTPUT -o eth0 -d 192.168.0.0/​24 -j ACCEPT''​\\ (allows only packets outgoing from the particular interface to the local network)\\ ''#​ iptables -A OUTPUT -d upc.cz -p tcp --dport 80 -j DROP''​\\ (disallows to display the particular URL)\\ ''#​ iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport '​!'​ 80 -j DROP''​\\ (allows packet redirections only to port 80)\\ ''#​ iptables -A INPUT -p tcp –dport 50:55 -m iprange --src-range 192.168.0.1-192.168.0.10 -j ACCEPT''​\\ (allows port range of 50-55 for particular IP addresses)\\ ''#​ iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 2 -j ACCEPT''​\\ (limits the number of „ping“ requests to 2 per 1s)\\ ''#​ iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3250''​\\ (redirects the particular port)\\ ''#​ iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.0.2:​8080''​\\ (alters the destination IP address and port of the service)\\ ''#​ iptables -A INPUT -j LOG''​\\ (logs all packets that do not meet any of the configured rules to ///​var/​log/​messages//​)\\ ''#​ iptables -D INPUT 5''​\\ (drops a rule on the 5th order in the list of „INPUT“ chain) | | **iptables** (**-t** <​table>​) <​option>​ <​chain>​ <​specification>​ <​target>​ | sets up and maintains firewall rules in the network; table „filter“ is used for packets filtering (default) and contains builtin chains „INPUT“ for incoming packets, „OUTPUT“ for outgoing packets and „FORWARD“ for packet forwarding between the networks, table „nat“ is used for IP address translations and port forwarding with chain „PREROUTING“ for incoming packets, „OUTPUT“ for altering locally-generated packets before routing and „POSTROUTING“ for outgoing packets, table „mangle“ is used for specialized packet alterations and contains all the above chains; the correct firewall setup strictly depends on the particular rules order listed in ///​etc/​sysconfig/​iptables//;​ option **-I** (<n>) inserts a rule at the head of the chain or in the selected chain specified by the rule number, **-A** appends a rule to the end of the selected chain, **-D** (<n>) deletes a rule from the selected chain, **-L** lists all rules in the selected chain, if no chain is selected, all chains are listed; option **-n** prints IP addresses and ports in a numeric format, **-v** prints the number of packets and bytes for each rule including the protocol and interface, **--line-numbers** numbers the rules of a particular chain (useful for further use with option „-I“ or „-D“), **-F** removes the rules for a particular chain, if no chain is selected, all rules are removed, **-P** sets the default policy for the chain (all is allowed by default), **-N** creates a new user-defined chain by the specified name, usually used for more detailed specifications of the rules (a default policy cannot be applied for these chains), **-X** removes a user-defined chain; follows the rule specification **-i** <​interface>​ input interface, **-o** <​interface>​ output interface, **-s** <​address>​ source address, **-d** <​address>​ destination address, **-p** <​protocol>​ type of protocol, **-m** <​module>​ rule extension (**state** --state <​connection_type>​ specifies the connection type – NEW new connection, ESTABLISHED existing connection, RELATED new connection related to an already existing communication,​ INVALID invalid connection meaning the packets cannot be identified; **time** specifies the time of connection --timestart <​hh:​mm>,​ --timestop <​hh:​mm>,​ --monthdays <​day_in_month>,​ --weekdays <​day_in_week>;​ **iprange** --src-range / --dst-range <​IP-IP>​ specifies the range of source/​destination addresses; **limit** --limit <​n>/<​**s** / **m** / **h** / **d**> specifies the time value, --limit-burst <n> specifies the number of packets), **--sport** <​port>​ source port, **--dport** <​port>​ destination port; and finally **-j** <​target>​ specifies how to deal with the packets – for table „filter“ ACCEPT = accept, DROP = drop, LOG = log the packets, REJECT = send back an error packet in response to the matched packet, for table „nat“ SNAT --to <​IP_address>​ = change the source address, DNAT --to <​IP_address>​ = change the destination address, REDIRECT --to-ports <​port>​ = redirect the port\\ ''#​ iptables -nvL --line-numbers''​\\ (prints the firewall rules in detailed output)\\ ''#​ iptables -P INPUT DROP''​\\ (drops all incoming packets)\\ ''#​ iptables -I INPUT -s 147.229.28.4 -j DROP''​\\ (drops all packets incoming from the particular IP address)\\ ''#​ iptables -A INPUT -p tcp --dport 22 -j DROP''​\\ (drops all packets incoming to the particular port)\\ ''#​ iptables -A INPUT -p tcp --dport 443 -j REJECT''​\\ (sends information about the service unavailability)\\ ''#​ iptables -I OUTPUT -d '​!'​ 147.229.28.4 -j DROP''​\\ (allows only packets outgoing to the particular IP address)\\ ''#​ iptables -A OUTPUT -o eth0 -d 192.168.0.0/​24 -j ACCEPT''​\\ (allows only packets outgoing from the particular interface to the local network)\\ ''#​ iptables -A OUTPUT -d upc.cz -p tcp --dport 80 -j DROP''​\\ (disallows to display the particular URL)\\ ''#​ iptables -A FORWARD -i eth0 -o eth1 -p tcp --dport '​!'​ 80 -j DROP''​\\ (allows packet redirections only to port 80)\\ ''#​ iptables -A INPUT -p tcp –dport 50:55 -m iprange --src-range 192.168.0.1-192.168.0.10 -j ACCEPT''​\\ (allows port range of 50-55 for particular IP addresses)\\ ''#​ iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 2 -j ACCEPT''​\\ (limits the number of „ping“ requests to 2 per 1s)\\ ''#​ iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3250''​\\ (redirects the particular port)\\ ''#​ iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j DNAT --to 192.168.0.2:​8080''​\\ (alters the destination IP address and port of the service)\\ ''#​ iptables -A INPUT -j LOG''​\\ (logs all packets that do not meet any of the configured rules to ///​var/​log/​messages//​)\\ ''#​ iptables -D INPUT 5''​\\ (drops a rule on the 5th order in the list of „INPUT“ chain) |
 | **firewall-cmd**\\ (implemented from RHEL 7) | manages runtime and permanent firewall configuration,​ **--get-default-zone** prints default zone for connections and interfaces, **--set-default-zone=**<​zone>​ sets default zone for connections and interfaces, **--get-active-zones** prints currently active zones altogether with interfaces and sources used in these zones, **--get-zones** lists all available zones, **--list-all-zones** lists detailed information about all zones, **--zone=**<​zone>​ specifies a zone (if not specified, the default zone is used), **--list-all** lists detailed information about the zone, **--get-services** lists all available services, **--list-services** lists services added to the zone, **--list-ports** lists ports added to the zone, **--add-source=**<​IP_address>/<​network/​netmask>​ routes all traffic coming from the IP address or network/​netmask to the zone, **--remove-source=**<​IP_address>/<​network/​netmask>​ removes the rule routing all traffic from the zone coming from the IP address or network/​netmask network, **--add-interface=**<​interface>​ routes all traffic coming from an interface to the zone, **--change-interface=**<​interface>​ changes an interface for the zone, **--add-service=**<​service>​ adds a service to the zone, **--remove-service=**<​service>​ removes a service from the zone, **--add-port=**<​port>/<​protocol>​ adds a port/​protocol to the zone, **--remove-port=**<​port>/<​protocol>​ removes a port/​protocol from the zone, **--add-rich-rule=**<​rule>​ adds a custom firewall rule to the zone that is not covered by the basic firewalld syntax, **--remove-rich-rule=**<​rule>​ removes a custom firewall rule from the zone, **--query-rich-rule=**<​rule>​ verifies if a custom firewall rule has been added to the zone, **--list-rich-rules** lists all custom firewall rules for the zone, **--permanent** performs a permanent configuration (writes changes to ///​etc/​firewalld///​),​ **--reload** applies the permanent configuration,​ **--runtime-to-permanent** saves the current runtime configuration as permanent\\ ''#​ firewall-cmd --add-service=http --permanent''​\\ (permits a permanent access by HTTP clients for the default zone)\\ ''#​ firewall-cmd --add-port=2222/​tcp --permanent''​\\ (opens TCP port 2222 for the default zone)\\ ''#​ firewall-cmd --zone=internal --add-source=192.168.0.0/​24 --permanent''​\\ (routes all traffic coming from the 192.168.0.0/​24 network to the internal zone)\\ ''#​ firewall-cmd --zone=internal --list-all --permanent''​\\ (lists detailed information about the internal zone)\\ ''#​ firewall-cmd --add-rich-rule='​rule family=ipv4 source address=183.131.80.130 reject'​ --permanent''​\\ (blocks all traffic from the specified IP address in the default zone)\\ ''#​ firewall-cmd --add-rich-rule='​rule family=ipv4 source address=192.168.0.15 port port=8080 protocol=tcp accept'​ --permanent''​\\ (allows port 8080 for the specified IP address in the default zone)\\ ''#​ firewall-cmd --permanent --zone=work --add-rich-rule='​rule family=ipv4 source address=192.168.0.0/​26 forward-port port=80 protocol=tcp to-port=8080'''​\\ (forwards 80/TCP to port 8080/TCP for the specified network in the work zone)\\ ''#​ firewall-cmd --reload''​\\ (reloads the changes in the firewall settings) | | **firewall-cmd**\\ (implemented from RHEL 7) | manages runtime and permanent firewall configuration,​ **--get-default-zone** prints default zone for connections and interfaces, **--set-default-zone=**<​zone>​ sets default zone for connections and interfaces, **--get-active-zones** prints currently active zones altogether with interfaces and sources used in these zones, **--get-zones** lists all available zones, **--list-all-zones** lists detailed information about all zones, **--zone=**<​zone>​ specifies a zone (if not specified, the default zone is used), **--list-all** lists detailed information about the zone, **--get-services** lists all available services, **--list-services** lists services added to the zone, **--list-ports** lists ports added to the zone, **--add-source=**<​IP_address>/<​network/​netmask>​ routes all traffic coming from the IP address or network/​netmask to the zone, **--remove-source=**<​IP_address>/<​network/​netmask>​ removes the rule routing all traffic from the zone coming from the IP address or network/​netmask network, **--add-interface=**<​interface>​ routes all traffic coming from an interface to the zone, **--change-interface=**<​interface>​ changes an interface for the zone, **--add-service=**<​service>​ adds a service to the zone, **--remove-service=**<​service>​ removes a service from the zone, **--add-port=**<​port>/<​protocol>​ adds a port/​protocol to the zone, **--remove-port=**<​port>/<​protocol>​ removes a port/​protocol from the zone, **--add-rich-rule=**<​rule>​ adds a custom firewall rule to the zone that is not covered by the basic firewalld syntax, **--remove-rich-rule=**<​rule>​ removes a custom firewall rule from the zone, **--query-rich-rule=**<​rule>​ verifies if a custom firewall rule has been added to the zone, **--list-rich-rules** lists all custom firewall rules for the zone, **--permanent** performs a permanent configuration (writes changes to ///​etc/​firewalld///​),​ **--reload** applies the permanent configuration,​ **--runtime-to-permanent** saves the current runtime configuration as permanent\\ ''#​ firewall-cmd --add-service=http --permanent''​\\ (permits a permanent access by HTTP clients for the default zone)\\ ''#​ firewall-cmd --add-port=2222/​tcp --permanent''​\\ (opens TCP port 2222 for the default zone)\\ ''#​ firewall-cmd --zone=internal --add-source=192.168.0.0/​24 --permanent''​\\ (routes all traffic coming from the 192.168.0.0/​24 network to the internal zone)\\ ''#​ firewall-cmd --zone=internal --list-all --permanent''​\\ (lists detailed information about the internal zone)\\ ''#​ firewall-cmd --add-rich-rule='​rule family=ipv4 source address=183.131.80.130 reject'​ --permanent''​\\ (blocks all traffic from the specified IP address in the default zone)\\ ''#​ firewall-cmd --add-rich-rule='​rule family=ipv4 source address=192.168.0.15 port port=8080 protocol=tcp accept'​ --permanent''​\\ (allows port 8080 for the specified IP address in the default zone)\\ ''#​ firewall-cmd --permanent --zone=work --add-rich-rule='​rule family=ipv4 source address=192.168.0.0/​26 forward-port port=80 protocol=tcp to-port=8080'''​\\ (forwards 80/TCP to port 8080/TCP for the specified network in the work zone)\\ ''#​ firewall-cmd --reload''​\\ (reloads the changes in the firewall settings) |
-| **ssh** (<​user>​@)<​host>​ (<​command>​) | initializes an encrypted logging in to an existing account on the remote host using the same user name on both systems / using different user names; ssh is also used for executing commands on a remote host whose outputs are displayed on STDOUT of the local computer, **-l** <​user>​ logs on under a specified user, **-i** <​file>​ specifies the file with the keys (otherwise //​~/​.ssh/​id_rsa//​ is used), **-p** <​port>​ uses a nonstandard port, **-o** <​option>​ uses a specified option to override the default configuration,​ **-v** detailed output\\ ''​$ ssh 192.168.0.20''​\\ ''​$ ssh norton@mx.webs.cz''​ / ''​ssh -l norton mx.webs.cz''​\\ ''​$ ssh 192.168.0.20 ​"uname -a"''​\\ ''​$ ssh -o PubkeyAuthentication=no norton@192.168.0.20''​\\ ''​$ echo "​insert hostname":;​ while read hostname; do ssh $hostname 'echo "​Hostname":​ $(hostname);​ echo "Linux version":​ $(uname -a; cat /​etc/​redhat-release)'>​ ${hostname}_version.log && echo "​insert hostname":;​ done''​ |+| **ssh** (<​user>​@)<​host>​ (<​command>​) | initializes an encrypted logging in to an existing account on the remote host using the same user name on both systems / using different user names; ssh is also used for executing commands on a remote host whose outputs are displayed on STDOUT of the local computer, **-l** <​user>​ logs on under a specified user, **-i** <​file>​ specifies the file with the keys (otherwise //​~/​.ssh/​id_rsa//​ is used), **-p** <​port>​ uses a nonstandard port, **-o** <​option>​ uses a specified option to override the default configuration,​ **-v** detailed output\\ ''​$ ssh 192.168.0.20''​\\ ''​$ ssh norton@mx.webs.cz''​ / ''​ssh -l norton mx.webs.cz''​\\ ''​$ ssh -o PubkeyAuthentication=no norton@192.168.0.20''​\\ ''​$ ssh 192.168.0.20 ​"uname -a"''​\\ ''​$ echo "​insert hostname":;​ while read hostname; do ssh $hostname 'echo "​Hostname":​ $(hostname);​ echo "Linux version":​ $(uname -a; cat /​etc/​redhat-release)'>​ ${hostname}_version.log && echo "​insert hostname":;​ done''​\\ ''#​ for x in {a..c}; do echo "=== node${x} ==="; ssh node${x} 'yum install -y device-mapper-multipath;​ systemctl enable --now multipathd; systemctl status multipathd';​ echo; done''​\\ ''​$ for server in centos{1..2}.example.com;​ do ssh $server 'bash -s' < script.sh; done''​\\ (executes a local script on remote hosts) ​|
 | **ssh-keygen** | generates a pair of authentication keys – private and public which provide a secure user identification during the ssh connection without the necessity to enter the logging name and password; the private key is by default located in //​~/​.ssh/​id_rsa//​ či //​~/​.ssh/​id_dsa//,​ the public key in //​~/​.ssh/​id_rsa.pub//​ or //​~/​.ssh/​id_dsa.pub//​ and its contents need to be put into //​~/​.ssh/​authorized_keys//​ of the remote host; the program also asks the user to enter a „passphrase“ (string of arbitrary characters, including white spaces, protecting the private key against abuse) which, if not empty, is required from the user for identification at the beginning of each connection, **-t** <key> specifies the type of key – „rsa“ or „dsa“ (by default „rsa“), **-f** <​file>​ specifies the file with the keys (otherwise //​~/​.ssh/​id_rsa//​ is used), **-p** alters a „passphrase“,​ **-v** detailed output | | **ssh-keygen** | generates a pair of authentication keys – private and public which provide a secure user identification during the ssh connection without the necessity to enter the logging name and password; the private key is by default located in //​~/​.ssh/​id_rsa//​ či //​~/​.ssh/​id_dsa//,​ the public key in //​~/​.ssh/​id_rsa.pub//​ or //​~/​.ssh/​id_dsa.pub//​ and its contents need to be put into //​~/​.ssh/​authorized_keys//​ of the remote host; the program also asks the user to enter a „passphrase“ (string of arbitrary characters, including white spaces, protecting the private key against abuse) which, if not empty, is required from the user for identification at the beginning of each connection, **-t** <key> specifies the type of key – „rsa“ or „dsa“ (by default „rsa“), **-f** <​file>​ specifies the file with the keys (otherwise //​~/​.ssh/​id_rsa//​ is used), **-p** alters a „passphrase“,​ **-v** detailed output |
 | **ssh-copy-id** (<​user>​@)<​host>​ | copies a public key of the user from the local computer into //​~/​.ssh/​authorized_keys//​ of the host, **-i** <​file>​ specifies the file with the keys (otherwise //​~/​.ssh/​id_rsa.pub//​ is used)\\ ''​$ ssh-copy-id -i ~/​.ssh/​id_dsa.pub dookie@94.112.152.47''​ | | **ssh-copy-id** (<​user>​@)<​host>​ | copies a public key of the user from the local computer into //​~/​.ssh/​authorized_keys//​ of the host, **-i** <​file>​ specifies the file with the keys (otherwise //​~/​.ssh/​id_rsa.pub//​ is used)\\ ''​$ ssh-copy-id -i ~/​.ssh/​id_dsa.pub dookie@94.112.152.47''​ |
Line 51: Line 51:
 | **lynx** <URL> | displays the contents of the URL, **q** quits the program\\ ''​$ lynx centos.org''​ | | **lynx** <URL> | displays the contents of the URL, **q** quits the program\\ ''​$ lynx centos.org''​ |
 | **wget** <URL> | downloads the contents of the URL into the working directory, **-c** continues downloading a partially-downloaded file after the transfer is interrupted,​ **-r** recursive download, **-t** <n> specifies the number of download attempts | | **wget** <URL> | downloads the contents of the URL into the working directory, **-c** continues downloading a partially-downloaded file after the transfer is interrupted,​ **-r** recursive download, **-t** <n> specifies the number of download attempts |
-| **curl** <URL> | copies data from or to a specified URL, **-o** <​file>​ specifies a target file (by default STDOUT), **-F** <​item>​**=**<​contents>​ specifies outgoing data („@“ represents a source file)\\ ''#​ curl -o /​etc/​yum.repos.d/​data.repo set.cz/​data.repo''​ |+| **curl** <URL> | copies data from or to a specified URL, **-o** <​file>​ specifies a target file (by default STDOUT), **-F** <​item>​**=**<​contents>​ specifies outgoing data („@“ represents a source file), **-v** detailed output\\ ''#​ curl -o /​etc/​yum.repos.d/​data.repo set.cz/​data.repo''​ |
 | **mail** | displays the contents of the logged-in user's mailbox (///​var/​spool/​mail/<​user>//​),​ **-f** displays the contents of mailbox with already read messages (///​home/<​user>/​mbox//​);​ commands related to work with the mailbox: **p**/​**p**(n) displays the oldest message / particular message, **r** replies to the message, **d**/​**d**(m-n)/​**d*** deletes particular/​all messages, **q** quits the program | | **mail** | displays the contents of the logged-in user's mailbox (///​var/​spool/​mail/<​user>//​),​ **-f** displays the contents of mailbox with already read messages (///​home/<​user>/​mbox//​);​ commands related to work with the mailbox: **p**/​**p**(n) displays the oldest message / particular message, **r** replies to the message, **d**/​**d**(m-n)/​**d*** deletes particular/​all messages, **q** quits the program |
-| **mail** <​address>​ | sends a message to the specified address, **-s** <​subject>​ subject, **-c** <​address>​ carbon copy (CC), **-b** <​address>​ blind carbon copy (BCC)\\ ''​$ mail root''​ / ''​tom@atlas.cz < offer.txt''​\\ ''​$ cat file | mail -s "​offer"​ james -c root''​\\ ''​$ echo "Hello James" | mail -s "​greeting"​ james''​\\ the message can also be sent this way:\\ ''​$ mail <​address>​ **<​-'​**''​\\ ''//​Subject://​ <​subject>​ **<​-'​**''​\\ ''<​text>​ **<​-'​**''​\\ ''​.**<​-'​**''​ or ''​**ctrl**+**d**''​\\ ''//​Cc://​ <​address>​ **<​-'​**''​ |+| **mail** <​address>​ | sends a message to the specified address, **-s** <​subject>​ subject, **-c** <​address>​ carbon copy (CC), **-b** <​address>​ blind carbon copy (BCC)\\ ''​$ mail root''​ / ''​tom@atlas.cz < offer.txt''​\\ ''​$ cat file | mail -s "​offer"​ james -c root''​\\ ''​$ echo "Hello James" | mail -s "​greeting"​ james''​\\ the message can also be sent this way:\\ ''​$ mail <​address>​ **<​-'​**''​\\ ''//​Subject://​ <​subject>​ **<​-'​**''​\\ ''<​text>​ **<​-'​**''​\\ ''​.**<​-'​**''​ or ''​**Ctrl**+**d**''​\\ ''//​Cc://​ <​address>​ **<​-'​**''​ |
 | **wall** <​message>​ | sends messages to all open terminals of logged-in users with their mesg permission set to "​yes"​ | | **wall** <​message>​ | sends messages to all open terminals of logged-in users with their mesg permission set to "​yes"​ |
-| **write** <​user>​ (<​terminal>​) | sends a message to the specified user within the same host; the terminal specification is needed if the user is using more terminals at the same time\\ ''​$ write dookie **<​-'​**''​\\ ''<​text>''​\\ ''​**ctrl**+**d**''​\\ ''​$ echo "​Hello"​ | write dookie''​ | +| **write** <​user>​ (<​terminal>​) | sends a message to the specified user within the same host; the terminal specification is needed if the user is using more terminals at the same time\\ ''​$ write dookie **<​-'​**''​\\ ''<​text>''​\\ ''​**Ctrl**+**d**''​\\ ''​$ echo "​Hello"​ | write dookie''​ | 
-| **talk** <​user>​ / <​user>​@<​host>​ (<​terminal>​) | provides a communication between two users at the same time within the same host or between different hosts (in case of using the same user name on both hosts), the terminal is split into incoming and outgoing text windows; the terminal specification is needed if the user is using more terminals at the same time\\ ''​$ talk tom@domain.com **<​-'​**''​\\ ''<​text>​ **<​-'​**''​\\ ''​**ctrl**+**c**''​ |+| **talk** <​user>​ / <​user>​@<​host>​ (<​terminal>​) | provides a communication between two users at the same time within the same host or between different hosts (in case of using the same user name on both hosts), the terminal is split into incoming and outgoing text windows; the terminal specification is needed if the user is using more terminals at the same time\\ ''​$ talk tom@domain.com **<​-'​**''​\\ ''<​text>​ **<​-'​**''​\\ ''​**Ctrl**+**c**''​ |
 | **mesg** (<​**y**/​**n**>​) | prints or sets the terminal'​s availability for the logged-in user to receive messages of „wall“, „talk“ or „write“ program („y“ = yes, „n“ = no) | | **mesg** (<​**y**/​**n**>​) | prints or sets the terminal'​s availability for the logged-in user to receive messages of „wall“, „talk“ or „write“ program („y“ = yes, „n“ = no) |
 | **who -w** | prints the current access state of the logged-in users' terminals for using program „wall“, „talk“ or „write“ („+“ = yes, „-“ = no) | | **who -w** | prints the current access state of the logged-in users' terminals for using program „wall“, „talk“ or „write“ („+“ = yes, „-“ = no) |