/etc/ssh/sshd_config
The configuration of SSH client is stored in the text file /etc/ssh/ssh_config
The configuration of the SSH server daemon is stored in the text file /etc/ssh/sshd_config. An important setting in this file is PermitRootLogin=No. This is the default setting in ESX 3.x and it is recommended that you keep the setting at "No". This way you have an audit trail and see exactly who is logging in, rather than just "root". You can quickly what the setting is by using a grep operation on the file as shown:
# grep Permit /etc/ssh/sshd_config
If you do edit the file to change this setting to Yes, then make sure you restart the daemon for the changes to take effect using the command:
# service sshd restart
su
This command is the switch user utility.
When it used without parameters, we are specifying to switch to the user root. However, we can use the su command to switch shell to any user account. In the first example, we are logged in as the user kevin and we are switching to user ali.
[kevin@esx1host kevin]$ su ali
Password:
[ali@esx1host kevin]
Password:
[ali@esx1host kevin]
In this second example, we are switching from being logged on as a user called sara to being logged on as root. Notice to switch to root, we don't need to specify a username.
[sara@esx1host sara]$ su -
Password:
[root@esx1host root]#
Password:
[root@esx1host root]#
If we restrict the built-in user account root from logging in over the SSH protocol, then we are forcing remote users to authenticate as themselves and then su to run privileged commands if need be, thus leaving a decent audit trail. The downside being that those users would still know the root account password.
If you would like to restrict the use of the su command, then we can limit it to the members of a specific group called wheel. This group is defined in the /etc/group file by default and it's membership can be modified by root. In order to limit su to the wheel group members we need to modify a configuration file called /etc/pam.d/su There is a single line in this file that needs to be uncommented to limit the use of su. The line is shown below as it appears it that file, all that is required is the removal of the # symbol at the start of the line.
#auth required /lib/security/$ISA/pam_wheel.so user_uid
w
who
vi
We can't talk about the command line without talking about vi. This is the simple but powerful text editor in Linux and UNIX. People tend to love it or hate it. Either way, it's nearly always there in any *nix implementation and just by memorising a few commands you can be up and running with it. If you can use Windows Notepad, you can use vi!
vi filename
The first thing that throws you is that to enter text into your file, you need to press "i" for Insert mode. You can then enter your text just as any other text editor. When you are done with text entering, just press the Escape (Esc) key to come out of insert mode. If you are happy with your file, then we need to Write & Quit (wq). To enter commands in this command line editor, rather than having menus, we have a command prompt in the application. To reach the vi command prompt, simply enter ":" - the colon character which will automatically place your cursor at the bottom of the session. Here you can enter the "wq" command to write and quit the editor. That's it!
Here is a summary of the vi commands
i Changes to insert mode where you can edit the text
:wq Write the file and quit the editor
:q! Quit the editor without saving changes
SHIFT ZZ Quit the editor and save any changes made - just a fast way of doing ":wq"
Esc key Exits the current mode, e.g. out of insert mode back to view mode.
:wq Write the file and quit the editor
:q! Quit the editor without saving changes
SHIFT ZZ Quit the editor and save any changes made - just a fast way of doing ":wq"
Esc key Exits the current mode, e.g. out of insert mode back to view mode.
These commands are just extra if you have the inclination to learn!
/ search - if you entered /failed then the cursor would move to the first instance of "failed in the text
$ jumps to the end of the opened file
yy copy - it's y for yank!
dd delete a line (cut) if you precede this with a number e.g. 8dd, then it would delete 8 lines
p paste
%s/old/new/g substitute any occurrences of the world "old" with the world "new"
$ jumps to the end of the opened file
yy copy - it's y for yank!
dd delete a line (cut) if you precede this with a number e.g. 8dd, then it would delete 8 lines
p paste
%s/old/new/g substitute any occurrences of the world "old" with the world "new"
nano
Another text editor, more friendly but you should use –w to avoid word wrap.
date
If we are checking the time and date of our ESX Service Console, then the date command is very useful. Just entering the "date" command returns what the service console thinks the current date is.
If the date is incorrect and you wish to reset it you would enter the command with the -s switch and specify date in mm/dd/yyyy format.
# date -s "12/29/2007 23:48"
Once you have set the date, you will want to ensure that the hardware clock matches your newly entered date. We can do this with the hwclock command described below.
hwclock
We can use this command to synchronise the server hardware clock with the date we set in the service console. If you enter the command with no parameters then the value of the hardware clock is displayed.
# hwclock
If we want to synchronise the hardware clock with the service console date and time, we use the following:
# hwclock -systohc
cal
Display calendar for current month or set of months. The following command displays 3 months, current month and the month before and after.
# cal -3
March 2006 April 2006 May 2006
Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa
1 2 3 4 1 1 2 3 4 5 6
5 6 7 8 9 10 11 2 3 4 5 6 7 8 7 8 9 10 11 12 13
12 13 14 15 16 17 18 9 10 11 12 13 14 15 14 15 16 17 18 19 20
19 20 21 22 23 24 25 16 17 18 19 20 21 22 21 22 23 24 25 26 27
26 27 28 29 30 31 23 24 25 26 27 28 29 28 29 30 31
30
March 2006 April 2006 May 2006
Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa Su Mo Tu We Th Fr Sa
1 2 3 4 1 1 2 3 4 5 6
5 6 7 8 9 10 11 2 3 4 5 6 7 8 7 8 9 10 11 12 13
12 13 14 15 16 17 18 9 10 11 12 13 14 15 14 15 16 17 18 19 20
19 20 21 22 23 24 25 16 17 18 19 20 21 22 21 22 23 24 25 26 27
26 27 28 29 30 31 23 24 25 26 27 28 29 28 29 30 31
30
Surprisingly useful!
passwd
Used to change the password of the currently logged on user (use the command with no parameters) or for changing the password of a named user account (supply the user name as a parameter).
passwd <user>
Remember that passwords are not stored in the /etc/passwd file, but in the file /etc/shadow
If you are ever needing to reset an unknown root account password, then it is this utility you would run after booting into Linux single user mode.
ethtool
This command can be used to view and configure the ethernet interfaces in your host. We didn't use this tool much until ESX 3.5, when we started to work with Distributed Power Management (DPM); an experimental feature of DRS clusters.
The output of this tool provides a load of information about the network cards, but of particular interest now is the support for Wake-on-LAN (WoL). DPM makes use of this NIC feature and so we need to check that our NICs both support the function AND have the function enabled. The ethtool allows us to view and set this functionality.
# ethtool vmnic1
Settings for vmnic1
Settings for vmnic1
If we noted that our NIC supported WoL but it was not currently enabled, then we could use this tool to effect the change.
# ethtool -s vmnic1 wol g
check out the rest of the Windows Live™. More than mail–Windows Live™ goes way beyond your inbox. More than messages
ليست هناك تعليقات:
إرسال تعليق