Monthly Archives: December 2022

Reload firewall settings

firewall-cmd --reload

Interfaces

Bind an interface “eth0” to the default zone.

firewall-cmd --add-interface=eth0 --permanent

Bind an interface “eth0” to a specific zone “public”

firewall-cmd --zone=public --add-interface=eth0 --permanent

Services

Add a service to default zone

firewall-cmd --add-service https --permanent

Add a service to a specific zone “public”

firewall-cmd --zone=public --add-service https --permanent

Ports

Open a port within the default zone

firewall-cmd --add-port 1521/tcp --permanent

Open a port within a specific zone “public”

firewall-cmd --zone=public --add-port 1521/tcp --permanent

Remove a port from a specific zone “public”

firewall-cmd --remove-port 1521/tcp --permanent

Getting Information

List all defined zones

firewall-cmd --get-zones

Get the default zone

firewall-cmd --get-default-zone

List active zones

firewall-cmd --get-active-zones

Get data of a specific zone “public”

firewall-cmd --info-zone=public

To authenticate with keys on an SSH session, we need a keypair first. This contains a public and a private key part. The public part must be copied to the SSH server, the private part resides on your user homedir.

ssh-keygen -t rsa -b 4096

This will ask you for the destination of the keyfiles. The file with the extension .pub will be the public key part.

Enter file in which to save the key (/home/<user>/.ssh/id_rsa):

You can leave the default (press Enter-key), of type another file name, i.e. my-ssh-key. Without a path it will be stored into the current working directory.
Now you should secure your private key with an additional keyphrase, which you have to enter on every access to the key. Type it twice and don't forget it.

Enter passphrase (empty for no passphrase):
Enter same passphrase again: 


Your identification has been saved in my-ssh-key
Your public key has been saved in my-ssh-key.pub
The key fingerprint is:
SHA256:Kg4elHNG8TwLIYjTfX7yRz7h0dmVHY7FUx5krwwQjEA user@hostname
The key's randomart image is:
+---[RSA 4096]----+
|.o..+E. o. o++|
|+ ...=.. .. .+oo|
| . oo+ . . *.= |
| o .oo. = o * |
| + o .+S+ + o |
| . + .. = o . |
| o . . . . o |
| . + . |
| . . |
+----[SHA256]-----+

You can move both files into /home/<user>/.ssh/. If the folder doesn’t exist, create it:

mkdir -p ~/.ssh
chmod 700 ~/.ssh

mv my-ssh-key ~/.ssh/.
chmod 600 ~/.ssh/my-ssh-key
chmod 644 ~/.ssh/my-ssh-key.pub

The file permission must be set correctly. Now its time to copy the public key part to the SSH server. You need a working user account there, which can bee reached with a password login.

ssh-copy-id -i ~/.ssh/my-ssh-key user@ssh-hostname

This will copy the content of the my-ssh-key.pub into ~/.ssh/authorized_keys on the SSH server. If you don’t have access to the account (because the SSH server prevents password-based login), ask your administrator. If your keybased login doesn’t work, try on client side

ssh -vvv user@ssh-hostname

to see, what’s going on. It tries some private key names, but the name my-ssh-key (see above) will not used. So we have to configure this in a special file named “config” within ~/.ssh.

cd ~/.ssh
touch config
chmod 644 config

type some SSH parameters into that file.

host <ssh-hostname>
   Hostname <ssh-hostname>
   Port 22
   IdentityFile ~/.ssh/my-ssh-key
   ForwardX11 yes

Replace <ssh-hostname> with the correct name. The important part is IdentityFile, which points to your SSH private key part. ForwardX11 is optional and allows a display redirection from the server to the client for X-based applications. Save the file and try it again:

ssh user@ssh-hostname

This should now ask for the passphrase of the correct key my-ssh-key.

Enter passphrase for key '/home/<user>/.ssh/my-ssh-key':