Red Hat Enterprise Linux Implementation

Local and Remote Logins

Module Topics

Local Console Command Line Access
Bash Shell
Virtual Consoles
Shell Basics
SSH Key-Based Authentication
SSH Key Generation
Red Hat Customer Portal
Knowledgebase
Support Cases
Advanced Diagnostics

Local Console Command Line Access

Command line: Text-based interface used to input instructions to computer system
Linux command line provided by shell
GNU Bourne-Again Shell (bash): Default shell in Red Hat Enterprise Linux
- Improved version of Bourne Shell (sh)

Bash Shell

Shell prompt displays when shell is waiting for command from user
- When regular user starts shell, default prompt ends with $:
  [student@desktop1 ~]$
- When superuser (root) starts shell, default prompt ends with #:
  [root@desktop1 ~]#
bash shell provides scripting language for automating tasks
Shell can simplify operations that are hard to accomplish with graphical tools

Transcript:

When a shell is used interactively, it displays a string when it is waiting for a command from the user. This is called the shell prompt. When a regular user starts a shell, the default prompt ends with a $ character.

The $ is replaced by a # if the shell is running as the superuser, root. This makes it more obvious that it is a superuser shell, which helps to avoid accidents and mistakes in the privileged account.

Using bash to execute commands can be powerful. The bash shell provides a scripting language that can support automation of tasks. The shell has additional capabilities that can simplify or make possible operations that are hard to accomplish efficiently with graphical tools.

The bash shell is similar in concept to the command line interpreter found in recent versions of Microsoft Windows cmd.exe, although bash has a more sophisticated scripting language. It is also similar to Windows PowerShell in Windows 7 and Windows Server 2008 R2. Mac OS X administrators who use the Macintosh’s Terminal utility may be pleased to note that bash is the default shell in Mac OS X.

Virtual Consoles

Terminal Access

Provides keyboard for input and display for output
On text-based installations, can be Linux machine’s physical console
Can be configured through serial ports

Virtual Console Access

Linux machine’s physical console supports multiple virtual consoles
Each virtual console acts like separate terminal
- Supports independent login session
- GUI runs on first virtual console
- In GUI, hold Ctrl+Alt and press F2 through F6 to access text login prompt for consoles 2 - 6
- Press Ctrl+Alt+F1 to return to first virtual console and GUI desktop.

Transcript:

Users access the bash shell through a terminal. A terminal provides a keyboard for user input and a display for output. On text-based installations, this can be the Linux machine’s physical console, the hardware keyboard and display. Terminal access can also be configured through serial ports.

Another way to access a shell is from a virtual console. A Linux machine’s physical console supports multiple virtual consoles which act like separate terminals. Each virtual console supports an independent login session.

If the graphical environment is available, it will run on the first virtual console in Red Hat Enterprise Linux 7. Five additional text login prompts are available on consoles two through six (or one through five if the graphical environment is turned off). With a graphical environment running, access a text login prompt on a virtual console by holding Ctrl+Alt and pressing a function key (F2 through F6). Press Ctrl+Alt+F1 to return to the first virtual console and the graphical desktop.

You can use the console link provided in the provisioning email you received when you provisioned your lab environment to access your consoles. In this web based console, you should be able to send these key sequences to toggle between the consoles.

In Red Hat Enterprise Linux 5 and earlier, the first six virtual consoles always provided text login prompts. When the graphical environment was launched, it ran on virtual console seven (accessed through Ctrl+Alt+F7).

Shell Basics

Commands entered at shell prompt have three basic parts:
- Command: Name of program to run
- Options: Adjust behavior of command and normally start with one or two dashes (-a or --all)
- Arguments: Often indicate target that command should operate on
Commands can be followed by one or more options or arguments
```
usermod -L morgan
```
- Command is usermod
- Option is -L
- Argument is morgan

Shell Basics

Most commands have --help option that prints usage statement
Usage statement conventions:
- [] surrounds optional items
- ... represents an arbitrary-length list of items of that type
- | separates items when only one item can be specified
- <> represents variable data
  - Example: <filename> means “insert the filename you wish to use here”
    Sometimes variables appear as capital letters (e.g., FILENAME).

Transcript:

To use a command effectively, a user needs to know what options and arguments it takes and in what order it expects them (the syntax of the command). Most commands have a --help option. This causes the command to print a description of what it does, a "usage statement" that describes the command’s syntax, and a list of the options it accepts and what they do.

Usage statements may seem complicated and difficult to read. They become much simpler to understand once a user becomes familiar with a few basic conventions:

Square brackets, [], surround optional items.
Anything followed by … represents an arbitrary-length list of items of that type.
Multiple items separated by pipes, |, means only one of them can be specified.
Text in angle brackets, <>, represents variable data. For example, <filename> means “insert the filename you wish to use here”. Sometimes these variables are simply written in capital letters (e.g., FILENAME).

Shell Basics

[student@desktop1 ~]$ date --help
date [OPTION]... [+FORMAT]

date takes optional list of options: [OPTION]...
Options are followed by optional format string: [+FORMAT]
To quit shell and end session, do one of the following:
- Use exit
- Press Ctrl+D

References

Man pages: intro(1), bash(1), console(4), pts(4), and man-pages(7)

Some details of the console(4) man page, involving init(8) and inittab(5), are outdated.

Transcript:

Consider the first usage statement for the date command…

This indicates that date can take an optional list of options ([OPTION]…), followed by an optional format string, prefixed with a plus character, +, that defines how the current date should be displayed ([+FORMAT]). Since both of these are optional, date will work even if it is not given options or arguments (it will print the current date and time using its default format).

The man page for a command has a SYNOPSIS section that provides information about the command’s syntax. The man-pages man page describes how to interpret all the square brackets, vertical bars, and so forth that users see in SYNOPSIS or a usage message.

When a user is finished using the shell and wants to quit, there are a couple of ways to end the session. The exit command terminates the current shell session. Another way to finish a session is by typing Ctrl+D.

SSH Key-Based Authentication

Key-based SSH authentication adds additional security to remote systems administration
Users can authenticate SSH login without password
- Authenticate using private-public key scheme
Two keys are generated: private key and public key
- Private key file used as authentication credential
  - Like password, must be kept secret and secure
- Public key used to verify the private key
  - Copied to systems user wants to log in to
  - Does not need to be secret
SSH server with public key can issue challenge that only system holding private key can answer
- Allows secure system access without requiring password every time

Transcript:

Utilizing key-based SSH authentication adds additional security to remote systems administration.

Users can authenticate ssh logins without a password by using public key authentication. ssh allows users to authenticate using a private-public key scheme. This means that two keys are generated, a private key and a public key. The private key file is used as the authentication credential, and like a password, must be kept secret and secure. The public key is copied to systems the user wants to log into, and is used to verify the private key. The public key does not need to be secret. An SSH server that has the public key can issue a challenge that can only be answered by a system holding your private key. As a result, you can authenticate using the presence of your key. This allows you to access systems in a way that doesn’t require typing a password every time, but is still secure.

SSH Key Generation

To generate keys, use ssh-keygen
- Generates private key ~/.ssh/id_rsa and public key ~/.ssh/id_rsa.pub
Optional, specify passphrase during generation
- Passphrase must be provided to access private key
- Difficult to use stolen key without passphrase
- With passphrase, SSH is no longer password-less
To provide passphrase once at start of session, use ssh-agent with ssh-add
- Provides passphrase as needed while you stay logged in

Tip: Additional information for the ssh-agent command can be found consulting the Red Hat System Administration Guide.

Transcript:

Key generation is done using the ssh-keygen command. This generates the private key ~/.ssh/id_rsa and the public key ~/.ssh/id_rsa.pub.

During key generation, there is the option to specify a passphrase which must be provided in order to access your private key. In the event the private key is stolen, it is very difficult for someone other than the issuer to use it when protected with a passphrase. This adds enough of a time buffer to make a new key pair and remove all references to the old keys before the private key can be used by an attacker who has cracked it.

It is always wise to passphrase-protect the private key since the key allows access to other machines. However, this means the passphrase must be entered whenever the key is used, making the authentication process no longer password-less. This can be avoided using ssh-agent, which can be given your passphrase once at the start of the session (using ssh-add), so it can provide the passphrase as needed while you stay logged in.

SSH Key Generation

Generated SSH keys are stored by default in .ssh/ directory of home directory
- Private key permissions should be 600
- Public key permissions should be 644
To use key-based authentication, public key must be copied to destination system
- Use ssh-copy-id
- Copies ~/.ssh/id_rsa.pub file by default
  [student@desktop1 ~]$ ssh-copy-id root@student1.example.com

SSH Key Generation

[student@desktop1 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/student/.ssh/id_rsa):Enter
Created directory '/home/student/.ssh'.
Enter passphrase (empty for no passphrase):r3dh@t1!
Enter same passphrase again:r3dh@t1!
Your identification has been saved in /home/student/.ssh/id_rsa.
Your public key has been saved in /home/student/.ssh/id_rsa.pub.
The key fingerprint is:
a4:9:cf:fb:ac:ab:c8:ce:45:33:f2:ad:69:7b:d2:5a student@desktop1.example.com
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|      . .        |
|     . *         |
|    . * S        |
|     + + .       |
|      o.E        |
|   o oo+oo       |
|   .=.**ooo      |
+-----------------+

SSH Key Generation

[student@desktop1 ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@server1.example.com

References

System Administrator’s Guide for Red Hat Enterprise Linux 7
Man pages: ssh-keygen(1), ssh-copy-id(1), ssh-agent(1), and ssh-add(1)

Red Hat Customer Portal

Access Red Hat Customer Portal at https://access.redhat.com
Access everything provided with subscription in one location:
- Search Knowledgebase for solutions, FAQs, and articles
- Access official product documentation
- Submit and manage support tickets
- Attach and detach product subscriptions
- Download software, updates, and evaluations
Parts of site accessible to everyone
- Other parts are exclusive to customers with active subscriptions
Get help with Customer Portal at https://access.redhat.com/help/

Knowledgebase

Can access Red Hat Customer Portal via web browser:
Can access Red Hat Customer Portal via command line tool:
```
[student@desktop1 ~]$ redhat-support-tool
Welcome to the Red Hat Support Tool.
Command (? for help):
```
- Access from any terminal or SSH connection
- Use as interactive shell (default) or execute individual commands with options and arguments
  - Syntax identical for both methods
- To see all available commands, use help
- Shell mode supports:
  - Tab completion
  - Calling programs in parent shell

Transcript:

Customers can work with Red Hat Customer Portal through a web browser. This section will introduce a command line tool that can also be used to access Red Hat Customer Portal services, redhat-support-tool.

The Red Hat Support Tool utility redhat-support-tool provides a text console interface to the subscription-based Red Hat Access services. Internet access is required to reach the Red Hat Customer Portal. The redhat-support-tool is text-based for use from any terminal or SSH connection; no graphical interface is provided.

The redhat-support-tool command may be used as an interactive shell or invoked as individually executed commands with options and arguments. The tool’s available syntax is identical for both methods. By default, the program launches in shell mode. Use the provided help sub-command to see all available commands. Shell mode supports tab completion and the ability to call programs in the parent shell.

Knowledgebase

When first invoked, redhat-support-tool prompts for subscriber login information
- To avoid repetitively supplying credentials, tool asks to store account info in $HOME/.redhat-support-tool/redhat-support-tool.conf
- If account is shared by many users, use --global option to save account info and systemwide configuration to /etc/redhat-support-tool.conf
To modify tool’s configuration settings, use config

Knowledgebase

[student@desktop1 ~]$ redhat-support-tool
Welcome to the Red Hat Support Tool.
Command (? for help):search How to manage system entitlements with subscription-manager
Please enter your RHN user ID:subscriber
Save the user ID in /home/student/.redhat-support-tool/redhat-support-tool.conf (y/n):y
Please enter the password for subscriber:password
Save the password for subscriber in /home/student/.redhat-support-tool/redhat-support-tool.conf (y/n):y
Type the number of the solution to view or 'e' to return to the previous menu.
  1 [ 253273:ER] How to register and subscribe a system to Red Hat Network
    (RHN) using Red Hat Subscription Manager (RHSM)?
  2 [  17397:ER] What are Flex Guest Entitlements in Red Hat Network?
  3 [ 232863:ER] How to register machines and manage subscriptions using Red
    Hat Subscription Manager through an invisible HTTP proxy / Firewall?
3 of 43 solutions displayed. Type 'm' to see more, 'r' to start from the beginning again, or '?' for help with the codes displayed in the above output.
Select a Solution:1

Type the number of the section to view or 'e' to return to the previous menu.
 1 Title
 2 Issue
 3 Environment
 4 Resolution
 5 Display all sections
End of options.
Section:1

Title
===============================================================================
How to register and subscribe a system to Red Hat Network (RHN) using Red Hat Subscription Manager (RHSM)?
URL:       https://access.redhat.com/site/solutions/253273
(END) q
[student@desktop1 ~]$

Knowledgebase

Access Knowledgebase Articles by Document ID

To locate articles by document ID, use kb

Returned documents scroll on screen without pagination

Allows redirect of output with local commands

[student@desktop1 ~]$ redhat-support-tool kb 253273 | less

Title:  How to register and subscribe a system to Red Hat Network (RHN) using Red Hat Subscription Manager (RHSM)?
ID:     253273
State:  Verified: This solution has been verified to work by Red Hat Customers and Support Engineers for the specified product version(s).
URL:    https://access.redhat.com/site/solutions/253273
:q

Support Cases

Access detailed info on support process at https://access.redhat.com/site/support/policy/support_process

Prepare Bug Reports

Define problem
- Clearly state problem and symptoms
- Be as specific as possible
- Document steps to reproduce problem
Gather background information
- Product and version affected
- Provide relevant diagnostic info, such as output of sosreport, system’s kdump crash dump, or digital photo of kernel backtrace displayed on monitor
Determine severity level
- See next slide for severity level details
- Follow up with phone call for Urgent and High severity problems ( see https://access.redhat.com/site/support/contact/technicalSupport )

Transcript:

One benefit of a product subscription is access to technical support through Red Hat Customer Portal. Depending on the system’s subscription support level, Red Hat may be contacted through on-line tools or by phone. See https://access.redhat.com/site/support/policy/support_process for links to detailed information about the support process.

Before contacting Red Hat Support, gather relevant information for a bug report.

Define the problem. Be able to clearly state the problem and its symptoms. Be as specific as possible. Detail the steps which will reproduce the problem.

Gather background information. Which product and version is affected? Be ready to provide relevant diagnostic information. This can include output of sosreport, discussed later in this section. For kernel problems, this could include the system’s kdump crash dump or a digital photo of the kernel backtrace displayed on the monitor of a crashed system.

Determine the severity level. Red Hat uses four severity levels to classify issues. Urgent and High severity problem reports should be followed by a phone call to the relevant local support center (see https://access.redhat.com/site/support/contact/technicalSupport).

Support Cases

Severity Level

Description

Urgent (Severity 1)

A problem that severely impacts your use of the software in a production environment (such as loss of production data or in which your production systems are not functioning). The situation halts your business operations and no procedural workaround exists.

High (Severity 2)

A problem where the software is functioning but your use in a production environment is severely reduced. The situation is causing a high impact to portions of your business operations and no procedural workaround exists.

Medium (Severity 3)

A problem that involves partial, non-critical loss of use of the software in a production environment or development environment. For production environments, there is a medium-to-low impact on your business, but your business continues to function, including by using a procedural workaround. For development environments, where the situation is causing your project to no longer continue or migrate into production.

Low (Severity 4)

A general usage question, reporting of a documentation error, or recommendation for a future product enhancement or modification. For production environments, there is low-to-no impact on your business or the performance or functionality of your system. For development environments, there is a medium-to-low impact on your business, but your business continues to function, including by using a procedural workaround.

Support Cases

Manage Bug Reports

Subscribers can use redhat-support-tool to create, view, modify, and close support cases
Attach files or documentation, such as diagnostic reports (sosreport)

Use command options or tool prompts to provide case details including product, version, summary, description, severity, and case group

[student@desktop1 ~]$ redhat-support-tool
Welcome to the Red Hat Support Tool.
Command (? for help):opencase --product="Red Hat Enterprise Linux" --version="7.0"
Please enter a summary (or 'q' to exit):System fails to run without power
Please enter a description (Ctrl-D on an empty line when complete):
When the server is unplugged, the operating system fails to continue.
 1   Low
 2   Normal
 3   High
 4   Urgent
Please select a severity (or 'q' to exit):4
Would you like to assign a case group to this case (y/N)? N
Would see if there is a solution to this problem before opening a support case? (y/N) N
-------------------------------------------------------------------------------
Support case 01034421 has successfully been opened.

Support Cases

Attach an SoS Report

Use sosreport to generate tar archive of diagnostic info gathered from running system

redhat-support-tool prompts to include SoS report if an archive exists

Please attach a SoS report to support case 01034421. Create a SoS report as
the root user and execute the following command to attach the SoS report
directly to the case:
 redhat-support-tool addattachment -c 01034421 path to sosreport

Would you like to attach a file to 01034421 at this time? (y/N) N
Command (? for help):

If current SoS report is not available, administrator can generate and attach later using addattachment

Support Cases

Manage Bug Reports

Command (? for help):listcases

Type the number of the case to view or 'e' to return to the previous menu.
 1 [Waiting on Red Hat]  System fails to run without power
No more cases to display
Select a Case:1

Type the number of the section to view or 'e' to return to the previous menu.
 1 Case Details
 2 Modify Case
 3 Description
 4 Recommendations
 5 Get Attachment
 6 Add Attachment
 7 Add Comment
End of options.
Option:q

Select a Case:q

Command (? for help):

[student@desktop1 ~]$ redhat-support-tool modifycase --status=Closed 01034421
Successfully updated case 01034421
[student@desktop1 ~]$

Advanced Diagnostics

Red Hat Support Tool can use kernel crash dump core files to create and extract a backtrace
- Report of active stack frames at point of crash dump
- Provides onsite diagnostics
- Useful when opening support case
Use analyze to view many types of log files, including operating system, JBoss®, Python, Tomcat, oVirt, and others
- Parse files to identify problem symptoms
- View and diagnose parsed files individually
- Provide preprocessed analysis as support case attachment

References

Summary

Local Console Command Line Access
Bash Shell
Virtual Consoles
Shell Basics
SSH Key-Based Authentication
SSH Key Generation
Red Hat Customer Portal
Knowledgebase
Support Cases
Advanced Diagnostics

Module Completion

Nice job!

Click the button below to complete this module of the course: