Juniper Tips 30: export default route via BGP

#show protocols bgp group gp_PE_device
type external;
description “session to Devices”;
hold-time 10;
import [ ROUTE_IN BRICKWALL ];
export [ SET_SEND_DEFAULT BRICKWALL ]; <insert the default route but reject others
family inet {
unicast;
}

local-as 65060;
neighbor 10.28.28.22 {
local-address 10.28.28.21;
peer-as 19493;
}
neighbor 10.28.29.22 {
local-address 10.28.29.21;
peer-as 19493;
}

#show policy-options policy-statement SET_SEND_DEFAULT]
pp5371@shdw00mx# show
term SEND_DEFAULT {
from {
protocol [ aggregate static ];
route-filter 0.0.0.0/0 exact;
}
then accept;
}
then next policy;

$show configuration policy-options policy-statement BRICKWALL
then reject;

 

#show routing-options static
route 0.0.0.0/0 discard

<-that prevent the router to send traffic to any other places.
# run show route advertising-protocol bgp 10.28.29.26

inet.0: 97 destinations, 103 routes (95 active, 0 holddown, 2 hidden)
Prefix Nexthop MED Lclpref AS path
* 0.0.0.0/0 Self I

SSH handshake process explained

Key and Algorithms

1. SSH uses common asymmetric (or Public) key algorithms: RSA (Rivest-
Shamir-Adleman), DSA (Digital Signature Algorithm), and Diffie-Hellman
2. SSH also uses common symmetric key algorithms: DES (Data Encryption
Standard), IDEA (International Data Encryption Algorithm), Triple-DES
(3DES), Blowfish, and AES (Advanced Encryption Standard). AES comes in
128, 192, and 256 bits.
3. SSH also uses common hash algorithms: MD5 (Message Digest), CRC
(Cyclic Redundancy Check)-32, SHA-1 (Secure Hash Algorithm).

Key Exchange

  1. The client has a public & private key pair. The server has a public & private key pair.
  2. The client and server exchange their public keys.
  3. The client now has its own key pair plus the public key of the server.
  4. The server now has its own key pair plus the public key of the client.
  5. This exchange of keys is done over an insecure network.
  6. The client takes its private key and the server’s public key and passes it
    through a mathematical equation to produce the shared secret (session key).
  7. The server takes its private key and the client’s public key and passes it
    through a mathematical equation to produce the shared secret (session key).
    Both these shared secrets are identical! This is an asymmetrical key.
  8. This encrypted tunnel is used for the remainder of the session, including the next phase: User Authentication.

 

Here are the a few Packets I got from t-shark using display filter “ssh.message_code”

SSHv2 Client: Key Exchange Init

SSHv2 Server: Key Exchange Init

SSHv2 Client: Diffie-Hellman Key Exchange Init

SSHv2 Server: Diffie-Hellman Key Exchange Reply

SSHv2 Client: Diffie-Hellman GEX Init

SSHv2 Server: Diffie-Hellman GEX Reply

SSHv2 Client: New Keys

SSHv2 Server: New Keys

Example 1, failed SCP connection, failed with key exchange.

alteonbad

the key exchange methods are not same.

rsa dss

After changing openssh server,

alteongood

How to remove a software package with dependencies in RedHat Linux (rpm/yum)

1 Find out which rpm is using

$ sudo rpm -qa | grep rsit-server-7.2.1.77-1.x86_64
rsit-server-7.2.1.77-1.x86_64

2. Try to remove a single rpm package

$ sudo rpm -e rsit-server-7.2.1.77-1.x86_64
error: Failed dependencies:
openssh-clients is needed by (installed) virt-viewer-0.5.2-9.el6.x86_64
rsit-server >= 7.1 is needed by (installed) ipnsg-wrq-ssh-1.0-1.noarch
/usr/bin/ssh is needed by (installed) virt-v2v-0.8.7-6.el6.x86_64

3. If try to remove using rpm, it will report more dependent packages needs to be removed. using “yum remove” will remove all together.

$sudo yum remove rsit-server-7.2.1.77-1.x86_64
Loaded plugins: product-id, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Remove Process
Resolving Dependencies
–> Running transaction check
—> Package rsit-server.x86_64 0:7.2.1.77-1 will be erased
–> Processing Dependency: openssh-clients for package: virt-viewer-0.5.2-9.el6.x86_64
–> Processing Dependency: rsit-server >= 7.1 for package: ipnsg-wrq-ssh-1.0-1.noarch
–> Running transaction check
—> Package ipnsg-wrq-ssh.noarch 0:1.0-1 will be erased
–> Processing Dependency: ipnsg-wrq-ssh for package: ipnsg-ddos-shadow-vm-platform-1.0-1.noarch
—> Package virt-viewer.x86_64 0:0.5.2-9.el6 will be erased
–> Running transaction check
—> Package ipnsg-ddos-shadow-vm-platform.noarch 0:1.0-1 will be erased
–> Processing Dependency: /usr/bin/ssh for package: virt-v2v-0.8.7-6.el6.x86_64
–> Restarting Dependency Resolution with new changes.
–> Running transaction check
—> Package virt-v2v.x86_64 0:0.8.7-6.el6 will be erased
–> Finished Dependency Resolution

Dependencies Resolved.

Other yum options:

Code:
yum update

Searches. To make a search of some package or term in the data base in some of the formed deposits yum in the system:

Code:
 yum search any-package

Example:

Code:
yum search httpd

I hope this will help you understand how to use yum more effeciently. Any erros in this how please notify me.
Consultation of information. To consult the information contained in a package in individual:

Code:
 yum info any-package

Example:

Code:
yum info httpd

Installation of packages. Installation of paquetería with automatic resolution of dependencies:

Code:
 yum install any-package

Example.

Code:
yum install gkrellm

Uninstalling packages. Desinstalación of packages along with everything what it depends on these:

Code:
yum remove any-package

Example.

Code:
yum remove gkrellm

Listing Packages. The following thing will list all the packages available in the data base yum and that can settle:

Code:
 available yum list|less

The following thing will list all the packages installed in the system:

Code:
 yum list installed|less

The following thing will list all the packages installed in the system and that can (they must) be updated:

Code:
 yum list updates|less

Cleaning of the system.

Yum leaves as result of its use heads and packages RPM stored in the interior of the directory located in the route /var/cache/yum/. Particularly the packages RPM that have settled can occupy much space and is by such reason agrees to eliminate them once no longer they have utility. Also it agrees to do the same with the old heads of packages that no longer are in the data base. In order to make the corresponding cleaning, the following thing can be executed:

Code:
 yum clean all

Group install

Code:
yum groupinstall "groupname"

Dont forget the quotation marks for group install.

How to enable openssh server in RedHat Linux

Install openssh on Red Hat Enterprise Linux

In order to turn openssh service on make sure that you have install the openssh-server and openssh-clients RPMs Code:

sudo yum install openssh openssh-server openssh-clients

sudo yum install openssh-server
Loaded plugins: product-id, security, subscription-manager
Updating certificate-based repositories.
Resolving Dependencies
–> Running transaction check
—> Package openssh-server.x86_64 0:5.3p1-81.el6 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================================
Installing:
openssh-server x86_64 5.3p1-81.el6 300 k

Transaction Summary
===============================================================================================================================================
Install 1 Package(s)

 

sudo yum install openssh-clients
Loaded plugins: product-id, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package openssh-clients.x86_64 0:5.3p1-81.el6 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================================
Installing:
openssh-clients x86_64 5.3p1-81.el6 358 k

Transaction Summary
===============================================================================================================================================
Install 1 Package(s)

sudo yum install openssh
Loaded plugins: product-id, security, subscription-manager
Updating certificate-based repositories.
Unable to read consumer identity
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package openssh.x86_64 0:5.3p1-81.el6 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================================
Package Arch Version Repository Size
===============================================================================================================================================
Installing:
openssh x86_64 5.3p1-81.el6  236 k

Transaction Summary
===============================================================================================================================================
Install 1 Package(s)

Total download size: 236 k

SCP command not found.

If you did not install openssh-clients, you might run into that error.

How to enable Telnet in RedHat Linux Enterprise

1. Install Telnet on Red Hat Enterprise Linux

SSH is strongly recommended but just in case if you need Telnet server…

In order to turn Telnet on make sure that you have install the telnet-server and telnet RPMs Code:

yum install telnet-server telnet

Open /etc/xinetd.d/telnet

Code:
vi /etc/xinetd.d/telnet

Make sure that disable = yes is changed to read disable = no.

Code:
disable = no

Type following to enable and start service on port 23:

Code:
chkconfig telnet on
chkconfig xinetd on
service xinetd restart

2. To verify

$ netstat -an | grep 23
tcp 0 0 *:23 Waiting