📝 Update Phase 1 & 2 with Alpine-specific fixes (ash vs bash, rsync install, SSH key details)
This commit is contained in:
@@ -68,28 +68,53 @@ uname -r # Kernel version
|
|||||||
## 🎯 Exercise 3 — File Permissions
|
## 🎯 Exercise 3 — File Permissions
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Check permissions
|
# Step 1 — Check current permissions
|
||||||
ls -la /root/lab/notes/
|
|
||||||
ls -la /root/lab/
|
ls -la /root/lab/
|
||||||
|
|
||||||
# Change permissions
|
# Step 2 — Understand the columns
|
||||||
chmod 644 /root/lab/notes/hello.txt
|
# -rw-r--r-- 1 root root 20 May 21 file
|
||||||
chmod 755 /root/lab/scripts
|
# ─┬─ ─┬─ ─── permissions, owner, group, size, date, name
|
||||||
|
# │ └── user/group/other (r=read, w=write, x=execute)
|
||||||
|
# └── file type (-=file, d=directory)
|
||||||
|
|
||||||
# Create a script
|
# Step 3 — Create a script
|
||||||
|
# ⚠️ Alpine uses ash, NOT bash! Use #!/bin/sh
|
||||||
|
mkdir -p /root/lab/scripts
|
||||||
echo '#!/bin/sh' > /root/lab/scripts/sayhello.sh
|
echo '#!/bin/sh' > /root/lab/scripts/sayhello.sh
|
||||||
echo 'echo "Hello from a script!"' >> /root/lab/scripts/sayhello.sh
|
echo 'echo "Hello from a script!"' >> /root/lab/scripts/sayhello.sh
|
||||||
|
# 🔴 If you use #!/bin/bash it will say "not found"!
|
||||||
|
|
||||||
|
# Step 4 — Check permissions before making it executable
|
||||||
|
ls -la /root/lab/scripts/sayhello.sh
|
||||||
|
# Try to run it — should fail (no +x)
|
||||||
|
./root/lab/scripts/sayhello.sh || echo "Failed! Need +x permission"
|
||||||
|
|
||||||
|
# Step 5 — Add execute permission
|
||||||
chmod +x /root/lab/scripts/sayhello.sh
|
chmod +x /root/lab/scripts/sayhello.sh
|
||||||
|
ls -la /root/lab/scripts/sayhello.sh
|
||||||
./root/lab/scripts/sayhello.sh
|
./root/lab/scripts/sayhello.sh
|
||||||
|
|
||||||
# Test permissions
|
# Step 6 — Change permissions with numeric mode
|
||||||
|
chmod 644 /root/lab/scripts/sayhello.sh
|
||||||
|
ls -la /root/lab/scripts/sayhello.sh
|
||||||
|
|
||||||
|
# Step 7 — Remove execute permission
|
||||||
chmod -x /root/lab/scripts/sayhello.sh
|
chmod -x /root/lab/scripts/sayhello.sh
|
||||||
./root/lab/scripts/sayhello.sh # What happens?
|
./root/lab/scripts/sayhello.sh || echo "Permission denied!"
|
||||||
|
|
||||||
|
# Step 8 — Work with directories (need +x to enter)
|
||||||
|
mkdir -p /root/lab/secret
|
||||||
|
echo "classified" > /root/lab/secret/data.txt
|
||||||
|
chmod 700 /root/lab/secret
|
||||||
|
ls -la /root/lab/ | grep secret
|
||||||
|
ls /root/lab/secret
|
||||||
```
|
```
|
||||||
|
|
||||||
### 📝 Questions:
|
### 📝 Questions:
|
||||||
1. What do the numbers `644`, `755`, and `+x` mean?
|
1. What does `ls -la` show? Describe each column.
|
||||||
2. What happens when you remove execute permission from a script?
|
2. What does `+x`, `-x`, `644`, `755`, `700` mean?
|
||||||
|
3. Why does a script need `+x` but `cat file.txt` doesn't?
|
||||||
|
4. Why does a directory need `+x` to be accessible?
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
# 🌐 Phase 2: Networking
|
# 🌐 Phase 2: Networking
|
||||||
|
|
||||||
> Goal: Machines communicate — ping, SSH, file transfers
|
> Goal: Machines communicate — ping, SSH, file transfers, services
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@@ -18,50 +18,76 @@ ping -c 4 10.0.1.1 # From alpine-2 → alpine-1
|
|||||||
# Check ARP table
|
# Check ARP table
|
||||||
ip neigh
|
ip neigh
|
||||||
|
|
||||||
# Advanced network tools
|
# tcpdump (packet capture) — Alpine needs install first
|
||||||
ip addr # All interfaces
|
apk add tcpdump
|
||||||
ip route # Routing table
|
tcpdump -i eth0 -c 5 icmp &
|
||||||
traceroute 10.0.1.2 # Path between VMs
|
ping -c 3 10.0.1.2
|
||||||
```
|
```
|
||||||
|
|
||||||
### 📝 Questions:
|
### 📝 Questions:
|
||||||
1. What's the MAC address of the other VM?
|
1. What's the MAC address of the other VM?
|
||||||
2. Can you ping alpine-hop (10.0.1.3) from alpine-1?
|
2. Can you ping alpine-hop (10.0.1.3) from alpine-1?
|
||||||
|
3. What subnet are you on? How many usable hosts?
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 🎯 Exercise 2 — SSH Keys
|
## 🎯 Exercise 2 — SSH Keys
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Generate an SSH key
|
# Step 1 — Generate an SSH key pair
|
||||||
ssh-keygen -t ed25519
|
ssh-keygen -t ed25519
|
||||||
|
# Press Enter for all prompts (no passphrase)
|
||||||
|
|
||||||
# Copy to the other VM
|
# Step 2 — What just got created?
|
||||||
|
ls -la ~/.ssh/
|
||||||
|
# id_ed25519 ← your PRIVATE key (NEVER share this!)
|
||||||
|
# id_ed25519.pub ← your PUBLIC key (safe to share)
|
||||||
|
|
||||||
|
# Step 3 — Copy your public key to alpine-2
|
||||||
ssh-copy-id root@10.0.1.2
|
ssh-copy-id root@10.0.1.2
|
||||||
|
# Enter root password for alpine-2 when prompted
|
||||||
|
|
||||||
# Test passwordless login
|
# Step 4 — Test passwordless login!
|
||||||
ssh root@10.0.1.2 'hostname; uptime'
|
ssh root@10.0.1.2 'hostname; uptime'
|
||||||
|
# Should work WITHOUT asking for a password 🎉
|
||||||
|
|
||||||
|
# Step 5 — See what ssh-copy-id did
|
||||||
|
ssh root@10.0.1.2 'cat ~/.ssh/authorized_keys'
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### 💡 How it works
|
||||||
|
Your public key is appended to `~/.ssh/authorized_keys` on the target. When you SSH, the server checks if you have the matching **private key** — no password needed! 🔑
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 🎯 Exercise 3 — File Transfer
|
## 🎯 Exercise 3 — File Transfer (SCP & RSYNC)
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# SCP (secure copy)
|
# SCP — single files
|
||||||
echo "Secret message" > /root/secret.txt
|
echo "CCNA study notes" > /root/study.txt
|
||||||
scp /root/secret.txt root@10.0.1.2:/root/
|
scp /root/study.txt root@10.0.1.2:/root/
|
||||||
|
|
||||||
# RSYNC (sync directories)
|
# Verify
|
||||||
|
ssh root@10.0.1.2 'cat /root/study.txt'
|
||||||
|
|
||||||
|
# RSYNC — directories (need to install on Alpine)
|
||||||
|
apk add rsync
|
||||||
rsync -av /root/lab/ root@10.0.1.2:/root/lab-backup/
|
rsync -av /root/lab/ root@10.0.1.2:/root/lab-backup/
|
||||||
|
|
||||||
|
# Verify the backup
|
||||||
|
ssh root@10.0.1.2 'ls -la /root/lab-backup/'
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### 📝 Questions:
|
||||||
|
1. What's the difference between `scp` and `rsync`?
|
||||||
|
2. What does the `-a` flag in `rsync -av` mean? (hint: check `man rsync`)
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 🎯 Exercise 4 — Network Services
|
## 🎯 Exercise 4 — Network Services
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Check listening ports
|
# Check what's listening on your VM
|
||||||
ss -tlnp
|
ss -tlnp
|
||||||
|
|
||||||
# Start a simple HTTP server on alpine-1
|
# Start a simple HTTP server on alpine-1
|
||||||
@@ -70,16 +96,33 @@ python3 -m http.server 8080 &
|
|||||||
# Access it from alpine-2
|
# Access it from alpine-2
|
||||||
curl http://10.0.1.1:8080/
|
curl http://10.0.1.1:8080/
|
||||||
|
|
||||||
# Kill the server
|
# See the connection in your server logs
|
||||||
|
# Kill the server when done
|
||||||
kill %1
|
kill %1
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
## 🎯 Bonus: CCNA Challenge
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# From alpine-1, can you SSH to alpine-hop?
|
||||||
|
ssh root@10.0.1.3
|
||||||
|
|
||||||
|
# Check the routing table
|
||||||
|
ip route
|
||||||
|
|
||||||
|
# Why can alpine-1 reach alpine-hop (10.0.1.3)?
|
||||||
|
# Why can't alpine-1 reach the internet?
|
||||||
|
```
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
## ✅ Phase 2 Checklist
|
## ✅ Phase 2 Checklist
|
||||||
- [ ] Ping between VMs
|
|
||||||
- [ ] SSH key-based auth
|
- [ ] Ping and ARP (`ip neigh`)
|
||||||
|
- [ ] SSH key generation and passwordless login
|
||||||
- [ ] File transfer with `scp` / `rsync`
|
- [ ] File transfer with `scp` / `rsync`
|
||||||
- [ ] Network services
|
- [ ] Running a network service
|
||||||
|
|
||||||
**Previous:** [[Phase 1 - Walking]] | **Next:** [[Phase 3 - Users and Files]]
|
**Previous:** [[Phase 1 - Walking]] | **Next:** [[Phase 3 - Users and Files]]
|
||||||
|
|||||||
Reference in New Issue
Block a user