Notable Changes in Red Hat 9.0 Every System Admin Should Know

This article provides an overview of changes in RHEL 9 since RHEL 8 to help you evaluate an upgrade to RHEL 9.


RHEL 9 does not contain the legacy network scripts

RHEL 9 does not contain the network-scripts package that provided the deprecated legacy network scripts in RHEL 8. To configure network connections in RHEL 9, use NetworkManager. For details, see the Configuring and managing networking documentation.


NetworkManager stores new network configurations in a key file format

Previously, NetworkManager stored new network configurations to /etc/sysconfig/network-scripts/ in the ifcfg format. Starting with RHEL 9.0, RHEL stores new network configurations at /etc/NetworkManager/system-connections/ in a key file format. The connections for which the configurations are stored to /etc/sysconfig/network-scripts/ in the old format still work uninterrupted. Modifications in existing profiles continue updating the older files.


Network teams are deprecated

The teamd service and the libteam library are deprecated in Red Hat Enterprise Linux 9 and will be removed in the next major release. As a replacement, configure a bond instead of a network team.

Red Hat focuses its efforts on kernel-based bonding to avoid maintaining two features, bonds and teams, that have similar functions. The bonding code has a high customer adoption, is robust, and has an active community development. As a result, the bonding code receives enhancements and updates.

For details about how to migrate a team to a bond, see Migrating a network team configuration to network bond.


virt-who now uses /etc/virt-who.conf for global options instead of /etc/sysconfig/virt-who

In RHEL 9, the global options for the virt-who utility on your system are stored in the /etc/virt-who.conf file. Therefore, the /etc/sysconfig/virt-who file is not being used any more, and has been removed.


Support for disabling SELinux through /etc/selinux/config has been removed

With this release, support for disabling SELinux through the SELINUX=disabled option in the /etc/selinux/config file has been removed from the kernel. When you disable SELinux only through /etc/selinux/config, the system starts with SELinux enabled but with no policy loaded.


The dump utility from the dump package has been removed

The dump utility used for backup of file systems has been deprecated in Red Hat Enterprise Linux 8 and is not available in RHEL 9.

In RHEL 9, Red Hat recommends using the tar, or dd as a backup tool for ext2, ext3, and ext4 file systems. The dump utility will be a part of the EPEL 9 repository.

Note that the restore utility from the dump package remains available and supported in RHEL 9 and is available as the restore package.


OpenSSH root password login disabled by default

The default configuration of OpenSSH in RHEL 9 disallows users to log in as root with a password to prevent attackers from gaining access through brute-force attacks on passwords.


SCP not supported in RHEL 9

The secure copy protocol (SCP) protocol is no longer supported because it is difficult to secure. It has already caused security issues, for example CVE-2020-15778. In RHEL 9, SCP is replaced by the SSH File Transfer Protocol (SFTP) by default.


By default, SSH cannot connect from RHEL 9 systems to older systems (for example, RHEL 6) or from older systems to RHEL 9. This is because the cryptographic algorithms used in older versions are now considered insecure. If your scenario requires connecting with older systems, you can either use the ECDSA and ECDH algorithms as keys on the legacy system or use the legacy cryptographic policy on the RHEL 9 system. For additional details, see the solutions SSH from RHEL 9 to RHEL 6 systems does not work and Failed connection with SSH servers and clients that do not support the ‘server-sig-algs’ extension.