Scribd Logo
Importer

Bienvenue sur Scribd !

  • SSH Operation and Techniques.v2.0

    Transféré par

    pitchrks19841
    15 vues27 pages
    SSH

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formats disponibles

    PPT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    SSH

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    15 vues27 pages

    SSH Operation and Techniques.v2.0

    Transféré par

    pitchrks19841
    SSH

    Droits d'auteur :

    Attribution Non-Commercial (BY-NC)
    Téléchargez comme PPT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 27

    SSH Operation and Techniques

    The Swiss Army Knife of encryption tools

    SSH Operation and Techniques - 2001-2006 William Stearns

    Overview
    SSH Introduction and Basic Use Copying files Port and X Windows forwarding SSH Keys and installation Ssh-agent Fanout and Fanterm

    SSH Operation and Techniques - 2001-2006 William Stearns

    SSH Features
    Command line terminal connection tool Replacement for rsh, rcp, telnet, and others All traffic encrypted Both ends authenticate themselves to the other end Ability to carry and encrypt non-terminal traffic

    SSH Operation and Techniques - 2001-2006 William Stearns

    Brief History
    SSH.com's SSH1, originally completely free with source code, then license changed with version 1.2.13 SSH.com's SSH2, originally only commercial, but now free for some uses. OpenSSH team took the last free SSH1 release, refixed bugs, added features, and added support for the SSH2 protocol.

    SSH Operation and Techniques - 2001-2006 William Stearns

    Installation
    OpenSSH is included with a number of Linux distributions, and available for a large number of Unices On RPM-based Linuxes: rpm -Uvh openssh*.rpm

    SSH Operation and Techniques - 2001-2006 William Stearns

    Basic use
    ssh SshServerName ssh -l UserName SshServerName ssh SshServerName CommandToRun ssh -v SshServerName Server Host Key checks Uses same login password And if we need to encrypt other traffic?

    SSH Operation and Techniques - 2001-2006 William Stearns

    Securely copying files


    scp scp -p localfile remotemachine:/remotepath/file Prompts for authentication if needed All traffic encrypted Replaces ftp, rcp, file sharing

    SSH Operation and Techniques - 2001-2006 William Stearns

    File synchronization - Rsync


    Rsync copies a tree of files from a master out to a copy on another machine. Can use ssh as its transport. rsync -azv -e ssh /home/wstearns/webtree/ mirror.stearns.org/home/web/

    SSH Operation and Techniques - 2001-2006 William Stearns

    Port Forwarding - real server on remote machine


    I want to listen on port 5110 on this machine; all packets arriving here get sent to mailserver, port 110: ssh -L 5110:mailserver:110 mailserver

    SSH Operation and Techniques - 2001-2006 William Stearns

    Port Forwarding - real server on this machine


    All web traffic to my firewall should be redirected to the web server running on port 8000 on my machine instead: ssh -R 80:MyMachine:8000 firewall

    SSH Operation and Techniques - 2001-2006 William Stearns

    10

    X Windows forwarding
    No setup - already done! Run the X Windows application in the terminal window: xclock & The screen display shows up on your computer, and any keystrokes and mouse movements are sent back, all encrypted.

    SSH Operation and Techniques - 2001-2006 William Stearns

    11

    Packet forwarding VPNs


    Tunnel packets over the SSH connection Connects to a virtual network device on both ends Openssh 4.3 and higher

    SSH Operation and Techniques - 2001-2006 William Stearns

    12

    SSH key background


    Old way: password stored on server, user supplied password compared to stored version New way: private key kept on client, public key stored on server.

    SSH Operation and Techniques - 2001-2006 William Stearns

    13

    SSH key creation


    General command: ssh-keygen -b 1024 -c 'Comment' -f ~/.ssh/identity_file Different forms for each of the SSH flavors Assign a hard-to-guess passphrase to the private key during creation. Key can be used for multiple servers

    SSH Operation and Techniques - 2001-2006 William Stearns

    14

    SSH key installation


    3 versions of ssh: interoperability is good, but poorly documented ssh-keyinstall utility automates the creation and installation 'ssh-keyinstall -s SshServerName' creates keys, if needed, and installs them on the remote server Need password during key install only

    SSH Operation and Techniques - 2001-2006 William Stearns

    15

    Using SSH keys


    ssh SshServerName Ssh -l UserName SshServerName ssh SshServerName CommandToRun Ssh -v SshServerName

    SSH Operation and Techniques - 2001-2006 William Stearns

    16

    ssh-agent
    Remembers your private key(s) Other applications can ask ssh-agent to authenticate you automatically. Unattended remote sessions. Should already be running in the background ssh-add [KeyName]

    SSH Operation and Techniques - 2001-2006 William Stearns

    17

    Fanout
    Runs command on multiple machines by opening separate ssh session to each fanout 'machine1 machine2 user@machine3' 'command params' Gives organized output from each machine

    SSH Operation and Techniques - 2001-2006 William Stearns

    18

    Fanterm live control of multiple machines


    Fanterm provides interactive control of multiple remote systems. Initial window receives keystrokes. Keystrokes sent to each remote system. Output from each system shows up in a seperate terminal.

    SSH Operation and Techniques - 2001-2006 William Stearns

    19

    SSH Operation and Techniques - 2001-2006 William Stearns

    20

    Fanqueue the next generation


    Queue commands to be run on a group of machines Handles case where a machine is unavailable Allows new machines to be added later

    SSH Operation and Techniques - 2001-2006 William Stearns

    21

    Rsync-backup
    Rsync-backup automates the process of backing up machines with rsync and ssh. Features: Only changed data shipped All permissions preserved All communication encrypted Unlimited snapshots Use <= 2X-4X combined client capacity

    SSH Operation and Techniques - 2001-2006 William Stearns

    22

    Rsync-backup client install


    Install ssh, rsync, and rsync-backup-client rpms (see http://www.stearns.org ) Install ssh-keyinstall on client to create a backup key with ssh-keyinstall -s backupserver -u root -c /usr/sbin/rsync-backup-server

    SSH Operation and Techniques - 2001-2006 William Stearns

    23

    Rsync-backup server install


    Install ssh, freedups, rsync-static, and rsyncbackup-server rpms Turn off password authentication in /etc/ssh/sshd_config

    SSH Operation and Techniques - 2001-2006 William Stearns

    24

    Rsync-backup examples
    Examples of backup commands: rsync-backup-client / root@backupserver:/ rsync-backup-client /usr /home/gbk root@backupserver:/

    SSH Operation and Techniques - 2001-2006 William Stearns

    25

    Links and references


    http://www.vandyke.com http://www.ssh.com http://www.openssh.org SSH, The Secure Shell, The Definitive Guide ssh-keyinstall, fanout, rsync-backup, freedups and other apps at http://www.stearns.org

    SSH Operation and Techniques - 2001-2006 William Stearns

    26

    More links
    Docs at http://www.stearns.org/doc/ http://www.employees.org/~satch/ssh/faq/sshfaq.html http://htp://rsync.samba.org William Stearns wstearns@pobox.com

    SSH Operation and Techniques - 2001-2006 William Stearns

    27

    Vous aimerez peut-être aussi