Chapter
Download
1 / 29

Chapter 16 Remote Connectivity - PowerPoint PPT Presentation


  • 161 Views
  • Uploaded on

Chapter 16 Remote Connectivity. Objectives. Explain : telnet rsh ssh Configure FTP. Telnet. Telnet is used to communicate to a host through telnet protocol on default port 23 It operates on client/server basic. The client requires an account on the server to login

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Chapter 16 Remote Connectivity' - gloria-mcintosh


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Chapter16

Remote Connectivity


Objectives
Objectives

  • Explain :

    telnet

    rsh

    ssh

  • Configure FTP


Telnet
Telnet

  • Telnet is used to communicate to a host through telnet protocol on default port 23

  • It operates on client/server basic. The client requires an account on the server to login

  • Most telnet servers will not allow you login as root because of security. You can login as normal user and su to root


Telnet1
Telnet

  • telnet is insecure protocol : username and password send from client to server across network in clear text

  • why people still use it ? - telnet can be used for debugging text based protocol : HTTP, SMTP and POP


Relevant file telnetrc
Relevant File - ~/.telnetrc

  • When users has .telnetrc file in their home directories, telnet will execute the commands listed in this file.

    # this is a comment

    saigonctt send ayt

    DEFAULT environ export USER


Telnet commands
Telnet Commands

  • Command Format :

    telnet [IP address|host name] [port]

  • If telnet is executed without options, it will be started in command mode with prompt “telnet>”

  • You can change to command mode by “Ctrl-]” after connected.


Telnet commands1
Telnet Commands

?, h, help Lists commands with description

<command> ? More information of command (arg)

open <IP address> Open connection to the IP address or host name

close = quit Terminates connection from client

logout Requests server to terminate the connection

send Send a special character sequence to the server

status A brief status report of telnet

( See #man telnet for more commands )


The r commands
The r Commands

  • There are 3 programs :

    rlogin Remote login

    rsh Remote shell executes command

    rcp Remote copy

  • Password NOT required if following files are configured:

    /etc/hosts.equiv (system-wide)

    $HOME/.rhosts (per-user)

    ( Entry : [+|-] [hostname] [username] )


The r commands1
The r Commands

  • rlogin : similar to telnet

    rlogin [-l username] <hostname>

  • rsh : executes cmd on remote host

    rsh [-l username] <hostname> <cmd>

    Shell meta-characters can be used in <cmd> To have rsh interpret the meta-characters on remote machine, put `quotation mark around them. If not quotes,meta-characters are interpreted on local machine :

    # rsh –l minh saigonctt “cat ~/file” > local_file

    # rsh –l minh saigonctt “cat ~/file” “>” remote_file


The r commands2
The r Commands


Security of r commands
Security of r Commands

  • centers around the idea of trusted users and hosts , NOT password authentication.

    • Trusted hosts are also known as equivalent hosts

    • If NOhosts.equiv is present, NO hosts are trusted

    • The .rhosts file is used to control access to an individual user account

    • It grant/denies password-free access to an individual user account by means of .rhosts

    • hosts.equiv does NOT work with root account but .rhosts does


Ssh secure shell
SSH – Secure Shell

  • SSH originally authored by Tatu Ylonen in Finland, replacement for telnet, rlogin, rsh, rcp

  • Everything SSH send across network is encrypted. SSH has become de-factor standard for remote connection

  • SSH can hanlde X connection


Ssh features
SSH Features

  • Strong authentication with RSA, SecurID, S/Key, Kerberos and TIS

  • Secure X11 sessions

  • Arbitrary TCP/IP ports can be redirect through the encrypted channel in both directions

  • For forwarding, ssh captures on port 6010

  • Optional compression of all data with gzip

  • Complete replacement for rlogin, rsh, rcp


Component of ssh1
Component of SSH1

sshd Server

ssh Client

scp Sercure copy files, replaces rcp

ssh-keygen Creates RSA keys (host key and authentication keys)

ssh-agent Authetication agent, used to hold RSA keys for authentication

ssh-add Used to register new key with the agent

make-ssh-known-hosts Used to create /etc/ssh/ssh_known_hosts file


Component of ssh2
Component of SSH2

sshd2 Server

ssh2 Client

sftp-server2 SFTP Server (executed by sshd2)

sftp2 SFTP Client (need ssh2)

scp2 Sercure copy files, replaces rcp


Component of ssh21
Component of SSH2

ssh-keygen2 The utility for generating keys

ssh-agent2 Authetication agent, used to hold RSA keys for authentication

ssh-add2 Add identifier to the authentication agent

ssh-askpass2 X11 utility for querying password


Ssh2 changes
SSH2 Changes

  • SSH has been 98% rewritten

  • Supports other key-exchange methods besides RSA : Diffie-Hellman key exchange

  • Supports for DSA and other public key algorithms besides RSA


Ssh2 changes1
SSH2 Changes

  • New added features : sftp , the secure file transfer protocol

  • More secure and allows integration into public key infrastrures

  • Supports “subsystems”, platform-independent module, built-in SOCKS, …


Install ssh1 from openssh
Install SSH1 – from OpenSSH

  • Because of legal reasons, SSH is not included by default in Linux. You can download and install from source code or from OpenSSH

  • OpenSSH suite includes :

    • ssh (replaces telnet and rlogin)

    • scp (replaces rcp)

    • sftp (replaces ftp)


Install ssh1 from openssh1
Install SSH1 – from OpenSSH

  • Server : openssh-server-xxx.rpm

    (sshd, sshd_config, sftp-server, ...)

  • Client : openssh-clients-xxx.rpm

    (ssh, ssh_config, sftp, ...)

  • Addtion tools : openssh-xxx.rpm

    (scp, ssh-keygen, ...)


Configure ssh1
Configure SSH1

  • Configure files :

    Server : /etc/ssh/sshd_config

    Client : /etc/ssh/ssh_config

    These file contains keyword-value pairs, one per line, use ‘#’ as comment. Keyword are case sensitive :

    # more /etc/ssh/sshd_config

    Port 22

    ListenAddress 0.0.0.0

    PermitRootLogin yes

    IgnoreRhosts yes

    RhostsAuthentication no

    RSAAuthentication yes

    PasswordAuthentication yes

    ...


File transfer ftp
File Transfer - ftp

  • ftp (file transfer protocol) provides service for file transfer from/to your computer.

  • All Linux distributions offer the wu-ftpd program, which is ftp daemon developed at Washington University.

  • wu-ftpd is the most common daemon on the Internet


Ftp relevant files
FTP – Relevant Files

  • /etc/ftpaccess

  • /etc/ftphosts

  • /etc/ftpusers

  • /etc/ftpconversion


Etc ftpaccess
/etc/ftpaccess

  • It’s main configuration file

    class all real,guest,anonymous *

    email [email protected]

    loginfails 5

    message /welcome.msg login

    message .message cwd=*

    compress yes all

    tar yes all

    chmod no guest,anonymous

    delete no anonymous

    rename no anonymous


Etc ftphosts
/etc/ftphosts

  • It’s used to allow or deny access to certain accounts from various hosts.

    allow henry 10.1.2.3

    deny fred example.org 10.2.3.*


Etc ftpusers
/etc/ftpusers

  • It contains login names of users who are NOT allow to login to your system

    root

    bin

    daemon

    adm

    lp

    mail

    news

    uucp


Proftpd
Proftpd

  • It’s another powerful ftp server, not popular as wu-ftpd but easier to configure and more secure.

  • It can run as stand-alone server or from inetd

  • Relevant files :

    /usr/sbin/in.proftpd : server daemon

    /etc/proftpd.conf : main configuration file




ad