Chapter
This presentation is the property of its rightful owner.
Sponsored Links
1 / 29

Chapter 16 Remote Connectivity PowerPoint PPT Presentation


  • 102 Views
  • Uploaded on
  • Presentation posted in: General

Chapter 16 Remote Connectivity. Objectives. Explain : telnet rsh ssh Configure FTP. Telnet. Telnet is used to communicate to a host through telnet protocol on default port 23 It operates on client/server basic. The client requires an account on the server to login

Download Presentation

Chapter 16 Remote Connectivity

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Chapter 16 remote connectivity

Chapter16

Remote Connectivity


Objectives

Objectives

  • Explain :

    telnet

    rsh

    ssh

  • Configure FTP


Telnet

Telnet

  • Telnet is used to communicate to a host through telnet protocol on default port 23

  • It operates on client/server basic. The client requires an account on the server to login

  • Most telnet servers will not allow you login as root because of security. You can login as normal user and su to root


Telnet1

Telnet

  • telnet is insecure protocol : username and password send from client to server across network in clear text

  • why people still use it ? - telnet can be used for debugging text based protocol : HTTP, SMTP and POP


Relevant file telnetrc

Relevant File - ~/.telnetrc

  • When users has .telnetrc file in their home directories, telnet will execute the commands listed in this file.

    # this is a comment

    saigonctt send ayt

    DEFAULT environ export USER


Telnet commands

Telnet Commands

  • Command Format :

    telnet [IP address|host name] [port]

  • If telnet is executed without options, it will be started in command mode with prompt “telnet>”

  • You can change to command mode by “Ctrl-]” after connected.


Telnet commands1

Telnet Commands

?, h, helpLists commands with description

<command> ?More information of command (arg)

open <IP address>Open connection to the IP address or host name

close = quitTerminates connection from client

logoutRequests server to terminate the connection

sendSend a special character sequence to the server

statusA brief status report of telnet

( See #man telnet for more commands )


The r commands

The r Commands

  • There are 3 programs :

    rloginRemote login

    rshRemote shell executes command

    rcpRemote copy

  • Password NOT required if following files are configured:

    /etc/hosts.equiv (system-wide)

    $HOME/.rhosts (per-user)

    ( Entry : [+|-] [hostname] [username] )


The r commands1

The r Commands

  • rlogin :similar to telnet

    rlogin [-l username] <hostname>

  • rsh : executes cmd on remote host

    rsh [-l username] <hostname> <cmd>

    Shell meta-characters can be used in <cmd> To have rsh interpret the meta-characters on remote machine, put `quotation mark around them. If not quotes,meta-characters are interpreted on local machine :

    # rsh –l minh saigonctt “cat ~/file” > local_file

    # rsh –l minh saigonctt “cat ~/file” “>” remote_file


The r commands2

The r Commands

  • rcp : copy files between machines

    rcp <dir> <remote username>@<hostname>:<dir>

    rcp <remote username>@<hostname>:<dir> <dir>

  • Example :

    rcp /home/file [email protected]:/backup

    rcp [email protected]:/backup/file/home

    rcp -r /etc [email protected]:/backup/etc

    rcp –p /etc [email protected]:/backup/etc


Security of r commands

Security of r Commands

  • centers around the idea of trusted users and hosts , NOT password authentication.

    • Trusted hosts are also known as equivalent hosts

    • If NOhosts.equiv is present, NO hosts are trusted

    • The .rhosts file is used to control access to an individual user account

    • It grant/denies password-free access to an individual user account by means of .rhosts

    • hosts.equiv does NOT work with root account but .rhosts does


Ssh secure shell

SSH – Secure Shell

  • SSH originally authored by Tatu Ylonen in Finland, replacement for telnet, rlogin, rsh, rcp

  • Everything SSH send across network is encrypted. SSH has become de-factor standard for remote connection

  • SSH can hanlde X connection


Ssh features

SSH Features

  • Strong authentication with RSA, SecurID, S/Key, Kerberos and TIS

  • Secure X11 sessions

  • Arbitrary TCP/IP ports can be redirect through the encrypted channel in both directions

  • For forwarding, ssh captures on port 6010

  • Optional compression of all data with gzip

  • Complete replacement for rlogin, rsh, rcp


Component of ssh1

Component of SSH1

sshd Server

sshClient

scpSercure copy files, replaces rcp

ssh-keygenCreates RSA keys (host key and authentication keys)

ssh-agentAuthetication agent, used to hold RSA keys for authentication

ssh-addUsed to register new key with the agent

make-ssh-known-hostsUsed to create /etc/ssh/ssh_known_hosts file


Component of ssh2

Component of SSH2

sshd2 Server

ssh2Client

sftp-server2 SFTP Server (executed by sshd2)

sftp2SFTP Client (need ssh2)

scp2Sercure copy files, replaces rcp


Component of ssh21

Component of SSH2

ssh-keygen2The utility for generating keys

ssh-agent2Authetication agent, used to hold RSA keys for authentication

ssh-add2Add identifier to the authentication agent

ssh-askpass2X11 utility for querying password


Ssh2 changes

SSH2 Changes

  • SSH has been 98% rewritten

  • Supports other key-exchange methods besides RSA : Diffie-Hellman key exchange

  • Supports for DSA and other public key algorithms besides RSA


Ssh2 changes1

SSH2 Changes

  • New added features : sftp , the secure file transfer protocol

  • More secure and allows integration into public key infrastrures

  • Supports “subsystems”, platform-independent module, built-in SOCKS, …


Install ssh1 from openssh

Install SSH1 – from OpenSSH

  • Because of legal reasons, SSH is not included by default in Linux. You can download and install from source code or from OpenSSH

  • OpenSSH suite includes :

    • ssh (replaces telnet and rlogin)

    • scp (replaces rcp)

    • sftp (replaces ftp)


Install ssh1 from openssh1

Install SSH1 – from OpenSSH

  • Server :openssh-server-xxx.rpm

    (sshd, sshd_config, sftp-server, ...)

  • Client : openssh-clients-xxx.rpm

    (ssh, ssh_config, sftp, ...)

  • Addtion tools : openssh-xxx.rpm

    (scp, ssh-keygen, ...)


Configure ssh1

Configure SSH1

  • Configure files :

    Server : /etc/ssh/sshd_config

    Client : /etc/ssh/ssh_config

    These file contains keyword-value pairs, one per line, use ‘#’ as comment. Keyword are case sensitive :

    # more /etc/ssh/sshd_config

    Port22

    ListenAddress0.0.0.0

    PermitRootLogin yes

    IgnoreRhosts yes

    RhostsAuthentication no

    RSAAuthentication yes

    PasswordAuthentication yes

    ...


File transfer ftp

File Transfer - ftp

  • ftp (file transfer protocol) provides service for file transfer from/to your computer.

  • All Linux distributions offer the wu-ftpd program, which is ftp daemon developed at Washington University.

  • wu-ftpd is the most common daemon on the Internet


Ftp relevant files

FTP – Relevant Files

  • /etc/ftpaccess

  • /etc/ftphosts

  • /etc/ftpusers

  • /etc/ftpconversion


Etc ftpaccess

/etc/ftpaccess

  • It’s main configuration file

    class all real,guest,anonymous *

    email [email protected]

    loginfails 5

    message /welcome.msg login

    message .message cwd=*

    compress yes all

    tar yes all

    chmod no guest,anonymous

    delete no anonymous

    rename no anonymous


Etc ftphosts

/etc/ftphosts

  • It’s used to allow or deny access to certain accounts from various hosts.

    allow henry10.1.2.3

    denyfredexample.org 10.2.3.*


Etc ftpusers

/etc/ftpusers

  • It contains login names of users who are NOT allow to login to your system

    root

    bin

    daemon

    adm

    lp

    mail

    news

    uucp


Proftpd

Proftpd

  • It’s another powerful ftp server, not popular as wu-ftpd but easier to configure and more secure.

  • It can run as stand-alone server or from inetd

  • Relevant files :

    /usr/sbin/in.proftpd: server daemon

    /etc/proftpd.conf: main configuration file


Etc proftpd conf

/etc/proftpd.conf


Chapter 16 remote connectivity

The End


  • Login