1 / 27

suse linux enterprise server administration course 3037

SUSE Linux Enterprise Server Administration (Course 3037). 2. Objectives. Provide Secure Remote Access with OpenSSHEnable Remote Administration with YaSTConfigure a Network Installation . SUSE Linux Enterprise Server Administration (Course 3037). 3. Provide Secure Remote Access with OpenSSH. ObjectivesCryptography BasicsSSH Features and ArchitectureHow to Configure the SSH ClientSSH Client CommandsHow to Configure the SSH ServerSSH Server CommandsPublic Key Authentication Management.

MikeCarlo
Download Presentation

suse linux enterprise server administration course 3037

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access

    2. SUSE Linux Enterprise Server Administration (Course 3037) 2

    3. SUSE Linux Enterprise Server Administration (Course 3037) 3 Provide Secure Remote Access with OpenSSH Objectives Cryptography Basics SSH Features and Architecture How to Configure the SSH Client SSH Client Commands How to Configure the SSH Server SSH Server Commands Public Key Authentication Management

    4. SUSE Linux Enterprise Server Administration (Course 3037) 4 Cryptography Basics Symmetric encryption Same key is used for encryption and decryption Key should be protected Helps with high-speed transmission Key length is very important Technologies DES (Data Encryption Standard) 3DES (Triple DES) IDEA Blowfish AES (Advanced Encryption Standard)

    5. SUSE Linux Enterprise Server Administration (Course 3037) 5 Cryptography Basics (continued) Asymmetric encryption Symmetric encryption problem Securely transmitting the key Uses two keys (private and public keys) One is used for encryption and the other for decryption Low-speed data transmission Both techniques are often combined Key for symmetric encryption is transmitted over an asymmetrically encrypted channel Techniques RSA, DSA, Diffie-Hellman

    6. SUSE Linux Enterprise Server Administration (Course 3037) 6 SSH Features and Architecture SSH features Basic functionality Login from a remote host Interactive or noninteractive command execution on remote hosts Copying files between different network hosts High-performance authentication and cryptographically secured communication on nonsecure networks Automatic and transparent encryption of all communication Complete substitution of “r” utilities: rlogin, rsh, and rcp Port forwarding Tunneling

    7. SUSE Linux Enterprise Server Administration (Course 3037) 7 SSH Features and Architecture (continued) SSH features (continued) Special features Prevent security loopholes through IP, routing, and DNS spoofing You can control the client by using system-wide and user-based configuration files You can transmit any type of binary data between hosts Optional support for compressing data is also available There are up to six procedures available from the client for server authentication

    8. SUSE Linux Enterprise Server Administration (Course 3037) 8 SSH Features and Architecture (continued) SSH protocol versions Protocol version 1 (SSH1) Protocol version 2 (SSH2) SSH1 does not ensure the integrity of a connection Insertion attack HMAC (Keyed-Hash Message Authentication Code) Guarantees integrity of a connection

    9. SUSE Linux Enterprise Server Administration (Course 3037) 9 SSH Features and Architecture (continued)

    10. SUSE Linux Enterprise Server Administration (Course 3037) 10 SSH Features and Architecture (continued)

    11. SUSE Linux Enterprise Server Administration (Course 3037) 11 SSH Features and Architecture (continued)

    12. SUSE Linux Enterprise Server Administration (Course 3037) 12 SSH Features and Architecture (continued) SSH authentication mechanism configuration Client checks if public host key of the server really belongs to the server SSH currently does not use any directory services Or any certificates Random key pair can be easily created by anyone Client “learns” server public host key Server side mechanisms to authenticate clients Host-based authentication Authentication is based on configuration files /etc/hosts.equiv or /etc/, shosts.equiv, and/or ~/.rhosts or ~/.shosts

    13. SUSE Linux Enterprise Server Administration (Course 3037) 13 SSH Features and Architecture (continued) SSH authentication mechanism configuration (continued) Server side mechanisms to authenticate clients (continued) Host-based RSA authentication Public keys of clients are saved on server in the files ~/.ssh/known_hosts and /etc/ssh/ssh_known_hosts Public key (RSA/DSA) authentication User proves knowledge of his private key through a challenge-response procedure Password authentication Takes place through a UNIX user password Transfer of the password is encrypted

    14. SUSE Linux Enterprise Server Administration (Course 3037) 14 SSH Features and Architecture (continued) SSH authentication mechanism configuration (continued) After successful authentication A work environment is created on the server Initialization routines are processed Parameter X11 Forwarding Determines whether or not graphical output is forwarded by default SSH server configuration file /etc/ssh/sshd_config

    15. SUSE Linux Enterprise Server Administration (Course 3037) 15 How to Configure the SSH Client SSH client configuration file /etc/ssh/ssh_config Each user can edit his individual settings In the file ~/.ssh/config StrictHostKeyChecking option Prevents client from simply entering new keys From unknown servers without checking Three values: yes, no, and ask (default)

    16. SUSE Linux Enterprise Server Administration (Course 3037) 16 SSH Client Commands

    17. SUSE Linux Enterprise Server Administration (Course 3037) 17 How to Configure the SSH Server Configuration file /etc/ssh/sshd_config

    18. SUSE Linux Enterprise Server Administration (Course 3037) 18 How to Configure the SSH Server (continued)

    19. SUSE Linux Enterprise Server Administration (Course 3037) 19 SSH Server Commands

    20. SUSE Linux Enterprise Server Administration (Course 3037) 20 Public Key Authentication Management Public key authentication process Client informs server of which public key is being used for authentication Server checks to see if the public key is known Server encrypts a random number using the public key and transfers this to the client Client decrypts random number with its private key Client sends the server an MD5 checksum that has calculated from the number Server also calculates a checksum and, if they are identical, the user has authenticated successfully

    21. SUSE Linux Enterprise Server Administration (Course 3037) 21 Public Key Authentication Management (continued) How to create a key pair Use command ssh-keygen A different key is required for SSH1 than for SSH2 Use option -t keytype to specify the type of key Keys are stored in the files ~/.ssh/identity (private key) ~/.ssh/identity.pub (public key) Command ssh-keygen -t rsa Generates an RSA key pair Keys are stored in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub

    22. SUSE Linux Enterprise Server Administration (Course 3037) 22 Public Key Authentication Management (continued) How to configure and use public key authentication Authentication using RSA or DSA keys Copy public key to the server Append the public key to file ~/.ssh/authorized_keys Example: scp .ssh/id_dsa.pub sun:geeko-pubkey Launch the client to test the keys You can use option -i to enter file name for private key Password is still required when logging in to server Enter password with the command ssh-add You can also use the ssh-agent with a graphical login

    23. SUSE Linux Enterprise Server Administration (Course 3037) 23 Exercise 10-1 Manage Remote Connections with OpenSSH In this exercise, you do the following: Part I: Use SSH Utilities Part II: Create a Trusted Connection Between Servers

    24. SUSE Linux Enterprise Server Administration (Course 3037) 24 Enable Remote Administration with YaST Objectives VNC and YaST Remote Administration How to Configure Your Server for Remote Administration How to Access Your Server for Remote Administration

    25. SUSE Linux Enterprise Server Administration (Course 3037) 25 VNC and YaST Remote Administration VNC (virtual network computing) Client-server solution Allows a remote X server to be managed from anywhere on the Internet Set VNC with YaST Remote Administration module Connect to the server using VNC client such as krdc (connect to hostname:5901) VNC connection in Konqueror (vnc://hostname:5901) Java-capable Web browser (http://hostname:5801) Remote Administration is less secure than SSH

    26. SUSE Linux Enterprise Server Administration (Course 3037) 26 How to Configure Your Server for Remote Administration Steps Start the YaST Remote Administration module Select Allow Remote Administration; select Finish Close the dialog box by selecting OK Close any open applications; then display a console pressing Ctrl+Alt+F2 Log in as root with the appropriate password Restart the display manager by entering rcxdm restart Log in to the desktop as root or any other local user

    27. SUSE Linux Enterprise Server Administration (Course 3037) 27 How to Configure Your Server for Remote Administration (continued)

    28. SUSE Linux Enterprise Server Administration (Course 3037) 28 How to Configure Your Server for Remote Administration

    29. SUSE Linux Enterprise Server Administration (Course 3037) 29 How to Access Your Server for Remote Administration Access the server from a Web browser Open Web browser; then enter http://hostname:5801 Directly access YaST by selecting Administration Enter the root password; then select OK Exit YaST; then close the session by selecting Disconnect

    30. SUSE Linux Enterprise Server Administration (Course 3037) 30 How to Access Your Server for Remote Administration (continued)

    31. SUSE Linux Enterprise Server Administration (Course 3037) 31 Exercise 10-2 Use Remote Administration In this exercise, you do the following: Part I: Remotely Access a Text-Based Version of YaST Part II: Remotely Access the GUI Version of YaST Part III: Configure Remote Administration with YaST Part IV: Access Your Partner’s Server Remotely

    32. SUSE Linux Enterprise Server Administration (Course 3037) 32 Configure a Network Installation Objectives How to Prepare for the Installation SUSE Linux Installation Basics How to Configure an Installation Server

    33. SUSE Linux Enterprise Server Administration (Course 3037) 33 How to Prepare for the Installation Consider the following: Hardware compatibility Verify that your hardware is compatible with SLES 9 at www.novell.com/partnerguide/section/481.html File system types Partitioning scheme Plan for the appropriate partitions and partition sizes Software package selection Dual-boot system Better to install SUSE Linux Enterprise Server 9 first

    34. SUSE Linux Enterprise Server Administration (Course 3037) 34 SUSE Linux Installation Basics SUSE Linux lets you install from a variety of sources Using a YaST GUI interface or a text-based interface The role of Linuxrc Defines installation settings and loads hardware drivers Hands over control to YaST Which starts the actual installation

    35. SUSE Linux Enterprise Server Administration (Course 3037) 35 SUSE Linux Installation Basics (continued)

    36. SUSE Linux Enterprise Server Administration (Course 3037) 36 SUSE Linux Installation Basics (continued)

    37. SUSE Linux Enterprise Server Administration (Course 3037) 37 SUSE Linux Installation Basics (continued)

    38. SUSE Linux Enterprise Server Administration (Course 3037) 38 SUSE Linux Installation Basics (continued) Virtual consoles You might need to access a command-line prompt Called a shell prompt in Linux From a virtual console Linux system provides six virtual consoles X Window system is assigned console number 7 Switch between virtual consoles by pressing Ctrl+Alt+Fx Return to the X Window system by pressing Ctrl+Alt+F7

    39. SUSE Linux Enterprise Server Administration (Course 3037) 39 SUSE Linux Installation Basics (continued) YaST installation log files /var/log/YaST2/y2log View its contents entering the following: more /var/log/YaST2/y2log View the last few lines of the installation log file: tail /var/log/YaST2/y2log

    40. SUSE Linux Enterprise Server Administration (Course 3037) 40 How to Configure an Installation Server Steps Start the YaST Installation Server module Select the server type Deactivate the automatic configuration of server services (conditional) Enter directory where you want to copy the installation files Continue by selecting Next Configure the service type (HTTP or FTP, and NFS) Continue by selecting Next

    41. SUSE Linux Enterprise Server Administration (Course 3037) 41 How to Configure an Installation Server (continued)

    42. SUSE Linux Enterprise Server Administration (Course 3037) 42 How to Configure an Installation Server (continued)

    43. SUSE Linux Enterprise Server Administration (Course 3037) 43 How to Configure an Installation Server (continued) Steps (continued) Configure an installation source by selecting Configure Enter a name for the installation source Select Use ISO Images Instead of CDs (conditional) Select Prompt for additional CDs (conditional) Announce as Installation Service with SLP (optional) Continue by selecting Next Insert the First CD

    44. SUSE Linux Enterprise Server Administration (Course 3037) 44 How to Configure an Installation Server (continued)

    45. SUSE Linux Enterprise Server Administration (Course 3037) 45 How to Configure an Installation Server (continued) Steps (continued) Continue following the prompts to remove and replace CDs Edit the configured source (optional) Change the server settings (optional) Finalize the configuration by selecting Finish Close the YaST Control Center (optional)

    46. SUSE Linux Enterprise Server Administration (Course 3037) 46 How to Start a Remote Installation Steps Insert the boot media and restart your computer With the down-arrow key, scroll to and highlight Installation Press F3; then select the service type (FTP, HTTP, NFS, or SLP) Enter server and full path (conditional) To directory where the installation files are stored Select Installation Follow installation prompts until complete

    47. SUSE Linux Enterprise Server Administration (Course 3037) 47 How to Start a Remote Installation (continued)

    48. SUSE Linux Enterprise Server Administration (Course 3037) 48 Exercise 10-3 Install SLES 9 from an Installation Server In this exercise you will install SLES 9 from an Installation Server

    49. SUSE Linux Enterprise Server Administration (Course 3037) 49 Summary SSH daemon (sshd) provides a secure alternative to telnet, r-tools, and FTP By encrypting traffic scp and sftp commands Copy files between remote hosts using SSH SSH uses a combination of asymmetric and symmetric encryption SSH server configuration file /etc/ssh/sshd_config ssh-keygen and ssh-keyscan commands Generate and view asymmetric SSH keys

    50. SUSE Linux Enterprise Server Administration (Course 3037) 50 Summary (continued) Use YaST Remote Administration module To configure a VNC server Before installing SLES, consider: Server role Hardware compatibility Boot, partition, and filesystem configuration Linuxrc Provides a text-based installation program YaST is used to perform a graphical installation

    51. SUSE Linux Enterprise Server Administration (Course 3037) 51 Summary (continued) YaST may be used to set up an installation server That hosts the SLES media using the HTTP, FTP, or NFS protocol

More Related