1 / 29

Chapter 16 Remote Connectivity

Chapter 16 Remote Connectivity. Objectives. Explain : telnet rsh ssh Configure FTP. Telnet. Telnet is used to communicate to a host through telnet protocol on default port 23 It operates on client/server basic. The client requires an account on the server to login

gloria-mcintosh
Download Presentation

Chapter 16 Remote Connectivity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter16 Remote Connectivity

  2. Objectives • Explain : telnet rsh ssh • Configure FTP

  3. Telnet • Telnet is used to communicate to a host through telnet protocol on default port 23 • It operates on client/server basic. The client requires an account on the server to login • Most telnet servers will not allow you login as root because of security. You can login as normal user and su to root

  4. Telnet • telnet is insecure protocol : username and password send from client to server across network in clear text • why people still use it ? - telnet can be used for debugging text based protocol : HTTP, SMTP and POP

  5. Relevant File - ~/.telnetrc • When users has .telnetrc file in their home directories, telnet will execute the commands listed in this file. # this is a comment saigonctt send ayt DEFAULT environ export USER

  6. Telnet Commands • Command Format : telnet [IP address|host name] [port] • If telnet is executed without options, it will be started in command mode with prompt “telnet>” • You can change to command mode by “Ctrl-]” after connected.

  7. Telnet Commands ?, h, help Lists commands with description <command> ? More information of command (arg) open <IP address> Open connection to the IP address or host name close = quit Terminates connection from client logout Requests server to terminate the connection send Send a special character sequence to the server status A brief status report of telnet … ( See #man telnet for more commands )

  8. The r Commands • There are 3 programs : rlogin Remote login rsh Remote shell executes command rcp Remote copy • Password NOT required if following files are configured: /etc/hosts.equiv (system-wide) $HOME/.rhosts (per-user) ( Entry : [+|-] [hostname] [username] )

  9. The r Commands • rlogin : similar to telnet rlogin [-l username] <hostname> • rsh : executes cmd on remote host rsh [-l username] <hostname> <cmd> Shell meta-characters can be used in <cmd> To have rsh interpret the meta-characters on remote machine, put `quotation mark around them. If not quotes,meta-characters are interpreted on local machine : # rsh –l minh saigonctt “cat ~/file” > local_file # rsh –l minh saigonctt “cat ~/file” “>” remote_file

  10. The r Commands • rcp : copy files between machines rcp <dir> <remote username>@<hostname>:<dir> rcp <remote username>@<hostname>:<dir> <dir> • Example : rcp /home/file minh@saigonctt:/backup rcp minh@saigonctt:/backup/file /home rcp -r /etc minh@saigonctt:/backup/etc rcp –p /etc minh@saigonctt:/backup/etc

  11. Security of r Commands • centers around the idea of trusted users and hosts , NOT password authentication. • Trusted hosts are also known as equivalent hosts • If NOhosts.equiv is present, NO hosts are trusted • The .rhosts file is used to control access to an individual user account • It grant/denies password-free access to an individual user account by means of .rhosts • hosts.equiv does NOT work with root account but .rhosts does

  12. SSH – Secure Shell • SSH originally authored by Tatu Ylonen in Finland, replacement for telnet, rlogin, rsh, rcp • Everything SSH send across network is encrypted. SSH has become de-factor standard for remote connection • SSH can hanlde X connection

  13. SSH Features • Strong authentication with RSA, SecurID, S/Key, Kerberos and TIS • Secure X11 sessions • Arbitrary TCP/IP ports can be redirect through the encrypted channel in both directions • For forwarding, ssh captures on port 6010 • Optional compression of all data with gzip • Complete replacement for rlogin, rsh, rcp

  14. Component of SSH1 sshd Server ssh Client scp Sercure copy files, replaces rcp ssh-keygen Creates RSA keys (host key and authentication keys) ssh-agent Authetication agent, used to hold RSA keys for authentication ssh-add Used to register new key with the agent make-ssh-known-hosts Used to create /etc/ssh/ssh_known_hosts file

  15. Component of SSH2 sshd2 Server ssh2 Client sftp-server2 SFTP Server (executed by sshd2) sftp2 SFTP Client (need ssh2) scp2 Sercure copy files, replaces rcp

  16. Component of SSH2 ssh-keygen2 The utility for generating keys ssh-agent2 Authetication agent, used to hold RSA keys for authentication ssh-add2 Add identifier to the authentication agent ssh-askpass2 X11 utility for querying password

  17. SSH2 Changes • SSH has been 98% rewritten • Supports other key-exchange methods besides RSA : Diffie-Hellman key exchange • Supports for DSA and other public key algorithms besides RSA

  18. SSH2 Changes • New added features : sftp , the secure file transfer protocol • More secure and allows integration into public key infrastrures • Supports “subsystems”, platform-independent module, built-in SOCKS, …

  19. Install SSH1 – from OpenSSH • Because of legal reasons, SSH is not included by default in Linux. You can download and install from source code or from OpenSSH • OpenSSH suite includes : • ssh (replaces telnet and rlogin) • scp (replaces rcp) • sftp (replaces ftp)

  20. Install SSH1 – from OpenSSH • Server : openssh-server-xxx.rpm (sshd, sshd_config, sftp-server, ...) • Client : openssh-clients-xxx.rpm (ssh, ssh_config, sftp, ...) • Addtion tools : openssh-xxx.rpm (scp, ssh-keygen, ...)

  21. Configure SSH1 • Configure files : Server : /etc/ssh/sshd_config Client : /etc/ssh/ssh_config These file contains keyword-value pairs, one per line, use ‘#’ as comment. Keyword are case sensitive : # more /etc/ssh/sshd_config Port 22 ListenAddress 0.0.0.0 PermitRootLogin yes IgnoreRhosts yes RhostsAuthentication no RSAAuthentication yes PasswordAuthentication yes ...

  22. File Transfer - ftp • ftp (file transfer protocol) provides service for file transfer from/to your computer. • All Linux distributions offer the wu-ftpd program, which is ftp daemon developed at Washington University. • wu-ftpd is the most common daemon on the Internet

  23. FTP – Relevant Files • /etc/ftpaccess • /etc/ftphosts • /etc/ftpusers • /etc/ftpconversion

  24. /etc/ftpaccess • It’s main configuration file class all real,guest,anonymous * email root@localhost loginfails 5 message /welcome.msg login message .message cwd=* compress yes all tar yes all chmod no guest,anonymous delete no anonymous rename no anonymous …

  25. /etc/ftphosts • It’s used to allow or deny access to certain accounts from various hosts. allow henry 10.1.2.3 deny fred example.org 10.2.3.*

  26. /etc/ftpusers • It contains login names of users who are NOT allow to login to your system root bin daemon adm lp mail news uucp …

  27. Proftpd • It’s another powerful ftp server, not popular as wu-ftpd but easier to configure and more secure. • It can run as stand-alone server or from inetd • Relevant files : /usr/sbin/in.proftpd : server daemon /etc/proftpd.conf : main configuration file

  28. /etc/proftpd.conf

  29. The End

More Related