slide1 n.
Download
Skip this Video
Download Presentation
Chapter 16 Remote Connectivity

Loading in 2 Seconds...

play fullscreen
1 / 29

Chapter 16 Remote Connectivity - PowerPoint PPT Presentation


  • 161 Views
  • Uploaded on

Chapter 16 Remote Connectivity. Objectives. Explain : telnet rsh ssh Configure FTP. Telnet. Telnet is used to communicate to a host through telnet protocol on default port 23 It operates on client/server basic. The client requires an account on the server to login

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Chapter 16 Remote Connectivity' - gloria-mcintosh


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1
Chapter16

Remote Connectivity

objectives
Objectives
  • Explain :

telnet

rsh

ssh

  • Configure FTP
telnet
Telnet
  • Telnet is used to communicate to a host through telnet protocol on default port 23
  • It operates on client/server basic. The client requires an account on the server to login
  • Most telnet servers will not allow you login as root because of security. You can login as normal user and su to root
telnet1
Telnet
  • telnet is insecure protocol : username and password send from client to server across network in clear text
  • why people still use it ? - telnet can be used for debugging text based protocol : HTTP, SMTP and POP
relevant file telnetrc
Relevant File - ~/.telnetrc
  • When users has .telnetrc file in their home directories, telnet will execute the commands listed in this file.

# this is a comment

saigonctt send ayt

DEFAULT environ export USER

telnet commands
Telnet Commands
  • Command Format :

telnet [IP address|host name] [port]

  • If telnet is executed without options, it will be started in command mode with prompt “telnet>”
  • You can change to command mode by “Ctrl-]” after connected.
telnet commands1
Telnet Commands

?, h, help Lists commands with description

<command> ? More information of command (arg)

open <IP address> Open connection to the IP address or host name

close = quit Terminates connection from client

logout Requests server to terminate the connection

send Send a special character sequence to the server

status A brief status report of telnet

( See #man telnet for more commands )

the r commands
The r Commands
  • There are 3 programs :

rlogin Remote login

rsh Remote shell executes command

rcp Remote copy

  • Password NOT required if following files are configured:

/etc/hosts.equiv (system-wide)

$HOME/.rhosts (per-user)

( Entry : [+|-] [hostname] [username] )

the r commands1
The r Commands
  • rlogin : similar to telnet

rlogin [-l username] <hostname>

  • rsh : executes cmd on remote host

rsh [-l username] <hostname> <cmd>

Shell meta-characters can be used in <cmd> To have rsh interpret the meta-characters on remote machine, put `quotation mark around them. If not quotes,meta-characters are interpreted on local machine :

# rsh –l minh saigonctt “cat ~/file” > local_file

# rsh –l minh saigonctt “cat ~/file” “>” remote_file

the r commands2
The r Commands
  • rcp : copy files between machines

rcp <dir> <remote username>@<hostname>:<dir>

rcp <remote username>@<hostname>:<dir> <dir>

  • Example :

rcp /home/file minh@saigonctt:/backup

rcp minh@saigonctt:/backup/file /home

rcp -r /etc minh@saigonctt:/backup/etc

rcp –p /etc minh@saigonctt:/backup/etc

security of r commands
Security of r Commands
  • centers around the idea of trusted users and hosts , NOT password authentication.
    • Trusted hosts are also known as equivalent hosts
    • If NOhosts.equiv is present, NO hosts are trusted
    • The .rhosts file is used to control access to an individual user account
    • It grant/denies password-free access to an individual user account by means of .rhosts
    • hosts.equiv does NOT work with root account but .rhosts does
ssh secure shell
SSH – Secure Shell
  • SSH originally authored by Tatu Ylonen in Finland, replacement for telnet, rlogin, rsh, rcp
  • Everything SSH send across network is encrypted. SSH has become de-factor standard for remote connection
  • SSH can hanlde X connection
ssh features
SSH Features
  • Strong authentication with RSA, SecurID, S/Key, Kerberos and TIS
  • Secure X11 sessions
  • Arbitrary TCP/IP ports can be redirect through the encrypted channel in both directions
  • For forwarding, ssh captures on port 6010
  • Optional compression of all data with gzip
  • Complete replacement for rlogin, rsh, rcp
component of ssh1
Component of SSH1

sshd Server

ssh Client

scp Sercure copy files, replaces rcp

ssh-keygen Creates RSA keys (host key and authentication keys)

ssh-agent Authetication agent, used to hold RSA keys for authentication

ssh-add Used to register new key with the agent

make-ssh-known-hosts Used to create /etc/ssh/ssh_known_hosts file

component of ssh2
Component of SSH2

sshd2 Server

ssh2 Client

sftp-server2 SFTP Server (executed by sshd2)

sftp2 SFTP Client (need ssh2)

scp2 Sercure copy files, replaces rcp

component of ssh21
Component of SSH2

ssh-keygen2 The utility for generating keys

ssh-agent2 Authetication agent, used to hold RSA keys for authentication

ssh-add2 Add identifier to the authentication agent

ssh-askpass2 X11 utility for querying password

ssh2 changes
SSH2 Changes
  • SSH has been 98% rewritten
  • Supports other key-exchange methods besides RSA : Diffie-Hellman key exchange
  • Supports for DSA and other public key algorithms besides RSA
ssh2 changes1
SSH2 Changes
  • New added features : sftp , the secure file transfer protocol
  • More secure and allows integration into public key infrastrures
  • Supports “subsystems”, platform-independent module, built-in SOCKS, …
install ssh1 from openssh
Install SSH1 – from OpenSSH
  • Because of legal reasons, SSH is not included by default in Linux. You can download and install from source code or from OpenSSH
  • OpenSSH suite includes :
    • ssh (replaces telnet and rlogin)
    • scp (replaces rcp)
    • sftp (replaces ftp)
install ssh1 from openssh1
Install SSH1 – from OpenSSH
  • Server : openssh-server-xxx.rpm

(sshd, sshd_config, sftp-server, ...)

  • Client : openssh-clients-xxx.rpm

(ssh, ssh_config, sftp, ...)

  • Addtion tools : openssh-xxx.rpm

(scp, ssh-keygen, ...)

configure ssh1
Configure SSH1
  • Configure files :

Server : /etc/ssh/sshd_config

Client : /etc/ssh/ssh_config

These file contains keyword-value pairs, one per line, use ‘#’ as comment. Keyword are case sensitive :

# more /etc/ssh/sshd_config

Port 22

ListenAddress 0.0.0.0

PermitRootLogin yes

IgnoreRhosts yes

RhostsAuthentication no

RSAAuthentication yes

PasswordAuthentication yes

...

file transfer ftp
File Transfer - ftp
  • ftp (file transfer protocol) provides service for file transfer from/to your computer.
  • All Linux distributions offer the wu-ftpd program, which is ftp daemon developed at Washington University.
  • wu-ftpd is the most common daemon on the Internet
ftp relevant files
FTP – Relevant Files
  • /etc/ftpaccess
  • /etc/ftphosts
  • /etc/ftpusers
  • /etc/ftpconversion
etc ftpaccess
/etc/ftpaccess
  • It’s main configuration file

class all real,guest,anonymous *

email root@localhost

loginfails 5

message /welcome.msg login

message .message cwd=*

compress yes all

tar yes all

chmod no guest,anonymous

delete no anonymous

rename no anonymous

etc ftphosts
/etc/ftphosts
  • It’s used to allow or deny access to certain accounts from various hosts.

allow henry 10.1.2.3

deny fred example.org 10.2.3.*

etc ftpusers
/etc/ftpusers
  • It contains login names of users who are NOT allow to login to your system

root

bin

daemon

adm

lp

mail

news

uucp

proftpd
Proftpd
  • It’s another powerful ftp server, not popular as wu-ftpd but easier to configure and more secure.
  • It can run as stand-alone server or from inetd
  • Relevant files :

/usr/sbin/in.proftpd : server daemon

/etc/proftpd.conf : main configuration file