ssh operation n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
SSH Operation PowerPoint Presentation
Download Presentation
SSH Operation

Loading in 2 Seconds...

play fullscreen
1 / 24
kiara

SSH Operation - PowerPoint PPT Presentation

147 Views
Download Presentation
SSH Operation
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. SSH Operation The Swiss Army Knife of encryption tools…

  2. SSH Features • Command line terminal connection tool • Replacement for rsh, rcp, telnet, and others • All traffic encrypted • Both ends authenticate themselves to the other end • Ability to carry and encrypt non-terminal traffic

  3. Brief History • SSH.com's SSH1, originally completely free with source code, then license changed with version 1.2.13 • SSH.com's SSH2, originally only commercial, but now free for some uses. • OpenSSH team took the last free SSH1 release, refixed bugs, added features, and added support for the SSH2 protocol.

  4. Installation • OpenSSH is included with a number of Linux distributions, and available for a large number of Unices • On RPM-based Linuxes: • rpm -Uvh openssh*.rpm

  5. Basic use • ssh SshServerName • ssh -l UserName SshServerName • ssh SshServerName CommandToRun • ssh -v SshServerName • Server Host Key checks • Uses same login password • And if we need to encrypt other traffic?

  6. Port Forwarding - real server on remote machine • I want to listen on port 5110 on this machine; all packets arriving here get sent to mailserver, port 110: • ssh -L 5110:mailserver:110 mailserver

  7. Port Forwarding - real server on this machine • All web traffic to my firewall should be redirected to the web server running on port 8000 on my machine instead: • ssh -R 80:MyMachine:8000 firewall

  8. X Windows forwarding • No setup - already done! • Run the X Windows application in the terminal window: • xclock & • The screen display shows up on your computer, and any keystrokes and mouse movements are sent back, all encrypted.

  9. Securely copying files • scp • scp -p localfile remotemachine:/remotepath/file • Prompts for authentication if needed • All traffic encrypted • Replaces ftp, rcp, file sharing

  10. SSH key background • Old way: password stored on server, user supplied password compared to stored version • New way: private key kept on client, public key stored on server.

  11. SSH key creation • General command: • ssh-keygen -b 1024 -c 'Comment' -f ~/.ssh/identity_file • Different forms for each of the SSH flavors • Assign a hard-to-guess passphrase to the private key during creation. • Key can be used for multiple servers

  12. SSH key installation • 3 versions of ssh: interoperability is good, but poorly documented • ssh-keyinstall utility automates the creation and installation • 'ssh-keyinstall -s SshServerName' creates keys, if needed, and installs them on the remote server • Need password during key install only

  13. Using SSH keys • ssh SshServerName • Ssh -l UserName SshServerName • ssh SshServerName CommandToRun • Ssh -v SshServerName

  14. ssh-agent • Remembers your private key(s) • Other applications can ask ssh-agent to authenticate you automatically. • Unattended remote sessions. • ssh-agent bash • ssh-agent startx • eval `ssh-agent` #Less preferred • ssh-add [KeyName]

  15. Fanout • Runs command on multiple machines by opening separate ssh session to each • fanout 'machine1 machine2 user@machine3' 'command params' • Gives organized output from each machine

  16. Fanterm – live control of multiple machines • Fanterm provides interactive control of multiple remote systems. • Initial window receives keystrokes. • Keystrokes sent to each remote system. • Output from each system shows up in a seperate terminal.

  17. File synchronization - Rsync • Rsync copies a tree of files from a master out to a copy on another machine. • Can use ssh as its transport. • rsync -azv -e ssh /home/wstearns/webtree/ mirror.stearns.org/home/web/

  18. Rsync-backup • Rsync-backup automates the process of backing up machines with rsync and ssh. • Features: • Only changed data shipped • All permissions preserved • All communication encrypted • Unlimited snapshots • Use <= 2X-4X combined client capacity

  19. Rsync-backup client install • Install ssh, rsync, and rsync-backup-client rpms (see http://www.stearns.org ) • Install ssh-keyinstall on client to create a backup key with • ssh-keyinstall -s backupserver -u root -c /usr/sbin/rsync-backup-server

  20. Rsync-backup server install • Install ssh, freedups, rsync-static, and rsync-backup-server rpms • Turn off password authentication in /etc/ssh/sshd_config

  21. Rsync-backup examples • Examples of backup commands: • rsync-backup-client / root@backupserver:/ • rsync-backup-client /usr /home/gbk root@backupserver:/

  22. Links and references • http://www.ssh.com • http://www.openssh.org • SSH, The Secure Shell, The Definitive Guide • ssh-keyinstall, fanout, rsync-backup, freedups and other apps at http://www.stearns.org/

  23. More links • Docs at http://www.stearns.org/doc/ • http://www.employees.org/~satch/ssh/faq/ssh-faq.html • http://rsync.samba.org • William Stearns wstearns@pobox.com