1 / 24

SSH Operation

SSH Operation. The Swiss Army Knife of encryption tools…. SSH Features. Command line terminal connection tool Replacement for rsh, rcp, telnet, and others All traffic encrypted Both ends authenticate themselves to the other end Ability to carry and encrypt non-terminal traffic.

kiara
Download Presentation

SSH Operation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSH Operation The Swiss Army Knife of encryption tools…

  2. SSH Features • Command line terminal connection tool • Replacement for rsh, rcp, telnet, and others • All traffic encrypted • Both ends authenticate themselves to the other end • Ability to carry and encrypt non-terminal traffic

  3. Brief History • SSH.com's SSH1, originally completely free with source code, then license changed with version 1.2.13 • SSH.com's SSH2, originally only commercial, but now free for some uses. • OpenSSH team took the last free SSH1 release, refixed bugs, added features, and added support for the SSH2 protocol.

  4. Installation • OpenSSH is included with a number of Linux distributions, and available for a large number of Unices • On RPM-based Linuxes: • rpm -Uvh openssh*.rpm

  5. Basic use • ssh SshServerName • ssh -l UserName SshServerName • ssh SshServerName CommandToRun • ssh -v SshServerName • Server Host Key checks • Uses same login password • And if we need to encrypt other traffic?

  6. Port Forwarding - real server on remote machine • I want to listen on port 5110 on this machine; all packets arriving here get sent to mailserver, port 110: • ssh -L 5110:mailserver:110 mailserver

  7. Port Forwarding - real server on this machine • All web traffic to my firewall should be redirected to the web server running on port 8000 on my machine instead: • ssh -R 80:MyMachine:8000 firewall

  8. X Windows forwarding • No setup - already done! • Run the X Windows application in the terminal window: • xclock & • The screen display shows up on your computer, and any keystrokes and mouse movements are sent back, all encrypted.

  9. Securely copying files • scp • scp -p localfile remotemachine:/remotepath/file • Prompts for authentication if needed • All traffic encrypted • Replaces ftp, rcp, file sharing

  10. SSH key background • Old way: password stored on server, user supplied password compared to stored version • New way: private key kept on client, public key stored on server.

  11. SSH key creation • General command: • ssh-keygen -b 1024 -c 'Comment' -f ~/.ssh/identity_file • Different forms for each of the SSH flavors • Assign a hard-to-guess passphrase to the private key during creation. • Key can be used for multiple servers

  12. SSH key installation • 3 versions of ssh: interoperability is good, but poorly documented • ssh-keyinstall utility automates the creation and installation • 'ssh-keyinstall -s SshServerName' creates keys, if needed, and installs them on the remote server • Need password during key install only

  13. Using SSH keys • ssh SshServerName • Ssh -l UserName SshServerName • ssh SshServerName CommandToRun • Ssh -v SshServerName

  14. ssh-agent • Remembers your private key(s) • Other applications can ask ssh-agent to authenticate you automatically. • Unattended remote sessions. • ssh-agent bash • ssh-agent startx • eval `ssh-agent` #Less preferred • ssh-add [KeyName]

  15. Fanout • Runs command on multiple machines by opening separate ssh session to each • fanout 'machine1 machine2 user@machine3' 'command params' • Gives organized output from each machine

  16. Fanterm – live control of multiple machines • Fanterm provides interactive control of multiple remote systems. • Initial window receives keystrokes. • Keystrokes sent to each remote system. • Output from each system shows up in a seperate terminal.

  17. File synchronization - Rsync • Rsync copies a tree of files from a master out to a copy on another machine. • Can use ssh as its transport. • rsync -azv -e ssh /home/wstearns/webtree/ mirror.stearns.org/home/web/

  18. Rsync-backup • Rsync-backup automates the process of backing up machines with rsync and ssh. • Features: • Only changed data shipped • All permissions preserved • All communication encrypted • Unlimited snapshots • Use <= 2X-4X combined client capacity

  19. Rsync-backup client install • Install ssh, rsync, and rsync-backup-client rpms (see http://www.stearns.org ) • Install ssh-keyinstall on client to create a backup key with • ssh-keyinstall -s backupserver -u root -c /usr/sbin/rsync-backup-server

  20. Rsync-backup server install • Install ssh, freedups, rsync-static, and rsync-backup-server rpms • Turn off password authentication in /etc/ssh/sshd_config

  21. Rsync-backup examples • Examples of backup commands: • rsync-backup-client / root@backupserver:/ • rsync-backup-client /usr /home/gbk root@backupserver:/

  22. Links and references • http://www.ssh.com • http://www.openssh.org • SSH, The Secure Shell, The Definitive Guide • ssh-keyinstall, fanout, rsync-backup, freedups and other apps at http://www.stearns.org/

  23. More links • Docs at http://www.stearns.org/doc/ • http://www.employees.org/~satch/ssh/faq/ssh-faq.html • http://rsync.samba.org • William Stearns wstearns@pobox.com

More Related