SSH Foo KW-LUG Presentation Epoch 1543838400 jasoneckert.net.

Slides:

Advertisements

Similar presentations

Network Security.

Advertisements

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Module 5: Configuring Access for Remote Clients and Networks.

Virtual Machine and UNIX. What is a VM? VM stands for Virtual Machine. It is a software emulation of hardware. By using a VM, you can have the same hardware.

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

SUSE Linux Enterprise Desktop Administration Chapter 5 Manage the Network Configuration.

SSH. Review 1-minute exercise: Find the open ports on you own VM [Good] nmap [Better] netstat -lpunt.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.

SCSC 455 Computer Security Network Security. Control access to system Access control mechanisms in specific network programs  e.g. 1, wu-FTP server support.

Network Security SSH Tunneling David Funk Matt McLaughlin Systems Administrators Computer Systems Support COE, University of Iowa.

Daemon issue 14 SSH Port Forwarding Yannis Tsopokis Wednesday, April 26 th 2006.

VNC Greg Fankhanel Jessica Nunn Jennifer Romero. What is it? Stands for Virtual Network Computing It is remote control software which allows you to view.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.

Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.

CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.

The Secure Shell Copyright © Software Carpentry 2011 This work is licensed under the Creative Commons Attribution License See

Windows PostgreSQL installation. Pre-requisites Define a local non-administrative Windows account (eg. postgres) Must install on Console, not through.

Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.

Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.

ORAFACT The Secure Shell. ORAFACT Secure Shell Replaces unencrypted utilities rlogin and telnet rsh rcp Automates X11 authentication Supports tunneling.

SSH Tricks Slide 1 SSH Tricks Matthew G. Marsh. SSH Tricks Slide 2 Overview  SSH –What is it –How does it work  Discussion of Network Topology –Tricks.

Phil Hurvitz Securing UNIX Servers with the Secure.

SSH Tricks for CSF Slide 1 NEbraskaCERT SSH Tricks Matthew G. Marsh 05/21/03.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏

Module 10: Windows Firewall and Caching Fundamentals.

CTC228 Nov Today... Catching up with group projects URLs and DNS Nmap Review for Test.

SSH Scott Nykl Jim Wyllie. SSH - Overview Secure Shell Designed to replace “r-tools” [1]  rlogin, rsh, rcp  3 main attacks [1]:  Password eavesdropping.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.

PRESENTED BY ALI NASIR BITF13M040 AMMAR HAIDER BITF13M016 SHOIAB BAJWA BITF13M040 AKHTAR YOUNAS BITF13M019.

Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN.

Remote access methods ● SSH ● VPNs ● VNC ● Screen - by Alex Harris.

1 Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com SSH Thomas Petazzoni Free.

Securing your network But still be able to access it Hugh Mahon.

OpenSSH – Public Key Authentication ● Jonathan Schipp ● Dubois County Linux User Group ● Nov 7 th 2010 ● jonschipp (at) gmail.com.

Security with SSH Unix System Administration Workshop AfNOG 2007 Hervey Allen.

Security with SSH ISP Services Workshop SANOG 9 Hervey Allen.

Virtual Private Network Access for Remote Networks

Overview – SOE Openssh Dec 2013.

Ssh: secure shell.

SSH Port Forwarding as Mini-VPN

Microsoft Windows NT 4.0 Authentication Protocols

Tutorial on Creating Certificates SSH Kerberos

Module Overview Installing and Configuring a Network Policy Server

Chapter 5 : Designing Windows Server-Level Security Processes

cctld Workshop Georgetown, Guyana Hervey Allen

SECURE SHELL MONIKA GUPTA COT 4810.

WSU Linux Users Group By Haven Hash

Tunneling with SSH der.hans ScaLE 9x 2011Feb27.

XWN740 X-Windows Configuring and Using Remote Access

Tutorial on Creating Certificates SSH Kerberos

SSSD and OpenSSH Integration

Lab 1 introduction, debrief

ECE544: Software Assignment 3

Chapter 27: System Security

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast

IS3440 Linux Security Unit 4 Securing the Linux Filesystem

Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH

數位芝麻網路公司蔡志展 2001/8/18 CVS Setup 數位芝麻網路公司蔡志展 2001/8/18.

Designing IIS Security (IIS – Internet Information Service)

Be comfortable with Linux

Presentation transcript:

SSH Foo KW-LUG Presentation Epoch 1543838400 jasoneckert.net

SSH Kung Fu KW-LUG Presentation Epoch 1543838400 jasoneckert.net

SSH Fu KW-LUG Presentation Epoch 1543838400 jasoneckert.net

SSH Foo KW-LUG Presentation Epoch 1543838400 jasoneckert.net

Crypto Basics Symmetric crypto (e.g. AES/Blowfish/RC4): Fast for encrypting payloads of data Key negotiation across a network sucks Clients usually generate a symkey and encrypt it asymmetrically to get it to a server

Crypto Basics Asymmetric crypto (e.g. RSA/DSA/ECC):

SSH Basics Encrypted telnet but without Star Wars Uses symmetric encryption for all payload data Uses asymmetric encryption to protect sym key generated by the SSH client

SSH Basics Symmetric encryption controlled by client /etc/ssh/ssh_config Ciphers (usually AES*) Asymmetric encryption controlled by server (the host keys): /etc/ssh/sshd_config HostKey /etc/ssh/ssh_host_rsa_key (& .pub) HostKey /etc/ssh/ssh_host_ecdsa_key (& .pub) HostKey /etc/ssh/ssh_host_ed25519_key (& .pub) ~/.ssh/known_hosts

SSH User Keys You can also create asymmetric keys for your local user account and add these keys to each server you manage to avoid passwords ssh-keygen ***Do you want to protect private key with passphrase? You’ll need it each time the private key is used unless you want to load the ssh-agent cat ~/.ssh/id_rsa cat ~/.ssh/id_rsa.pub ssh-copy-id -i root@server1 ssh root@server1 (look ma, no password!) PermitRootLogins without-password

SSH User Keys Many systems prevent root SSH in sshd_config (must connect as bob and su/sudo): PermitRootLogins yes/no/without-password If you want to omit the username for each host, you can use host-specific options on your SSH client to specify a default user: cat ~/.ssh/config Host server1 User admin Host server2 User bob PasswordAuthentication no (requires SSH keys for all connections!)

Copying Files Copy remote /root/lala file (on server1) to local /var directory ssh root@server1 cat /root/lala > /var/sample scp root@server1:/root/lala /var Copy the local /root/lala file to /var directory on remote computer (appserver) ssh root@server1 cat </root/lala ">" /var/lala scp /root/lala root@server1:/var

Copying Files Can also use piping Works for anything, really dd if=/root/lala | ssh -C user@host dd of=/var/lala Works for anything, really dd if=/dev/tty5 | ssh -C user@host dd of=/dev/tty2

Tunneling Tunneling other stuff (e.g. VNC) Tunneling X.org (requires xauth) ssh –X root@server1 gnome-control-center Tunneling other stuff (e.g. VNC) Local tunneling – e.g. forward local traffic on port 5999 to server1 on port 5900 as bob. ssh -L 5999:localhost:5900 bob@server1 After this, you can start a VNC viewer and connect to localhost:5999 to access the VNC server running on port 5900 on server1 through an SSH tunnel) Xauth is installed by default on workstation installs, but you may have to add it to a server install.

Tunneling Remote tunneling – e.g. bob on client1 can start a VNC viewer and connect to server1:5999 in order to access the VNC server running on port 5900 on server1 (your server) via SSH. ssh -R 5999:server1:5900 bob@client1

Tunneling Evading firewall restrictions ssh homeserver –L 443:lala.com:443 cat /etc/hosts (127.0.0.1 lala.com) apachectl stop curl https://lala.com

Tunneling General format (you are computerA): ssh computerB –L 443:computerC:443

Tunneling Can also tell SSH to do SOCKS5 proxy forwarding to a home server to evade a firewall too: ssh -D 8080 homeserver Set Chrome/Firefox proxy address to localhost:8080 DNS requests are not part of this (you can tunnel DNS through a SOCKS5 proxy with other software like DNSCrypt) Problems? grep Forwarding /etc/ssh/sshd_config X11Forwarding no AllowTcpForwarding no

SSHFS (NFS is sooo yesterday) Access remote / filesystem on server1 over SSH session mounted to local /mnt directory: dnf install sshfs sshfs root@server1:/ /mnt ls /mnt rm –Rf /mnt/* (--no-preserve-root bypassed)