Firewalls, Perimeter Protection, and VPNs - SANS ©2001 1 SSH Operation The Swiss Army Knife of encryption tools…

Slides:



Advertisements
Similar presentations
Secure File Transfer Protocol (SFTP) With Secure Copy (SC) What is a Secure File Transfer Protocol with Secure Copy???
Advertisements

Encrypting Wireless Data with VPN Techniques
SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.
SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
Chapter One The Essence of UNIX.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
EEC 688/788 Secure and Dependable Computing Lecture 8 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Guide To UNIX Using Linux Third Edition
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 8 Wenbing Zhao Department of Electrical and Computer Engineering.
TCP/IP - Security Perspective Upper Layers CS-431 Dick Steflik.
Remote access and file transfer Getting files on and off Bio-Linux.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.
SSH Keys William Stearns
SUSE Linux Enterprise Desktop Administration Chapter 5 Manage the Network Configuration.
1 Web Server Administration Chapter 9 Extending the Web Environment.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.
Chapter 10 Networking and the Internet ITSC 1458.
The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.
Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.
Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2 protocol key.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.
Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.
SSH Operation The Swiss Army Knife of encryption tools…
REMOTE LOGIN. TEAM MEMBERS AMULYA GURURAJ 1MS07IS006 AMULYA GURURAJ 1MS07IS006 BHARGAVI C.S 1MS07IS013 BHARGAVI C.S 1MS07IS013 MEGHANA N. 1MS07IS050 MEGHANA.
Other useful commands netstat ps tail kill. netstat Print network connections, routing tables, interface statistics, masquerade connections, and multicast.
1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
ORAFACT The Secure Shell. ORAFACT Secure Shell Replaces unencrypted utilities rlogin and telnet rsh rcp Automates X11 authentication Supports tunneling.
Phil Hurvitz Securing UNIX Servers with the Secure.
SSH Tricks for CSF Slide 1 NEbraskaCERT SSH Tricks Matthew G. Marsh 05/21/03.
Linux Services Configuration
XWN740 X-Windows Configuring and Using Remote Access (Chapter 13: Pages )‏
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Agenda Networking with Linux & UNIX OS –Overview –Setup –Common Utilities.
SECURE SHELL MONIKA GUPTA COT OUTLINE What is SSH ? What is SSH ? History History Functions of Secure Shell ? Functions of Secure Shell ? Elements.
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
1 Example security systems n Kerberos n Secure shell.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
1 E-Site - FTP Services Setup / install guide. 2 About FTP services can run on any desired port(s) Runs as a windows service Works for all sites installed.
Secure Communications ● Cleartext vs. encryption and encapsulation ● Protocols not to use ● SSH – scp/ftp – SSH tunnelling ● VPN.
Linux Basics Part 2. VIM Editor vi improved Installed on most Linux machines Can be a bit confusing at first... o Cheat sheets FTW Other popular editors:
1 Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com SSH Thomas Petazzoni Free.
OpenSSH – Public Key Authentication ● Jonathan Schipp ● Dubois County Linux User Group ● Nov 7 th 2010 ● jonschipp (at) gmail.com.
Security with SSH Unix System Administration Workshop AfNOG 2007 Hervey Allen.
Secure services Unit-IV CHAP-1
Ssh: secure shell.
Chapter 9 Router Configuration (Ospf, Rip) Webmin, usermin Team viewer
SECURE SHELL MONIKA GUPTA COT 4810.
Managing Software.
XWN740 X-Windows Configuring and Using Remote Access
FTP - File Transfer Protocol
File Transfer Olivia Irving and Cameron Foss
Telnet/SSH Connecting to Hosts Internet Technology.
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
Presentation transcript:

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Features Command line terminal connection tool Replacement for rsh, rcp, telnet, and others All traffic encrypted Both ends authenticate themselves to the other end Ability to carry and encrypt non- terminal traffic

Firewalls, Perimeter Protection, and VPNs - SANS © Brief History SSH.com’s SSH1, originally completely free with source code, then license changed with version SSH.com’s SSH2, originally only commercial, but now free for some uses. OpenSSH team took the last free SSH1 release, refixed bugs, added features, and added support for the SSH2 protocol.

Firewalls, Perimeter Protection, and VPNs - SANS © Installation OpenSSH is included with a number of Linux distributions, and available for a large number of Unices On RPM-based linuxes: –“rpm –Uvh openssh*.rpm”

Firewalls, Perimeter Protection, and VPNs - SANS © Basic use ssh SshServerName ssh –l UserName SshServerName ssh SshServerName CommandToRun ssh –v SshServerName Server Host Key checks Uses same login password And if we need to encrypt other traffic?

Firewalls, Perimeter Protection, and VPNs - SANS © Port Forwarding – real server on remote machine I want to listen on port 5110 on this machine; all packets arriving here get sent to mailserver, port 110: –ssh –L 5110:mailserver:110 mailserver

Firewalls, Perimeter Protection, and VPNs - SANS © Port Forwarding – real server on this machine All web traffic to my firewall should be redirected to the web server running on port 8000 on my machine instead: –ssh –R 80:MyMachine:8000 firewall

Firewalls, Perimeter Protection, and VPNs - SANS © X Windows forwarding No setup – already done! Run the X Windows application in the terminal window: –xclock & –The screen display shows up on your computer, and any keystrokes and mouse movements are sent back, all encrypted.

Firewalls, Perimeter Protection, and VPNs - SANS © Securely copying files scp scp –p localfile remotemachine:/remotepath/file Prompts for authentication if needed All traffic encrypted Replaces ftp, rcp, file sharing

Firewalls, Perimeter Protection, and VPNs - SANS © SSH key background Old way: password stored on server, user supplied password compared to stored version New way: private key kept on client, public key stored on server.

Firewalls, Perimeter Protection, and VPNs - SANS © SSH key creation General command: –ssh-keygen –b 1024 –c “Comment” –f ~/.ssh/identity_file Different forms for each of the SSH flavors Assign a hard-to-guess passphrase to the private key during creation. Key can be used for multiple servers

Firewalls, Perimeter Protection, and VPNs - SANS © SSH key installation 3 versions of ssh: interoperability is good, but poorly documented ssh-keyinstall utility automates the creation and installation –“ssh-keyinstall –s SshServerName” creates keys, if needed, and installs them on the remote server –Need password during key install only

Firewalls, Perimeter Protection, and VPNs - SANS © Using SSH keys ssh SshServerName Ssh –l UserName SshServerName ssh SshServerName CommandToRun Ssh –v SshServerName

Firewalls, Perimeter Protection, and VPNs - SANS © ssh-agent Remembers your private key(s) Other applications can ask ssh-agent to authenticate you automatically. Unattended remote sessions. ssh-agent bash ssh-agent startx eval `ssh-agent`#Less preferred ssh-add [KeyName]

Firewalls, Perimeter Protection, and VPNs - SANS © Fanout Runs command on multiple machines by opening separate ssh session to each fanout “machine1 machine2 “command params” Gives organized output from each machine

Firewalls, Perimeter Protection, and VPNs - SANS © File synchronization - Rsync Rsync copies a tree of files from a master out to a copy on another machine. Can use ssh as its transport. rsync –azv –e ssh /home/wstearns/webtree/ mirror.stearns.org/home/web/

Firewalls, Perimeter Protection, and VPNs - SANS © Rsync-backup Rsync-backup automates the process of backing up machines with rsync and ssh. Features: –Only changed data shipped –All permissions preserved –All communication encrypted –Unlimited snapshots –Use <= 2X-4X combined client capacity

Firewalls, Perimeter Protection, and VPNs - SANS © Rsync-backup client install Install ssh, rsync, and rsync- backup-client rpms (see Install ssh-keyinstall on client to create a backup key with – ssh-keyinstall –s backupserver –u root –c /usr/sbin/rsync-backup-server

Firewalls, Perimeter Protection, and VPNs - SANS © Rsync-backup server install Install ssh, freedups, rsync-static, and rsync-backup-server rpms Turn off password authentication in /etc/ssh/sshd_config

Firewalls, Perimeter Protection, and VPNs - SANS © Rsync-backup examples Examples of backup commands: – rsync-backup-client / – rsync-backup-client /usr /home/gbk

Firewalls, Perimeter Protection, and VPNs - SANS © Links and references SSH, The Secure Shell, The Definitive Guide ssh-keyinstall, fanout, rsync- backup, freedups and other apps at

Firewalls, Perimeter Protection, and VPNs - SANS © More links Docs at ssh/faq/ssh-faq.htmlhttp:// ssh/faq/ssh-faq.html William Stearns

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.