HP World 2005 Securing your Unix environment with HP Secure Shell Steven E Protter Senior Systems Administrator I.S.N. Corporation.

Slides:



Advertisements
Similar presentations
Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.
Advertisements

1 Automated SFTP Windows and SUN Linux and SUN. 2 Vocabulary  Client = local=the machine generating the SFTP request  Server = remote = the machine.
SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
PlanetLab What is PlanetLab? A group of computers available as a testbed for computer networking and distributed systems research.
HP World 2005 Real Life HP- UX Patching Strategies Steven E Protter Senior Systems Administrator I.S.N. Corporation.
Computer Organization Tools Computer Organization 1 © WD McQuain Programming Tools Most of the programming assignments will require using.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
File Transfer: FTP and TFTP
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 21 File Transfer: FTP and.
Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
A crash course in njit’s Afs
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
OpenSSH: A Telnet Replacement Presented by Aaron Grothe Heimdall Linux, Inc.
MCB Lecture #3 Sept 2/14 Intro to UNIX terminal.
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.
Help session: Unix basics Keith 9/9/2011. Login in Unix lab  User name: ug0xx Password: ece321 (initial)  The password will not be displayed on the.
1 Web Server Administration Chapter 9 Extending the Web Environment.
SSH. Review 1-minute exercise: Find the open ports on you own VM [Good] nmap [Better] netstat -lpunt.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.
CSN08101 Digital Forensics Lecture 1B: Essential Linux and Caine Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak.
1 Web Server Administration Chapter 9 Extending the Web Environment.
The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.
Shell Protocols Elly Bornstein Hiral Patel Pranav Patel Priyank Desai Swar Shah.
Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2 protocol key.
1 INFO 321 Server Technologies II FTP Material adapted from Dr. Randy Kaplan.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
The Stanford Login Web Tools Workshop 2 Your Presenter: Laura Silberstein.
NETWORKING IN LINUX. WHAT IS LINUX..? Freely implemention of UNIX-like Kernel. Free & Open source Software. Developed by Linus Torvalds in 1991.
The Secure Shell Copyright © Software Carpentry 2011 This work is licensed under the Creative Commons Attribution License See
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Berkeley R Utilities & the new S Utilities The Unix (or Berkeley) r utilities provide an alternative to IP facilities telnet and ftp. Three programs: rlogin.
Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.
SSH Operation The Swiss Army Knife of encryption tools…
REMOTE LOGIN. TEAM MEMBERS AMULYA GURURAJ 1MS07IS006 AMULYA GURURAJ 1MS07IS006 BHARGAVI C.S 1MS07IS013 BHARGAVI C.S 1MS07IS013 MEGHANA N. 1MS07IS050 MEGHANA.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
SSH Tricks Slide 1 SSH Tricks Matthew G. Marsh. SSH Tricks Slide 2 Overview  SSH –What is it –How does it work  Discussion of Network Topology –Tricks.
Phil Hurvitz Securing UNIX Servers with the Secure.
SSH Tricks for CSF Slide 1 NEbraskaCERT SSH Tricks Matthew G. Marsh 05/21/03.
Linux Services Configuration
Team 6 Decrypting Encryption Jeffrey Vordick, Charles Sheefel, and Shyam Rasaily.
CITA 310 Section 8 Extending the Web Environment (Textbook Chapter 9)
1 Day 2 Logging in, Passwords, Man, talk, write. 2 Logging in Unix is a multi user system –Many people can be using it at the same time. –Connections.
FTP COMMANDS OBJECTIVES. General overview. Introduction to FTP server. Types of FTP users. FTP commands examples. FTP commands in action (example of use).
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
C Copyright © 2006, Oracle. All rights reserved. Oracle Secure Backup Additional Installation Topics.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Day11a FTP. File Transfer Protocol. –Used to move files from one machine to another. Windows -> Unix Unix -> Windows Unix -> Unix Windows -> Windows etc.
Security with SSH Unix System Administration Workshop AfNOG 2007 Hervey Allen.
SSH - Lab We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2.
Secure services Unit-IV CHAP-1
Remote Logging, Electronic Mail, and File Transfer
Web Programming Essentials:
Andy Wang Object Oriented Programming in C++ COP 3330
FTP Lecture supp.
Chapter 21 File Transfer: FTP and TFTP
The Linux Operating System
Web Server Administration
FTP and UNIX TOPICS Exploring your Web Hosting Site FTP UNIX
File Transfer: FTP Objectives Chapter 19
Web Programming Essentials:
Chapter 7 Network Applications
Presentation transcript:

HP World 2005 Securing your Unix environment with HP Secure Shell Steven E Protter Senior Systems Administrator I.S.N. Corporation

Secure Shell Presentation Outline 1 Presenter information –Qualifications and experience. –Warning !! –How he got here. What is HP Secure Shell –Advantages –Challenges –Components

Secure Shell Presentation Outline 2 Where do I get HP Secure Shell How do I install HP Secure Shell Why should I use HP Secure Shell

Secure Shell Presentation Outline 3 Step by step for installation and exchange of public keys. –Downloading the software. –Installation. –Exchanging public keys. Questions and (hopefully) answers

Getting Started

Qualifications and Experience 1 10 years of systems administration work on HP-UX 10.20, 11 and 11i v1 Actual Experience with a disaster involving major loss of data. Five years of experience as a Linux administrator HP-UX CSA (Can pass a multiple choice examination) Two major Unix OS/Hardware conversions.

Qualifications and Experience 2 14 ½ the Jewish United Fund Experience as a programmer. Systems Analyst Software AG and Oracle DBA HP-UX Administrator Married 10 years to a Russian American Recently moved to Israel

Warning! Try this at your shop! I do not have complete knowledge on topic –Nobody can, its two complex. –Have made this work in a mixed HP-UX/Linux environment. Can only understand Russian accented English. This is something you want to try at home.

How Steve Protter Got here Found a call for presentations at –Sent in two suggestions –Both were accepted Flew from Tel Aviv to Newark, NJ Drove from Connecticut to San Francisco –Made several consulting stops in route

What is HP Secure Shell? Hewlett-Packard’s port of openssh Open source product More

More Information

Advantages of HP Secure Shell? Hewlett-Packard’s Port of openssh –Some bugs were fixed prior to HP release. –Released in depot format –Port insures smooth operation with HP-UX –Replaces insecure products such as rsh and remesh –Session and passwords are encrypted

Challenges of HP Secure Shell? Sometimes you have to wait for it. The environment is slightly different than what it replaces. You can not completely remove the old protocols and still do Ignite Imaging. To be announced.

Secure Shell Components 1 ssh: Secure Shell –Replaces rsh, rexec, remesh, telnet sftp: Secure file transfer protocol –Common command set with ftp –Knows the difference between binary and ascii files –No mput –Scriptable

Secure Shell Components 2 scp: Secure copy –Replaces rcp –Can copy large file systems –Makes my life easier

How to get HP Secure Shell Core OS: It is/may be an install option Application CD: Released every 6 months

How to get HP Secure Shell

Use sftp to copy it to HP-9000 server or use a web browser on the box for download. Wed Jun 1 16:37: :/home/secsh [8460#] ll total rw-r--r-- 1 root sys Jun 1 23:48 T1471AA_A _HP- UX_B.11.11_32+64.depot

Before you install Read the installation instructions –Not because you don’t know how to swinstall. –Because there may be patch recommendations and other helpful information.

Patches 11i version 1 patches –Pam patch: PHCO_30402 –OS patch: PHCO_26466 swlist –l product | grep PHCO_30402 swlist –l product | grep PHCO_26466 Why? It may still install but give trouble later.

How to install HP Secure Shell swinstall -s /home/secsh/T1471AA_A _ HP-UX_B.11.11_32+64.depot \*

“The command line is the Systems Administrators best friend.” Steven E Protter Senior Systems Administrator ISN Corporation

“Because someday it may be all you have.” Steven E Protter Senior Systems Administrator ISN Corporation

Situations with no GUI tools: Single User Mode (hpux –is) LM mode (hpux –lm)

Public Key Exchange Advantages: –Ease of administration –More secure than typing passwords –You don’t have to remember passwords –Works over multiple operating systems

Public Key Exchange Challenges: –You may someday boot the wrong system –If a root password is compromised on one system root access is granted on all systems with public key exchange.

Public Key Exchange Tricks (ways to stay out of trouble): –Change the prompt to include system name –Set terminal color in the environment profile

Public Key Exchange: Change prompt PS1= [8476#] echo ${PS1} Wed Jun 1 16:37: :$PWD [!#] In /etc/profile ENV=/.kshrc

Public Key Exchange: Change prompt vi /.kshrc PS1=`date -u +%c `:`echo $PWD [!#] '

Public Key Exchange: Change prompt A prompt that lets you know where you are Thu Jun 2 13:50:10 /root/ [1158#]

Public Key Exchange: Generate keys ssh-keygen -t dsa. Press for the next 3 questions This creates a directory called.ssh cd.ssh

Public Key Exchange ls –la -rw root sys 668 Jun 2 09:03 id_dsa -rw-r root sys 600 Jun 2 09:03 id_dsa.pub cat id_dsa.pub (just taking a look)

Public Key Exchange: Home directory permissions [ 1168#] env | grep HOME HOME=/root/ Thu Jun 2 13:50:10 /root/.ssh [1169#] chmod 755 $HOME Thu Jun 2 13:50:10 /root/.ssh

Public Key Exchange: Host setup ssh hpweb The authenticity of host 'hpweb ( )' can't be established. RSA key fingerprint is 97:1d:cb:bf:b3:54:9f:54:12:8f:2f:3a:aa:b9:10:7c. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'hpweb, ' (RSA) to the list of known hosts. Password:

Public Key Exchange: Host setup cd.ssh scp –p eilat:/$PWD/id_dsa.pub authorized_keys cat id_dsa.pub >> authorized_keys chmod 644 authorized_keys scp –p authorized_keys eilat:/$PWD

Public Key Exchange: Host setup ls –la before and after -rw-r root sys 600 Jun 2 09:03 authorized_keys -rw-r root sys 2020 Nov id.dat -rw root sys 668 Apr 26 04:56 id_dsa -rw-r--r-- 1 root sys 600 Apr 26 04:56 id_dsa.pub -rw-r--r-- 1 root sys 3339 May 8 00:34 known_hosts -rw root sys 1024 Feb prng_seed [8494#] cat id_dsa.pub >> authorized_keys Thu Jun 2 14:20: :/root/.ssh -rw-r root sys 1200 Jun 2 09:21 authorized_keys -rw-r root sys 2020 Nov id.dat -rw root sys 668 Apr 26 04:56 id_dsa -rw-r--r-- 1 root sys 600 Apr 26 04:56 id_dsa.pub -rw-r--r-- 1 root sys 3339 May 8 00:34 known_hosts -rw root sys 1024 Feb prng_seed

Public Key Exchange: Host setup scp –p authorized_keys eilat:/$PWD You will be prompted for a password. Try it again, you should not be prompted for a password. DONE!

Public Key Exchange: Summary Permissions are crucial. –If prompted for a password when you think you should not be prompted, go back and check permissions

Questions & (Hopefully) Answers

More Information

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.