We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2 protocol key.

Slides:



Advertisements
Similar presentations
Secure File Transfer Protocol (SFTP) With Secure Copy (SC) What is a Secure File Transfer Protocol with Secure Copy???
Advertisements

Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.
1 Automated SFTP Windows and SUN Linux and SUN. 2 Vocabulary  Client = local=the machine generating the SFTP request  Server = remote = the machine.
SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
PlanetLab What is PlanetLab? A group of computers available as a testbed for computer networking and distributed systems research.
Computer Organization Tools Computer Organization 1 © WD McQuain Programming Tools Most of the programming assignments will require using.
Using FTP Prof. Wayne Pollock Hillsborough Community College Tampa, FL
Client-Server Applications. Indirect Top Level Interaction Application.
OpenSSH (SSH - Secure SHell) Silvio C. Sampaio Doctoral Programme in Informatics Engineering PRODEI011 - Computer Systems Security –
Introducing the Command Line CMSC 121 Introduction to UNIX Much of the material in these slides was taken from Dan Hood’s CMSC 121 Lecture Notes.
Engineering H192 - Computer Programming The Ohio State University Gateway Engineering Education Coalition Lect 4P. 1Winter Quarter Introduction to UNIX.
Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
A crash course in njit’s Afs
The Unix Environment and Compiling. Getting Set Up Your programs will be compiled and tested on the Departmental server ‘linprog’ The linprog servers.
Using the “CLI” Unix / Linux Preparation Course May 25 Djibouti.
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.
SSH. Review 1-minute exercise: Find the open ports on you own VM [Good] nmap [Better] netstat -lpunt.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.
Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
HP World 2005 Securing your Unix environment with HP Secure Shell Steven E Protter Senior Systems Administrator I.S.N. Corporation.
Secure Shell Mike Griffiths & Deniz Savas CiCS Dept Sheffield University November 2005.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
Network Security: Lab#3 Transport-Level Security Tools J. H. Wang May 12, 2011.
Workbook 10 Chapter 8. Remote Shell Commands Pace Center for Business and Technology 1.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
The Secure Shell Copyright © Software Carpentry 2011 This work is licensed under the Creative Commons Attribution License See
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Secure Shell (SSH) Presented By Scott Duckworth April 19, 2007.
SSH Operation The Swiss Army Knife of encryption tools…
Unix and Samba By: IC Labs (Raj Kidambi). What is Unix?  Unix stands for UNiplexed Information and Computing System. (It was originally spelled "Unics.")
1 Remote Access Telnet Telnet FTP FTP. 2 Applications and Communications Telnet Telnet  Program for accessing systems remotely.  Available on Windows.
Creating Programs on UNIX This term you can create programs on UNIX or you can create programs using a C++ compiler on your PC. This set of slides steps.
1May 16, 2005 Week 2 Lab Agenda Command Line FTP Commands Review More UNIX commands to learn File name expansion - * Introduction of vi.
SSH Tricks Slide 1 SSH Tricks Matthew G. Marsh. SSH Tricks Slide 2 Overview  SSH –What is it –How does it work  Discussion of Network Topology –Tricks.
SSH Tricks for CSF Slide 1 NEbraskaCERT SSH Tricks Matthew G. Marsh 05/21/03.
Team 6 Decrypting Encryption Jeffrey Vordick, Charles Sheefel, and Shyam Rasaily.
1 Running MPI on “Gridfarm” Bryan Carpenter February, 2005.
AN INTRO TO UNIX/LINUX COMMANDS BY: JIAYANG WANG.
Linux A practical introduction. 1)Background and Getting Started Linux is an operating system with multiple providers Red Hat/CentOS (our version) Ubuntu.
File Transfer Protocol (FTP) CIS 130. File Transfer Protocol (FTP) Copy files from one internet host (server) to your account on another host –Need domain.
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
+ Vieques and Your Computer Dan Malmer & Joey Azofeifa.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
CS 120 Extra: The CS1 Server Tarik Booker CS 120.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Assignprelim.1 Assignment Preliminaries © 2012 B. Wilkinson/Clayton Ferner. Modification date: Jan 16a, 2014.
Security with SSH ccTLD Workshop Samoa Hervey Allen.
OpenSSH – Public Key Authentication ● Jonathan Schipp ● Dubois County Linux User Group ● Nov 7 th 2010 ● jonschipp (at) gmail.com.
Security with SSH Unix System Administration Workshop AfNOG 2007 Hervey Allen.
Security with SSH ISP Services Workshop SANOG 9 Hervey Allen.
SSH - Lab We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2.
Secure services Unit-IV CHAP-1
Ssh: secure shell.
CS1010: Intro Workshop.
Hillsborough Community College
Andy Wang Object Oriented Programming in C++ COP 3330
cctld Workshop Georgetown, Guyana Hervey Allen
AFNOG 5 Workshop Hervey Allen
Getting SSH to Work Between Computers
File Transfer Olivia Irving and Cameron Foss
FTP and UNIX TOPICS Exploring your Web Hosting Site FTP UNIX
Andy Wang Object Oriented Programming in C++ COP 3330
Presentation transcript:

We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2 protocol key generation - Public key copying - Connecting with private key passphrase using key-based authentication - Using scp with RSA key authentication - Some ssh “hacks” without passwords. *Technically you are still challenged (even if that is a bad pun in English). SSH - Lab

The use of known_hosts files Connect to the machine next to your machine using ssh: ssh If this is your first connection to this machine you should see (example uses host1 connecting to host2): pc1# ssh The authenticity of host 'pc2.cctld.pacnog2.dnsdojo.net ( )' can't be established. RSA1 key fingerprint is 60:f7:04:8b:f7:61:c4:41:6e:9a:6f:53:7d:95:cb:29. Are you sure you want to continue connecting (yes/no)? Go ahead and answer “yes” here, but we'll discuss the implications of this in class. Are there ways around this? Could this be a “man in the middle” attack? What file is created or updated? Why? SSH - Lab Cont.

ssh connection with password authentication At the prompt below when you answered yes, you were asked to enter in the admin password for pc2.cctld.pacnog2.dnsdojo.net: host1# ssh The authenticity of host 'pc2.cctld.pacnog2.dnsdojo.net ( )' can't be established. RSA2 key fingerprint is 60:f7:04:8b:f7:61:c4:41:6e:9a:6f:53:7d:95:cb:29. Are you sure you want to continue connecting (yes/no)? yes And, this is what you should have seen: Warning: Permanently added 'pc2.cctld.pacnog2.dnsdojo.net' (RSA2) to the list of known hosts. [/etc/ssh/ssh_host_key.pub] password: Now you are “securely” connected as admin to pc2.cctld.pacnog2.dnsdojo.net - We will discuss what happened during this connection. SSH - Lab Cont.

rsa1/rsa2/dsa Key Generation We will now generate a single RSA SSH protocol 2 key of 2048 bits. To do this, issue the following command. If you are logged in on the other machine, logout first! ssh-keygen -t rsa -b 2048 You will be prompted for a file location for the key as well as for a passphrase to encrypt the key file. Be sure to enter a passphrase. Private key files without passphrases are a security hole, or maybe not... We'll discuss this as we complete this excercise. You can use a passphrase other than what was given in class for the admin account if you wish. SSH - Lab Cont.

RSA 2 Key Generation Here is the output from the command “ssh-keygen -t rsa -b 2048”: SSH - Lab Cont. pc1# ssh-keygen -t rsa -b 2048 Generating public/private rsa key pair. Enter file in which to save the key (/admin/.ssh/id_rsa): [enter] Enter passphrase (empty for no passphrase): [pw] Enter same passphrase again: [pw] Your identification has been saved in /admin/.ssh/id_rsa. Your public key has been saved in /admin/.ssh/id_rsa.pub. The key fingerprint is: 0f:f5:b3:bc:f7:5b:c8:ce:79:d0:b1:ab:2c:67:21:62 pc1#

Public Key Copying Now that you have a public and private RSA(2) set of keys you can take advantage of them. We will copy the public key to the same host you connected to previously, save this to the files known_hosts, and then reconnect to the host and see the difference: First you must copy the public key files to the host you used previously (pcn.cctld.pacnog2.dnsdojo.net): cd ~/.ssh scp id_rsa.pub You will be prompted for the password for the host and username you are connecting to. We continue with our example using pc1 connecting to pc2 as admin. SSH - Lab Cont.

Public Key Copying The output from the command on the previous page looks like: SSH - Lab Cont. pc1# scp *.pub password: id_rsa.pub 100% |*****************************| :00 pc1# You now have the public key file sitting on the host that will need them to use RSA/DSA public/private key authentication with you. You next step is to place these keys in the appropriate files. You need the RSA keys in ~/.ssh/authorized_keys You can try to figure this out, or go to the next slide for steps to do this:

Public Key Copying To copy the public keys to the correct places do the following: ssh cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys rm /tmp/id_rsa.pub exit If you are unsure of what these commands do they will they are explained in class. In addition, you can do this many different ways, and you could issue the commands differently as well. If you understand what these commands do and have a preferred method, then feel free to use it. Go to the next slide to connect with your public/private keys! SSH - Lab Cont.

Public/Private Key Connection To connect using your RSA protocol 2 key simply type: ssh And, here is the output you should see (pc1 to pc2 example): host1# ssh Enter passphrase for RSA key This is actually pretty neat! You did not enter in the admin password for the admin account on pcn.cctld.pacnog2.dnsdojo.net, but rather you used the passphrase that you chose for your private RSA protocol 2 key when you issued the command “ ssh-keygen -t rsa -b 2048 ” - This was used to decode the encoded random number exchanged between the hosts (remember “Magic Phrase?”). Why was the RSA protocol 2 key used? We'll discuss this in class. SSH - Lab Cont.

SCP Public/Private Key Connection First disconnect from the ssh session you previously made: exit Now, try copying a file from your machine to the other machine (pick a small file) using SCP (SeCure coPy): scp filename What did you notice? You should have noticed that you no longer get a password challenge to this account on this node, but rather you need to provide your RSA protocol 2 private key passphrase. This is expected. SCP and SSH are from the same package - OpenSSH and both use RSA and DSA keys in the same way. SSH - Lab Cont.

Another SSH tool - SFTP In addition to scp, ssh has a secure ftp tool called sftp. Give it a try: Let's use sftp to get your neighbor's /etc/motd file and place it in your /tmp directory. sftp Once you are connected: sftp> lcd /tmp [change local directory to /tmp] sftp> cd /etc [change remote directory to /etc] sftp> get motd [download /etc/motd to /tmp/motd] sftp> ? [view summary help] sftp> bye [terminate connection] ls /tmp/motd [prove you got the file] SSH - Lab Cont.

Now let's use the power of scp Multiple file and directory copy: Let's copy all the files and directories in /usr/ports/palm from your machine to your neighbor's machine using one command (1.4Mb): scp -r /usr/ports/palm/* “-r” for recursively copy “/tmp/.” to place files in your neighbor's /tmp directory. SSH - Lab Cont.

Now let's use the power of scp some more! (Note: we may skip this exercise... ) Copy a file from one remote machine to another. Let's move /etc/fstab on your left neighbor's machine to /tmp/fstab.copy on your right neighbor's machine using a single command. scp \ “\” for newline, not part of the command. If admin password is the same on both you only enter it once. Did you notice we renamed the file as well? SSH - Lab Cont.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.