UNIX operacinės sistemos V. TCP/IP įrankiai. SSH naudojimas Simonas Kareiva 2014 m. rudens semestras.

Slides:



Advertisements
Similar presentations
Jump to first page Setup Ethernet & PPP client on Laptop computer Presented by: Xuewu Cai Jianfang Wang.
Advertisements

David Byers IDA/ADIT/IISLAB ©2003–2004 David Byers Linux Network Basics REVIEW – IPv4 – LINUX NETWORKING.
Terminology and basic structures for lab 1 ©2012 Prof. José María Foces Morán.
6 UNIX Network Utilities Mauro Jaskelioff. Introduction Overview of computer networks Network related utilities –Accessing a remote computer –Transferring.
SYSTEM ADMINISTRATION Chapter 19
Linux network troubleshooting If your network connection is not working..
588 Section 2 Neil Spring April 13, Schedule traceroute (context) Paxson’s Pathologies Dijkstra’s (shortest path) Algorithm Subnetting Homework.
Installing and running FreeS/WAN. What is FreeS/WAN An implementation of IpSec for Linux –Can be found at Helps setup encrypted and/or.
Network Management And Debugging
Network Debugging Organizational Communications and Technologies Prithvi Rao H. John Heinz III School of Public Policy and Management Carnegie Mellon University.
Linux Setting up your network. Basic Approaches Configure during installation –Disadvantage -> not able to redo easily –Advantage-> holds your hand Configure.
Linux Networking Sirak Kaewjamnong. 2 Configuration NIC IP address  NIC: Network Interface Card  Use “ipconfig” command to determine IP address, interface.
CISCO NETWORKING ACADEMY Chabot College ELEC ping & traceroute.
Everything. MACIP End-host IP: MAC: 11:11:11:11:11 gateway IP: MAC: 22:22:22:22:22 Google server IP: MACIP MACInterfaceMACInterface.
Linux Networking Commands
Ssh keys, yum, ntp, rsync 1.  CST8177 Linux Operating Systems II  Saturday 13-Dec-14 10:30-13:30 T130 2.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 7 Connect the SUSE Linux Enterprise Server to the Network.
TCP/IP Networking sections 13.2,3,4,5 Road map: TCP, provide connection-oriented service IP, route data packets from one machine to another (RFC 791) ICMP,
CCNA Introduction to Networking 5.0 Rick Graziani Cabrillo College
Managing Network connections. Network Cabling Ethernet Topology Bus topology – Connects each node in a line – Has no central connection point Star topology.
HALP! Something is in my tubes! Part I by Jason Testart, IST.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
Networking ● Networking uses the TCP/IP protocol by default, but Linux can use other protocols to interact with other operating systems: MS Networking.
Cybersecurity Computer Science Innovations, LLC. Fingerprinting So, we have a file at the top level of a Web site. It is called robots.txt It specifies.
Network Troubleshooting
Mike Meyers’ CompTIA Network+ ® Guide to Managing and Troubleshooting Networks, Third Edition (Exam N ) © 2012 The McGraw-Hill Companies, Inc. All.
Network Tools TCP/IP interface configuration query - MAC (HW) address and IP address – Linux - /sbin/ifconfig – MS Windows – ipconfig/all 1.
Page 1 COMP210 Network layer. Page 2 The Network Layer  The network layer is responsible for establishing, maintaining and terminating connections 
Cosc 4750 Networking. The basics Machine A and Machine B have a connection to a network When Machine A wants to “talk” to machine B, it creates a packet.
Andreas Steffen, , 11-SSH.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen M. Liebi Institute for Internet Technologies and Applications.
IP Forwarding.
1 IP: putting it all together Part 1 G53ACC Chris Greenhalgh.
Copyright © Lopamudra Roychoudhuri
Networking Colin Alworth May 26, Quick Review IP address: four octets Broadcast addresses –IP addresses use all 1’s for the host bits, and whatever.
1 Tutorial 6: Networking Utilities & Firewall. 2 Internet Control Message Protocol (ICMP) designed to compensate for the deficiencies of IP protocol.
We will now practice the following concepts: - The use of known_hosts files - SSH connection with password authentication - RSA version 2 protocol key.
NETWORKING IN LINUX. WHAT IS LINUX..? Freely implemention of UNIX-like Kernel. Free & Open source Software. Developed by Linus Torvalds in 1991.
© Jörg Liebeherr (modified by M. Veeraraghavan) 1 ICMP: A helper protocol to IP The Internet Control Message Protocol (ICMP) is the protocol used for error.
System Troubleshooting TCS Network, System, and Load Monitoring TCS for Developers.
1 Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example.
1 Internet Tool Practice 한두균 송정환
1 Internet Control Message Protocol (ICMP) Used to send error and control messages. It is a necessary part of the TCP/IP suite. It is above the IP module.
The Secure Shell Copyright © Software Carpentry 2011 This work is licensed under the Creative Commons Attribution License See
Internet Protocols. Address Resolution IP Addresses are not recognized by hardware. If we know the IP address of a host, how do we find out the hardware.
Basic IP Protocol Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
1 COP 4343 Unix System Administration Unit 11: Networking – basic concepts: IP, TCP, UDP, DHCP – devices: setup, status.
2010 paro, bhutan IP Basics IP/ISP Services Workshop July, 2010 Paro, Bhutan.
Linux Setting up your network. Basic Approaches Configure during installation –Disadvantage -> not able to redo easily –Advantage-> holds your hand Configure.
IPv6 – The Future Of The Internet Redbrick Networking Conference 26 March 2003 Dave Wilson DW238-RIPE.
IP network tools & troubleshooting AFCHIX 2010 Nairobi, Kenya October 2010.
TCP/IP Networking Objectives –to learn how to integrate a RedHat system onto a TCP/IP network Contents –TCP/IP configuration files –Network configuration.
Basic Linux Router I Router, a device that... Working on OSI Layer 3 (Network Layer) Connected to more than one networks Finding.
BNL PDN Enhancements. Perimeter Load Balancers Scaleable Performance Fault Tolerance Server Maintainability User Convenience Perimeter Security.
Linux Operations and Administration Chapter Eight Network Communications.
CSN09101 Networked Services Week 5 : Networking
Fall 2011 Nassau Community College ITE153 – Operating Systems 1 Session 9 Networking & Operating Systems (part 2)
1 COMP 431 Internet Services & Protocols The IP Internet Protocol Jasleen Kaur April 21, 2016.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
UDP. User Datagram Protocol (UDP)  Unreliable and unordered datagram service  Adds multiplexing  No flow control  Endpoints identified by ports 
Network Overview. Protocol Protocol (network protocols) - a special set of rules that define communication between two or more devices on a network.
Ifconfig Kevin O'Brien Washtenaw Linux Users Group
Network and System Security Risk Assessment
Linux network troubleshooting
MAC Address Tables on Connected Switches
IPv6 Hands-on pre-GDB IPv6 workshop 7th of June 2016 edoardo
ICMP ICMP = Internet Control Message Protocol Layer 3
Introduction to Networking
IP Forwarding Relates to Lab 3.
IP Forwarding Relates to Lab 3.
Presentation transcript:

UNIX operacinės sistemos V. TCP/IP įrankiai. SSH naudojimas Simonas Kareiva 2014 m. rudens semestras

Paskaita #5 – I dalis Įvadas į TCP/IP bei OSI. IP adresas IP ir MAC adresai Darbas su UNIX OS tinkle Komandos ping ir traceroute Komandos arp, ifconfig ir route

TCP/IP Duomenų perdavimo protokolų rinkinys (HTTP / FTP / DNS / …) Sukurta , įdiegta 1983 Abstrakcijos lygiai (žr. toliau) Enkapsuliacija OSI modelis

Teoriškai Kompiuteris 2 Maršruti -zatorius Kompiuteris 1

Praktiškai Kompiuteris 2 Maršruti -zatorius Kompiuteris 1 Maršruti -zatorius

Kaip vyksta komunikacija? Ethernet Palydovi nis ryšys / optika / etc. WiFi Aplikacija Transportas Tinklas Sujungimas Aplikacija Transportas Tinklas Sujungimas Tinklas Sujungimas Tinklas Sujungimas

IP adresas ir kaukė / ? ?

Užduotis IP adresas yra /19 Klausimai: Kokia yra tinklo kaukės išraiška pilnu formatu? Kiek daugiausiai kompiuterių galima sujungti į tokį tinklą? Kokios tai klasės IP adresas?

Atsakymas - ipcalc > ipcalc /19 Address: Netmask: = Wildcard: => Network: / HostMin: HostMax: Broadcast: Hosts/Net: 8190 Class A, Private Internet

dar vienas IP užrašymo būdas (sh) #!/bin/sh IPTONUM () { IP=$1; IPNUM=0 for (( i=0 ; i<4 ; ++i )); do ((IPNUM+=${IP%.*}*$((256**$((3-${i})))))) IP=${IP#*.} done echo $IPNUM } NUMTOIP () { echo -n $(($(($(($((${1}/256))/256))/256))%256)). echo -n $(($(($((${1}/256))/256))%256)). echo -n $(($((${1}/256))%256)). echo $((${1}%256)) }

Adresų klasės KlasėPirmas oktetas dvejetainėje sistemoje Pirmas oktetas nuo-iki Tinklą identifikuoja Tinklų skaičius A0XXXXXXX a.2 7 = 128 B10XXXXXX a.b.2 14 = 16,384 C110XXXXX a.b.c.2 21 = 2,097,152

MAC adresas 08:00:20:d1:b0:0a – Sun Microsystems Inc. d1b00a – unikalus gaminio ID MAC / IP ryšys DHCP Statinis DHCP Dinaminis DHCP

Darbas tinkle su UNIX OS talk lynx echo paskambink | mail –s svarbu ping ifconfig

> ifconfig eth0 Link encap:Ethernet HWaddr 00:22:15:88:9c:93 inet addr: Bcast: Mask: inet6 addr: fe80::222:15ff:fe88:9c93/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets: errors:0 dropped:0 overruns:0 frame:0 TX packets: errors:0 dropped:0 overruns:0 carrier:1 collisions:0 txqueuelen:1000 RX bytes: (592.3 MB) TX bytes: (3.4 GB) lo Link encap:Local Loopback inet addr: Mask: inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets: errors:0 dropped:0 overruns:0 frame:0 TX packets: errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes: (2.2 GB) TX bytes: (2.2 GB)

ping > ping PING ( ): 56 data bytes 64 bytes from : icmp_seq=0 ttl=240 time= ms 64 bytes from : icmp_seq=1 ttl=240 time= ms 64 bytes from : icmp_seq=2 ttl=240 time= ms ping: sendto: Network is down ^C ping statistics packets transmitted, 3 packets received, 50% packet loss round-trip min/avg/max/stddev = / / / ms

traceroute > traceroute cisco.netacad.net traceroute to cisco.netacad.net ( ), 30 hops max, 40 byte packets 1 gw.ep.lt ( ) ms ms ms static.telecom.lt ( ) ms ms ms telecom.lt ( ) ms ms ms 4 war-b3-link.telia.net ( ) ms ms ms 5 hbg-bb2-link.telia.net ( ) ms ms ms 6 ldn-bb2-link.telia.net ( ) ms ldn-bb2-link.telia.net ( ) ms ldn-bb2-link.telia.net ( ) ms 7 ash-bb1-link.telia.net ( ) ms ms ash-bb1-link.telia.net ( ) ms ( ) ms ms * 9 cr1.wswdc.ip.att.net ( ) ms ms ms 10 cr2.phlpa.ip.att.net ( ) ms ms ms 11 cr2.cl2oh.ip.att.net ( ) ms ms ms 12 cr1.cl2oh.ip.att.net ( ) ms ms ms 13 cr1.cgcil.ip.att.net ( ) ms ms ms 14 cr1.sffca.ip.att.net ( ) ms ms ms 15 gar1.sj2ca.ip.att.net ( ) ms ms ms ( ) ms ms ms 17 sjck-dmzbb-gw1.cisco.com ( ) ms ms ms 18 sjc12-dmzbb-gw1-g1-37.cisco.com ( ) ms ms ms 19 sjc12-dmzdc-gw1-gig5-2.cisco.com ( ) ms ms ms 20 * * * 21 * * * 22 * * *

arp > arp -an ? ( ) at 00:c0:02:2a:4e:6d [ether] on eth0 ? ( ) at 00:15:60:57:06:cd [ether] on eth0 ? ( ) at 00:0e:0c:4e:62:f8 [ether] on eth0 ? ( ) at 00:06:29:39:63:c3 [ether] on eth0 ? ( ) at 00:80:a3:8c:0d:72 [ether] on eth0 ? ( ) at 00:11:d8:94:a9:4a [ether] on eth0 ? ( ) at 00:18:f3:87:31:17 [ether] on eth0 ? ( ) at 00:0e:a6:34:37:a1 [ether] on eth0 ? ( ) at 00:0c:f1:ed:c8:56 [ether] on eth0 ? ( ) at 00:10:5a:5a:06:f1 [ether] on eth0 ? ( ) at 00:30:48:88:d9:1e [ether] on eth0 ? ( ) at 00:08:02:ef:fa:a4 [ether] on eth0

route > route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface UGH eth UGH eth U eth UG eth0

Maršrutizavimas Kompiuteris /28 Router 3 Router 1 Kompiuteris /24 Router 2 Kompiuteris /24 Internetas

II dalis - kas yra SSH? SSH - Secure SHell Nuotolinių komandų vykdymas SSL šifravimas Prievadų nukreipimas X aplinkos prievadų nukreipimas (X-forwarding)

SSH – Secure SHell ssh uosis.mif.vu.lt ssh ssh –l user1234 uosis.mif.vu.lt ssh –l user1234 uosis.mif.vu.lt –p 222 ssh –l user1234 uosis.mif.vu.lt –p 222 who ssh –X –l user1234 uosis.mif.vu.lt –p 222 xterm

SCP – secure copy scp /local/file scp /local/file scp scp *

Privatūs ir vieši raktai Siuntėjas Gavėjo viešas raktas LABAS :) Gavėjo privatus raktas LABAS :) (&#!#^&$

ssh-keygen # ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): id_rsa1 Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in id_rsa1. Your public key has been saved in id_rsa1.pub. The key fingerprint is: 79:29:18:f5:6b:35:85:cb:98:6b:be:86:00:04:c4:0c Kaip elgtis toliau? Pvz: # ssh b13.vu.lt Enter passphrase for key '/root/.ssh/id_rsa':

man sshd AUTHORIZED_KEYS FILE FORMAT AuthorizedKeysFile specifies the file containing public keys for public key authentication; if none is specified, the default is ~/.ssh/authorized_keys. Each line of the file contains one key (empty lines and lines starting with a ‘#’ are ignored as comments).

Known hosts # ssh The authenticity of host 'b13.vu.lt ( )' can't be established. RSA key fingerprint is a2:f9:5e:50:17:ca:86:b1:97:58:96:31:f2:d2:8a:93. Are you sure you want to continue connecting (yes/no)? no Host key verification failed. # # ssh The authenticity of host 'b13.vu.lt ( )' can't be established. RSA key fingerprint is a2:f9:5e:50:17:ca:86:b1:97:58:96:31:f2:d2:8a:93. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'b13.vu.lt, ' (RSA) to the list of known hosts. Password:

Kai pasikeičia host key… # ssh @ WARNING: REMOTE HOST IDENTIFICATION HAS IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 3f:1b:f4:bd:c5:aa:c1:1f:bf:4e:2e:cf:53:fa:d8:59. Please contact your system administrator. Add correct host key in /home/user/.ssh/known_hosts to get rid of this message. Offending key in /home/user/.ssh/known_hosts:3 RSA host key for b13.vu.lt has changed and you have requested strict checking. Host key verification failed. #

Prievadų nukreipimas ssh –R [bind_address:]port:host:hostport ssh -L [bind_address:]port:host:hostport

Saugumas anti-sec:~/pwn/xpl#./0pen0wn -h xx.yy p 22 [+] 0wn0wn – anti-sec group [+] Target: xx.yy [+] SSH Port: 22 [~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>] sh-3.2# export HISTFILE=/dev/null sh-3.2# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) sh-3.2# uname -a Linux xx.yy.net grsec-hostnoc x86_64-libata #1 SMP Mon Aug 25 15:56:12 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux