Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSH Foo KW-LUG Presentation Epoch 1543838400 jasoneckert.net.

Published bySimona Aleksić Modified over 6 years ago

Similar presentations

Presentation on theme: "SSH Foo KW-LUG Presentation Epoch 1543838400 jasoneckert.net."— Presentation transcript:

1 SSH Foo KW-LUG Presentation Epoch jasoneckert.net

2 SSH Kung Fu KW-LUG Presentation Epoch jasoneckert.net

3 SSH Fu KW-LUG Presentation Epoch jasoneckert.net

4 SSH Foo KW-LUG Presentation Epoch jasoneckert.net

5 Crypto Basics Symmetric crypto (e.g. AES/Blowfish/RC4):
Fast for encrypting payloads of data Key negotiation across a network sucks Clients usually generate a symkey and encrypt it asymmetrically to get it to a server

6 Crypto Basics Asymmetric crypto (e.g. RSA/DSA/ECC):

7 SSH Basics Encrypted telnet but without Star Wars
Uses symmetric encryption for all payload data Uses asymmetric encryption to protect sym key generated by the SSH client

8 SSH Basics Symmetric encryption controlled by client
/etc/ssh/ssh_config Ciphers (usually AES*) Asymmetric encryption controlled by server (the host keys): /etc/ssh/sshd_config HostKey /etc/ssh/ssh_host_rsa_key (& .pub) HostKey /etc/ssh/ssh_host_ecdsa_key (& .pub) HostKey /etc/ssh/ssh_host_ed25519_key (& .pub) ~/.ssh/known_hosts

9 SSH User Keys You can also create asymmetric keys for your local user account and add these keys to each server you manage to avoid passwords ssh-keygen ***Do you want to protect private key with passphrase? You’ll need it each time the private key is used unless you want to load the ssh-agent cat ~/.ssh/id_rsa cat ~/.ssh/id_rsa.pub ssh-copy-id -i ssh (look ma, no password!) PermitRootLogins without-password

10 SSH User Keys Many systems prevent root SSH in sshd_config (must connect as bob and su/sudo): PermitRootLogins yes/no/without-password If you want to omit the username for each host, you can use host-specific options on your SSH client to specify a default user: cat ~/.ssh/config Host server1 User admin Host server2 User bob PasswordAuthentication no (requires SSH keys for all connections!)

11 Copying Files Copy remote /root/lala file (on server1) to local /var directory ssh cat /root/lala > /var/sample scp /var Copy the local /root/lala file to /var directory on remote computer (appserver) ssh cat </root/lala ">" /var/lala scp /root/lala

12 Copying Files Can also use piping Works for anything, really
dd if=/root/lala | ssh -C dd of=/var/lala Works for anything, really dd if=/dev/tty5 | ssh -C dd of=/dev/tty2

13 Tunneling Tunneling other stuff (e.g. VNC)
Tunneling X.org (requires xauth) ssh –X gnome-control-center Tunneling other stuff (e.g. VNC) Local tunneling – e.g. forward local traffic on port 5999 to server1 on port 5900 as bob. ssh -L 5999:localhost:5900 After this, you can start a VNC viewer and connect to localhost:5999 to access the VNC server running on port 5900 on server1 through an SSH tunnel) Xauth is installed by default on workstation installs, but you may have to add it to a server install.

14 Tunneling Remote tunneling – e.g. bob on client1 can start a VNC viewer and connect to server1:5999 in order to access the VNC server running on port 5900 on server1 (your server) via SSH. ssh -R 5999:server1:5900

15 Tunneling Evading firewall restrictions
ssh homeserver –L 443:lala.com:443 cat /etc/hosts ( lala.com) apachectl stop curl

16 Tunneling General format (you are computerA):
ssh computerB –L 443:computerC:443

17 Tunneling Can also tell SSH to do SOCKS5 proxy forwarding to a home server to evade a firewall too: ssh -D 8080 homeserver Set Chrome/Firefox proxy address to localhost:8080 DNS requests are not part of this (you can tunnel DNS through a SOCKS5 proxy with other software like DNSCrypt) Problems? grep Forwarding /etc/ssh/sshd_config X11Forwarding no AllowTcpForwarding no

18 SSHFS (NFS is sooo yesterday)
Access remote / filesystem on server1 over SSH session mounted to local /mnt directory: dnf install sshfs sshfs /mnt ls /mnt rm –Rf /mnt/* (--no-preserve-root bypassed)

Download ppt "SSH Foo KW-LUG Presentation Epoch 1543838400 jasoneckert.net."

Similar presentations

Network Security.

Network Security.
SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.
SSH Operation and Techniques - © 2001-2006 William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Virtual Machine and UNIX. What is a VM? VM stands for Virtual Machine. It is a software emulation of hardware. By using a VM, you can have the same hardware.

Virtual Machine and UNIX. What is a VM? VM stands for Virtual Machine. It is a software emulation of hardware. By using a VM, you can have the same hardware.
Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
SUSE Linux Enterprise Desktop Administration Chapter 5 Manage the Network Configuration.

SUSE Linux Enterprise Desktop Administration Chapter 5 Manage the Network Configuration.
SSH. Review 1-minute exercise: Find the open ports on you own VM [Good] nmap 127.0.0.1 [Better] netstat -lpunt.

SSH. Review 1-minute exercise: Find the open ports on you own VM [Good] nmap [Better] netstat -lpunt.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.

The Saigon CTT Chapter 16 Remote Connectivity. The Saigon CTT  Objectives  Explain : telnet rsh ssh  Configure FTP.
SCSC 455 Computer Security Network Security. Control access to system Access control mechanisms in specific network programs  e.g. 1, wu-FTP server support.

SCSC 455 Computer Security Network Security. Control access to system Access control mechanisms in specific network programs  e.g. 1, wu-FTP server support.
Network Security SSH Tunneling David Funk Matt McLaughlin Systems Administrators Computer Systems Support COE, University of Iowa.

Network Security SSH Tunneling David Funk Matt McLaughlin Systems Administrators Computer Systems Support COE, University of Iowa.
Daemon issue 14 SSH Port Forwarding Yannis Tsopokis Wednesday, April 26 th 2006.

Daemon issue 14 SSH Port Forwarding Yannis Tsopokis Wednesday, April 26 th 2006.
VNC Greg Fankhanel Jessica Nunn Jennifer Romero. What is it? Stands for Virtual Network Computing It is remote control software which allows you to view.

VNC Greg Fankhanel Jessica Nunn Jennifer Romero. What is it? Stands for Virtual Network Computing It is remote control software which allows you to view.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.

AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.

Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.

Similar presentations

Ads by Google