Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep.

Published byAntoine Oxenford Modified over 10 years ago

Similar presentations

Presentation on theme: "SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep."— Presentation transcript:

1 SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep at night Clients for every platform

2 What SSH can do Allows you to remotely log into systems and run commands Forward traffic over the SSH link (tunnel) Copy files Run commands without logging in

3 SSH basics

4

5

6 Problems already 1.Always have to type my username in 2.Always have to type in full hostname 3.Always have to type in my password

7 Problems already Default behaviour – Tries to connect to remote server using the username of your current logged in user – This can be problematic, especially for Macs – Uses the domain name of your local machine (so can’t ssh ui from everywhere in world)

8 Problem solved You can override default behaviour by using a config file in your home directory – location is ~/.ssh/config

9 Problem solved 1.Username

10 Problem solved 1.Username Helps because Physics blocks/bans your IP address if you try connecting incorrectly more than 5 times common cause of this is wrong username

11 Problem solved 2. Full hostname

12 Problem solved 3. Password

13

14 Problem solved 5. Create private/public key pair (ssh-keygen) Upload public key to remote server (ssh-copy-id) Unlock private key (ssh-add) SSH using keypair – Perfect for automated jobs and scripts! – Won’t work with lxplus – Make sure you password protect your SSH private key – Keep private key secure!

15 Other config options Wildcards and regex is allowed – e.g. Host * and Host *.ph.unimelb.edu.au will both work – Note that it reads the file from top down, and stops at the first entry that matches

16 Background of network in Physics ui.atlas.unimelb.edu.au -> Tier 3 log in node – restricted to hosts on AARNet network (uni’s) baker.ph.unimelb.edu.au -> School of Physics SSH gateway – accessible anywhere All other hosts – firewalled (inaccessible) – May think that this restricts you....

17 SSH forwarding When you ssh, it opens a persistent connection with SSH server We can use this connection to make other traffic travel “through” it – e.g. VNC, NX, SSH, web, files SSH will secure this traffic too! (basis for things like TOR and VPN)

18 SSH forwarding ssh –L localport:otherhost:otherhostport username@server

19 SSH forwarding

20 Connections to local port 2222 get redirected over SSH to remote ssh server, which then redirects to port 22 on ui.atlas.unimelb.edu.au – perfect for SSH’ing “directly” to UI, or for copying files from “non-Uni” places

21 SSH forwarding

22 Original connection must be still open! (i.e. can’t close window or disconnect) Can do funky stuff, like be a “catch all” forwarder, for things like web (investigate the –D option in ssh and SOCKS proxy)

23 NX X is the graphical display manager in Linux It is bulky, and insecure over network Can forward this display using NX (NoMachine) Heavily compresses data, making it easier to display overseas/at home

24 NX For Melbourne, baker[1-6] have NX servers From home, port forward to port 22 on baker[1-6] through baker.ph.unimelb.edu.au Use NX client (http://www.nomachine.com/) to connect to forwarded porthttp://www.nomachine.com/

25

Download ppt "SSH SSH is “Secure SHell” Secure, compressed, widely supported, fast Allows both users to get jobs done, and also allows system administrators to sleep."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Chapter 20 Oracle Secure Backup.

Chapter 20 Oracle Secure Backup.
Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.

Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.
VPN using SSH Implementing a secure Unix to Unix Virtual Private Network Gary Stainburn Ringways Garages Ltd.

VPN using SSH Implementing a secure Unix to Unix Virtual Private Network Gary Stainburn Ringways Garages Ltd.
1 Automated SFTP Windows and SUN Linux and SUN. 2 Vocabulary  Client = local=the machine generating the SFTP request  Server = remote = the machine.

1 Automated SFTP Windows and SUN Linux and SUN. 2 Vocabulary  Client = local=the machine generating the SFTP request  Server = remote = the machine.
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
SSH Operation and Techniques - © 2001-2006 William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…

SSH Operation and Techniques - © William Stearns 1 SSH Operation and Techniques The Swiss Army Knife of encryption tools…
PlanetLab www.planet-lab.org. What is PlanetLab? A group of computers available as a testbed for computer networking and distributed systems research.

PlanetLab What is PlanetLab? A group of computers available as a testbed for computer networking and distributed systems research.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.
Module 9 - Networking. 1.Network Concepts and Commands 2.Network Files 3.Network Services 4.Configure a network device 5.Network File-System (NFS & CIFS)

Module 9 - Networking. 1.Network Concepts and Commands 2.Network Files 3.Network Services 4.Configure a network device 5.Network File-System (NFS & CIFS)
File sharing. Connect the two win 7 systems with LAN card Open the network.

File sharing. Connect the two win 7 systems with LAN card Open the network.
Free Powerpoint Templates Working on remote computers by Pedro Henriques June 1, 2012.

Free Powerpoint Templates Working on remote computers by Pedro Henriques June 1, 2012.
Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.

Remote Accessing Your Home Computer Using VNC and a Dynamic DNS Name.
Remote access and file transfer Getting files on and off Bio-Linux.

Remote access and file transfer Getting files on and off Bio-Linux.
Firewalls, Perimeter Protection, and VPNs - SANS ©2001 1 SSH Operation The Swiss Army Knife of encryption tools…

Firewalls, Perimeter Protection, and VPNs - SANS © SSH Operation The Swiss Army Knife of encryption tools…
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.

2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN

Similar presentations

Ads by Google