Presentation is loading. Please wait.

Presentation is loading. Please wait.

SOI-ASIA Unofficial Operators Meeting 10 May 2004.

Published byElla MacLean Modified over 11 years ago

Similar presentations

Presentation on theme: "SOI-ASIA Unofficial Operators Meeting 10 May 2004."— Presentation transcript:

1 SOI-ASIA Unofficial Operators Meeting kotaro@sfc.wide.ad.jp 10 May 2004

2 AI3 Security Policy Basics –Moderately independent site by site –Self defense

3 User Account Management Account creation –No user password for local operators –If necessary, allow user password for foreign operators A case when we allow user password –A foreign operator needs root authority –Su2 / sudo An operator can be root by user password without root password

4 Remote Access Administration SSH –Prohibit root login –Prohibit password authentication –Use public key authentication RSA authentication for SSH1 RSA or DSA authentication for SSH2

5 RSA / DSA Public key authentication methods RSA (Rivest, Shamir, Adleman) –Developed based on the difficulty of factorization into prime factors from a large number DSA (Digital Signature Algorithm) –Expanded beyond ElGamal

6 Actual Work Flow New User Host Operator Create RSA / DSA key pair (1) Request a new account with attaching the public key Create a new account and put the public key in the host (2) Try the new account (3) Send notification

7 Step 1: Create RSA/DSA Key Pair On Windows PC –Use puttygen On Unix PC –Use ssh-keygen of OpenSSH suite Do we have to create many pairs of RSA/DSA key for every remote host? –I dont think so. –Private Key has to be safely kept on your PC. –Public Key can be shared on remote host. Put the public key on the WEB site? Send the public key by e-mail?

8 Puttygen (1): Generate key pair

9 Puttygen (2): Save keys

10 Puttygen (3): Save keys

11 Puttygen (4): Save keys

12 Step 2: Create a new account and put the public key in the host Where do we put the public key? –~/.ssh/ What is the file name? –~/.ssh/authorized_keys What point do we have to take care? –The owner of authorized_keys should be the correct user.

13 Create a New User Account

14 Put the Public Key

15 Change the Directory Permission

16 Step 3: Try the new account Major SSH clients –PuTTY –TeraTerm with TTSSH PuTTY –SSH1 RSA –SSH2 RSA, DSA TeraTerm with TTSSH –SSH1 RSA only

17 PuTTY (1)

18 PuTTY (2)

19 PuTTY (3)

20 PuTTY (4)

21 PuTTY (5)

22 Sshd Operation Sshd configuration file –/usr/local/etc/sshd_config Points –No root login –No password authentication After editing sshd_config, restart sshd.

23 No Root Login

24 No Password Authentication

25 Tips: Lets mount FDD on FreeBSD liverpool# mount /dev/fd0.1440 /mnt/fdd liverpool# cd /mnt/fdd liverpool# ls boot kernel.gz liverpool#

Download ppt "SOI-ASIA Unofficial Operators Meeting 10 May 2004."

Similar presentations

Module XXI Cryptography

Module XXI Cryptography
Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.

Sonny J Zambrana University of Pennsylvania ISC-SEO November 2008.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
VPN using SSH Implementing a secure Unix to Unix Virtual Private Network Gary Stainburn Ringways Garages Ltd.

VPN using SSH Implementing a secure Unix to Unix Virtual Private Network Gary Stainburn Ringways Garages Ltd.
1 Automated SFTP Windows and SUN Linux and SUN. 2 Vocabulary  Client = local=the machine generating the SFTP request  Server = remote = the machine.

1 Automated SFTP Windows and SUN Linux and SUN. 2 Vocabulary  Client = local=the machine generating the SFTP request  Server = remote = the machine.
PlanetLab www.planet-lab.org. What is PlanetLab? A group of computers available as a testbed for computer networking and distributed systems research.

PlanetLab What is PlanetLab? A group of computers available as a testbed for computer networking and distributed systems research.
Creating an AMI at Amazon’s EC2 Joe Steele

Creating an AMI at Amazon’s EC2 Joe Steele
Creating a Biolinux AMI at Amazon’s EC2

Creating a Biolinux AMI at Amazon’s EC2
Web Pages Publishing your page on ASUWlink. Unix Directory Commands ls –la –will show all directories and files –will show directory and file permissions.

Web Pages Publishing your page on ASUWlink. Unix Directory Commands ls –la –will show all directories and files –will show directory and file permissions.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)

Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.

Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.

Ssh: secure shell. overview Purpose Protocol specifics Configuration Security considerations Other uses.
1. This presentation covers :  User Interface Administration  Files System and Services Management 2.

1. This presentation covers :  User Interface Administration  Files System and Services Management 2.
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.

Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 10 Manage Remote Access.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
CSN08101 Digital Forensics Lecture 1B: Essential Linux and Caine Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak.

CSN08101 Digital Forensics Lecture 1B: Essential Linux and Caine Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak.

Similar presentations

Ads by Google