640 likes | 813 Views
LIS508 using Debian GNU/Linux. Thomas Krichel 2010-01 -10. ssh. The main protocol we use to communicate with the server is the secure shell “ssh”. The server has to have ssh server software installed. Any rented server will have this. Otherwise run “aptitude install openssh-server”.
E N D
LIS508using Debian GNU/Linux Thomas Krichel 2010-01-10
ssh • The main protocol we use to communicate with the server is the secure shell “ssh”. • The server has to have ssh server software installed. • Any rented server will have this. • Otherwise run “aptitude install openssh-server”
installing putty • Go to your favorite search engine to search for putty. • If you have administrator rights install the installer version. • Since you have already installed winscp, you should have no further problems.
putty options • In the window/translation choose UTF-8, always. • Find out what the size of your screen for the font that you are using, and save that in your session. • For wotan, the port is 22, ssh. • You can choose to disable the annoying bell.
how is ssh secure • ssh uses public key cryptography. • It can cope with serveral crytographic algorithm. The most common one is rsa. • In public key cryptography, you have two keys. • One is the private key. • The second is the public key.
private key • Using the private key, I can decrypt a message that has been encrypted using my public key. • Somebody can check that I am who I claim to be because by keeping the private key private, I am the only one who can decrypt it.
authorizing keys • If you want to give your friend access to an account, you can ask her for her public key. • You will then authorize the public key by storing it in a file with authorized keys. • When an somebody comes along and pretends to be your friend you can challenge her to decode a message encoded with your friends public key.
public key • Using the public key, I can encrypt a message and send it to you. • Once the message is encrypted, I can not decode it any more. The public key can not be used to decode a message. • This is the reason why the encryption key can be made public.
communication with the server • Assume we are using a Microsoft Windows client. • For file editing and manipulation, we use putty. • For file transfer, we use winscp. • Both are available on the web.
password authentication • When we login to a machine, we give a password for the user that we login as. • This a common form of authenticiation. • The idea is that we keep the password secret.
key authenticatiton • ssh uses public key • This a common form of authenticiation. • The idea is that we keep the password secret.
key creation • “ssh-keygen” is the command to use to create a key. Answer all questions with the <ENTER> key. • “cd .ssh” and “ls -l” shows you the contents of the directory .ssh created in the first step. • The file “id_rsa.pub” has your public key.
authorized_keys • In .ssh, you can maintain a file “authorized_keys” that contains the public keys of all users you authorize to access the account, one line per user. • “cp id_rsa.pub authorized_keys” will authorize yourself. Then “ssh user@wotan” will allow you to login again as you on wotan. • You can also create a public key with putty.
issuing commands • While you are logged in, you talk to the computer by issuing commands. • Your commands are read by command line interpreter. • The command line interpreter is called a shell. • You are using the Bourne Again Shell, bash.
bash features • bash allows to browse the command history with the up/down arrow keys. • bash allows to edit commands with the left/right arrow keys. • You can complete command and file names with <TAB>. • bash comes with a language of commands that allows to write batch files. • “exit” is the command to leave the shell.
environment variables • These are variables used by the shell. • Two important ones are • $HOME your home directory • $PATH the location where bash will search for executable files. • echo $HOME will show you your home directory. • “env” is a command that can be used to see all environment variables.
bash initialization • Files that start with a dot are hidden. They are only seen with “ls -a”. • .bashrc is a file written in bash language that is run every time bash is started. • .bash_profile or .profile is run when the shell is started at login. • You can customize these files.
files, directories and links • Files are continuous chunks data on disks that are required for software applications. • Directories are files that contain other files. Microsoft calls them folders. • In UNIX, the directory separator is “/” • The top directory is “/” on its own.
home directory • When you first log in to wotan you are placed in your home directory /home/username • “cd” is the command that gets you back to the home directory. • The home directory is also abbreviated as “~“ • cd ~user gets you to the home of user user. • “cd ~” does what?
~/public_html • The web server on wotan will map requests to http://wotan.liu.edu/~user to show the file ~user/public_html/index.html • The web server will map requests to http://wotan.liu.edu/~user/file to show the file ~user/public_html/file • The server will do this by virtue of a configuration option.
changing directory, listing files • “cd directory” changes into the directory directory • the current directory is “.” • its parent directory is “..” • “ls” lists files
users and groups • “root” is the user name of the superuser. • The superuser has all privileges. • There are other physical users, i.e. persons using the machine • There are users that are virtual, usually created to run a daemon. For example, the web sever in run by a user www-data. • Arbitrary users can be put together in groups.
permission model • Permission of files are given • to the owner of the file • to the group of the file • and to the rest of the world • A group is a grouping of users. Unix allows to define any number of groups and make users a member of it. • The rest of the world are all other users who have access to the system. That includes www-data!
listing files • “ls” lists files • “ls -l” make a long listing. It contains • elementary type and permissions (see next slide) • owner • group • size • date • name
first element in ls -l • Type indicator • d means directory • l means link • - means ordinary file • 3 letters for permission of owner • 3 letters for permission of group • 3 letters for permission of rest of the world • r means read, w means write, x means execute • Directories need to be executable to get in them.
change permission: chmod • usage: chmod permission file • file is a file • permission is three numbers, first for owner, 2nd for group and 3rd rest of the world. • Each number is sum of • 4 for read - 2 for write • 1 for execute - 0 for no permission • Example: chmod 764 file
general structure of commands • commandname –flag --option • Where commandname is a name of a command • flag can be a letter • Several letters set several flags at the same time • An option can also be expressed with - - and a word, this is more user-friendly than flags.
example command: ls • ls lists files • ls -l makes a long listing • ls -a lists all files, not only regular files but some hidden files as well • all files that start with a dot are hidden • ls -la lists all files is long listing • ls --all is the same as ls -a. --all is known as a long listing.
copying and removing files • cp file copyfile copies file file to file copyfile. If copyfile is a directory, it copies into the directory. • mv file movedfile moves file file to file movedfile. If movedfile is a directory, it moves into the directory. • rm file removes file,there is no recycling bin!!
directories and files • mkdir directory makes a directory • rmdir directory removes an empty directory • rm -r directory removes a directory and all its files • more file • Pages contents of file, no way back • less file • Pages contents of file, “u” to go back, “q” to quit
soft links • A link is a file that contain the address of another file. Microsoft call it a shortcut. • A soft link can be created with the command • ln -s file link_to_file where file is a file that is already there and link_to_file is the link.
file transfer • You can use winscp to upload and download files to wotan. • If uploaded files in the web directory remain invisible, that is most likely a problem with permission. Refer back to permissions. • chmod 644 * will put it right for the files • chmod 755 . (yes with a dot) will put it right for the current directory • * is a wildcard for all files. • rm -r * is a command to avoid.
editing • There are a plethora of editors available. • For the neophyte, nano works best. • nano file edits the file file. • nano -w switches off line wrapping. • nano shows the commands available at the bottom of the screen. Note that ^letter, where letter is a letter, means pressing CONTROL and the letter letter at the same time.
emacs • This is another editor that is incredibly rich and complex. • Written by Richard M. Stallman, of GNU and GPL fame. • Get an emacs cheat sheet of the web before you start it. Or look at next slide.
emacs commands • (here ^ stands for the control character) • ^x^s saves buffer • ^x^c exits emacs • ^g escapes out of a troublesome situation • control+space sets the mark • ^w removes until the mark (cut) • ^y pastes
common emacs/bash commands • ^k kills until the end of the line or removes empty line • ^y yank what has been killed (paste) • ^a get to the beginning of the line • ^e get to the end of the line • These commands also work in the shell.
emacs modes • Just like people get into different moods, emacs gets into different modes. • One mode that will split your pants is the PHP mode. • Then look how emacs checks for completion of parenthesis, braces, brackets, and the ; and use the tab character to indent.
copy and paste • Putty allows to copy and paste text between windows and wotan. • On the windows machine, it uses the windows approach to copy and paste • On wotan machine, • you copy by highlighting with the mouse’ left button • you paste using the middle button • if you don't have a middle button, use left and right together
man • man is the manual lookup command • You usually say “man command” if you want to have an overview over the command. • man -k keyword looks up the man pages on the computer for pages with the keyword keyword. I don't find this very effictive ;-(
echo • echo is a command to desplay a line of text. • Example: echo foo
cat • This is a program that displays the contents of a file. • Use like “cat file” to display the contents of the file file.
more • This is a paging utility. • It is mostly used as part of a pipe. • You take the output of a command and pipe it to the input of the next command • Example “cat longfile | more” • | is the piping operator.
less • This is a paging utility. It does more than more. • You can use the command “u” to go up. • You must use the command “q” to leave the page.
du • du is a command to look at disk usage. • du -s makes a summary, rather than listing the usage of every. • The size is give in kilobytes. A kilobyte is 1024 bytes, not 1000 bytes.
ln -s • ln -s origin target makes a link from a target file target to an original file origin. • Then when you access target you get the same contents as in origin. • This concept is knows as a shortcut in Microsoft windows.
ssh • ssh user@host logs you in as user user on the host host. host can be a DNS name or an IP address. • If you don't have you public keys in the remote account's .ssh/autorized_keys file, you will be prompted for a password.
slogin • slogin is a bit of a synonym for ssh. • I use it often “slogin host -l user”.
scp • This copies files from one host to another. You can use it has complicated as “scp user1@host1:file1 user2@host2:file2. • But often one of the users is the current user on thee current host. In that case the user@host: bit can be left out. • If you don't have permissions via keys you will be prompted for passwords.
date • date says what time it is. • This depends on the locale, as set of conventions to deal with language issues.
find • find finds file in a directory. • This is a very important and powerful command. • Example: “find . -type f -name '*.deb'” finds all regular files ending with “deb” • The most powerful feature is “-exec command \;” that executes a command on the files found. Each file is represented by {}