1 / 18

Chapter 18 OpenSSH: Secure Network Communication

Chapter 18 OpenSSH: Secure Network Communication. About OpenSSH How OpenSSH Works OpenSSH Clients JumpStart: Using ssh and scp sftp: A Secure FTP Client Configuration Files sshd: OpenSSH Server JumpStart: Starting the sshd Daemon Authorized Keys: Automatic Login

layne
Download Presentation

Chapter 18 OpenSSH: Secure Network Communication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 18 OpenSSH: Secure Network Communication • About OpenSSH • How OpenSSH Works • OpenSSH Clients • JumpStart: Using ssh and scp • sftp: A Secure FTP Client • Configuration Files • sshd: OpenSSH Server • JumpStart: Starting the sshd Daemon • Authorized Keys: Automatic Login • Command Line Options • Troubleshooting • Tunneling/Port Forwarding

  2. About OpenSSH • SSH1 versus SSH2 • What is ssh? • X11 forwarding

  3. /etc/ssh: Gobal Files • moduli - key exchange information • ssh_config – global config file • sshd_config – ssh daemon config file • ssh_host_dsa_key or ssh_dsa_ke.pub – DSA host keys (can also be rsa instead of dsa) • ssh_known_hosts – allowed known ssh hosts • sshrc – startup file with initialization routines

  4. ~./ssh: User Files • authorized_keys – login without password • config – users private ssh config file • environment – login environment files executed when a user logs into ssh • id_dsa, id_dsa.pub – user authentication DSA keys generated by ssh-keygen (also rsa) • known_hosts – contains public keys of hosts user has connected to • rc – contains initialization routines

  5. How OpenSSH Works • Establishes encrypted connection • Authenticates user • Negotiates using 2 pairs • Host key pair generated by sshd • Session key pair that changes hourly • Verifies that the server is correct server • Client copies server public key to compare in later sessions • Client generates random key, encrypts it with the server public key and session key • Server decrypts with its private key

  6. OpenSSH Clients • Need: openssh and openssh-clients • Download and install with yum, up2date,or apt-get (synaptics)

  7. JumpStart: Using ssh

  8. ssh: Connect to and Execute Commands on a Remote System

  9. scp: Copying a File from/to a Remote System

  10. Using scp • Copies a file from or to a remote system scp user@fromhost:file user@tohost:filename • Example: scp ray@gnix:vi.doc ray@gecko:vi.doc scp –v ray@gnix:vi.doc vi.doc

  11. sftp: A Secure FTP Client • Provided with openssh, a secure alternative to ftp • Use ? To get help on ftp commands

  12. sft example

  13. Configuration Files • -/.ssh/config • .ssh/config is your own client local file, it is read first and over-rides any entry in the global file: • /etc/ssh/ssh_config • This is the global file that uses defaults not set in your .ssh/config file

  14. sshd: OpenSSH Server • Prerequisites: openssh and openssh-server • /sbin/service sshd start • Authorized Keys: automatic user login • ssh-keygen –t rsa (or dsa) generates keys • Copy ~/.ssh/id_rsa.pub to ~/.ssh/authorized_keys for no password login

  15. Command Line Options • /etc/ssh/sshd_config Configuration File

  16. Troubleshooting • Check log files /var/log/secure • Or /var/log/messages • Use verbose mode: • ssh –v grape

  17. Tunneling/Port Forwarding • Forwarding X11 – allows use of xterms and xapplications on your system that start and run on the remote system but are displayed on your system • Port forwarding • -L forwards local port to a remote computer • -R forwards remote port to a local computer ssh –N –L | -R local-port:remote-host:remote-port target

  18. Any Questions?

More Related