ssh operation and techniques.v2.0
TRANSCRIPT
-
7/28/2019 SSH Operation and Techniques.v2.0
1/27
-
7/28/2019 SSH Operation and Techniques.v2.0
2/27
SSH Operation and Techniques - 2001-2006 William Stearns 2
Overview
SSH Introduction and Basic Use
Copying files
Port and X Windows forwardingSSH Keys and installation
Ssh-agent
Fanout and Fanterm
-
7/28/2019 SSH Operation and Techniques.v2.0
3/27
SSH Operation and Techniques - 2001-2006 William Stearns 3
SSH Features
Command line terminal connection toolReplacement for rsh, rcp, telnet, and othersAll traffic encryptedBoth ends authenticate themselves to the otherendAbility to carry and encrypt non-terminal traffic
-
7/28/2019 SSH Operation and Techniques.v2.0
4/27
SSH Operation and Techniques - 2001-2006 William Stearns 4
Brief History
SSH.com's SSH1, originally completely free withsource code, then license changed with version1.2.13
SSH.com's SSH2, originally only commercial, butnow free for some uses.
OpenSSH team took the last free SSH1 release,refixed bugs, added features, and added support
for the SSH2 protocol.
-
7/28/2019 SSH Operation and Techniques.v2.0
5/27
SSH Operation and Techniques - 2001-2006 William Stearns 5
Installation
OpenSSH is included with a number of Linuxdistributions, and available for a large number ofUnices
On RPM-based Linuxes:
rpm -Uvh openssh*.rpm
-
7/28/2019 SSH Operation and Techniques.v2.0
6/27
SSH Operation and Techniques - 2001-2006 William Stearns 6
Basic use
ssh SshServerName
ssh -l UserName SshServerName
ssh SshServerName CommandToRunssh -v SshServerName
Server Host Key checks
Uses same login passwordAnd if we need to encrypt other traffic?
-
7/28/2019 SSH Operation and Techniques.v2.0
7/27SSH Operation and Techniques - 2001-2006 William Stearns 7
Securely copying files
scpscp -p localfile remotemachine:/remotepath/filePrompts for authentication if neededAll traffic encryptedReplaces ftp, rcp, file sharing
-
7/28/2019 SSH Operation and Techniques.v2.0
8/27SSH Operation and Techniques - 2001-2006 William Stearns 8
File synchronization - Rsync
Rsync copies a tree of files from a master out toa copy on another machine.Can use ssh as its transport.rsync -azv -e ssh /home/wstearns/webtree/mirror.stearns.org/home/web/
-
7/28/2019 SSH Operation and Techniques.v2.0
9/27SSH Operation and Techniques - 2001-2006 William Stearns 9
Port Forwarding - real server onremote machine
I want to listen on port 5110 on this machine; allpackets arriving here get sent to mailserver, port110:
ssh -L 5110:mailserver:110 mailserver
-
7/28/2019 SSH Operation and Techniques.v2.0
10/27SSH Operation and Techniques - 2001-2006 William Stearns 10
Port Forwarding - real server on thismachine
All web traffic to my firewall should be redirectedto the web server running on port 8000 on mymachine instead:
ssh -R 80:MyMachine:8000 firewall
-
7/28/2019 SSH Operation and Techniques.v2.0
11/27SSH Operation and Techniques - 2001-2006 William Stearns 11
X Windows forwarding
No setup - already done!Run the X Windows application in the terminalwindow:
xclock &The screen display shows up on yourcomputer, and any keystrokes and mousemovements are sent back, all encrypted.
-
7/28/2019 SSH Operation and Techniques.v2.0
12/27
SSH Operation and Techniques - 2001-2006 William Stearns 12
Packet forwarding VPNs
Tunnel packets over the SSH connection
Connects to a virtual network device on both
ends Openssh 4.3 and higher
-
7/28/2019 SSH Operation and Techniques.v2.0
13/27
SSH Operation and Techniques - 2001-2006 William Stearns 13
SSH key background
Old way: password stored on server, usersupplied password compared to stored version
New way: private key kept on client, public keystored on server.
-
7/28/2019 SSH Operation and Techniques.v2.0
14/27
SSH Operation and Techniques - 2001-2006 William Stearns 14
SSH key creation
General command:ssh-keygen -b 1024 -c 'Comment' -f~/.ssh/identity_file
Different forms for each of the SSH flavorsAssign a hard-to-guess passphrase to the privatekey during creation.Key can be used for multiple servers
-
7/28/2019 SSH Operation and Techniques.v2.0
15/27
SSH Operation and Techniques - 2001-2006 William Stearns 15
SSH key installation
3 versions of ssh: interoperability is good, butpoorly documented
ssh-keyinstall utility automates the creation andinstallation
'ssh-keyinstall -s SshServerName' createskeys, if needed, and installs them on the
remote serverNeed password during key install only
-
7/28/2019 SSH Operation and Techniques.v2.0
16/27
SSH Operation and Techniques - 2001-2006 William Stearns 16
Using SSH keys
ssh SshServerName
Ssh -l UserName SshServerName
ssh SshServerName CommandToRunSsh -v SshServerName
-
7/28/2019 SSH Operation and Techniques.v2.0
17/27
SSH Operation and Techniques - 2001-2006 William Stearns 17
ssh-agent
Remembers your private key(s)Other applications can ask ssh-agent toauthenticate you automatically.
Unattended remote sessions.Should already be running in the backgroundssh-add [KeyName]
-
7/28/2019 SSH Operation and Techniques.v2.0
18/27
SSH Operation and Techniques - 2001-2006 William Stearns 18
Fanout
Runs command on multiple machines by openingseparate ssh session to each
fanout 'machine1 machine2 user@machine3''command params'
Gives organized output from each machine
-
7/28/2019 SSH Operation and Techniques.v2.0
19/27
SSH Operation and Techniques - 2001-2006 William Stearns 19
Fanterm live control of multiplemachines
Fanterm provides interactivecontrol of multipleremote systems.
Initial window receives keystrokes.Keystrokes sent to each remote system.
Output from each system shows up in a seperateterminal.
-
7/28/2019 SSH Operation and Techniques.v2.0
20/27
SSH Operation and Techniques - 2001-2006 William Stearns 20
-
7/28/2019 SSH Operation and Techniques.v2.0
21/27
SSH Operation and Techniques - 2001-2006 William Stearns 21
Fanqueue the nextgeneration
Queue commands to be run on a group ofmachines
Handles case where a machine is unavailable Allows new machines to be added later
-
7/28/2019 SSH Operation and Techniques.v2.0
22/27
SSH Operation and Techniques - 2001-2006 William Stearns 22
Rsync-backup
Rsync-backup automates the process of backingup machines with rsync and ssh.Features:
Only changed data shippedAll permissions preservedAll communication encryptedUnlimited snapshots
Use
-
7/28/2019 SSH Operation and Techniques.v2.0
23/27
SSH Operation and Techniques - 2001-2006 William Stearns 23
Rsync-backup client install
Install ssh, rsync, and rsync-backup-client rpms(see http://www.stearns.org )
Install ssh-keyinstall on client to create a backupkey with
ssh-keyinstall -s backupserver -u root -c/usr/sbin/rsync-backup-server
-
7/28/2019 SSH Operation and Techniques.v2.0
24/27
SSH Operation and Techniques - 2001-2006 William Stearns 24
Rsync-backup server install
Install ssh, freedups, rsync-static, and rsync-backup-server rpms
Turn off password authentication in/etc/ssh/sshd_config
-
7/28/2019 SSH Operation and Techniques.v2.0
25/27
SSH Operation and Techniques - 2001-2006 William Stearns 25
Rsync-backup examples
Examples of backup commands:
rsync-backup-client / root@backupserver:/
rsync-backup-client /usr /home/gbkroot@backupserver:/
-
7/28/2019 SSH Operation and Techniques.v2.0
26/27
SSH Operation and Techniques - 2001-2006 William Stearns 26
Links and references
http://www.vandyke.com
http://www.ssh.com
http://www.openssh.org SSH, The Secure Shell, The Definitive Guide
ssh-keyinstall, fanout, rsync-backup, freedupsand other apps at http://www.stearns.org
-
7/28/2019 SSH Operation and Techniques.v2.0
27/27
SSH Operation and Techniques - 2001-2006 William Stearns 27
More links
Docs at http://www.stearns.org/doc/http://www.employees.org/~satch/ssh/faq/ssh-faq.html
http://htp://rsync.samba.orgWilliam Stearns [email protected]