Upload File

ssl,ssh linux(open ssl)

prev
next
out of 22
Download Ssl,Ssh Linux(Open Ssl)

Upload: hai-thai-ly

Post on 07-Jul-2015

495 views

Category:

Documents


0 download

Report

TRANSCRIPT

TRNG: I HC NGOI NG-TIN HC TP HCM KHOA CNG NGH THNG TIN

ti mn: Qun tr mng LP: CT0801 ti: SSL,SSH LINUX(OPEN SSL) Gio vin hng dn: Lng Uy TnM s nhm: 07 M s ti: 21 Thng tin nhm: STT 1 2 MSSV 08CD65054 08CD65112 H V TN Nguyn Hong Thi V Nht Trng IN THOI 0985265756 0914703307 EMAIL [email protected] [email protected]

Gii thiu v ti1.-

Gii thiu v giao thc SSH:

Cc nh qun tr h thng lun c gn gi cho h thng ca h c bo mt, an ton bng cc cch th nh: nng cp, ci t

cc bn sa li bo mt. Nhng c mt thc t cn phi nhn thc v thay i lm m bo an ton ngay trong vic trao i d liu gia cc h thng t bit l m bo an ton khi m cc phin lm vic xa qua mng. mt trong nhng cch hu hiu nht trong vn ny l s dng c ch ng nhp bo mt(Secure Shell - SSH). SSH l mt chng trnh tng tc gia my ch v my khch c s dng c ch m ho mnh nhm ngn chn cc hin tng nghe trm, nh cp thng tin trn ng truyn. Cc chng trnh trc y: telnet, rlogin khng s dng phng php m ho. V th bt c ai cng c th nghe trm thm ch c c ton b ni dung ca phin lm vic bng cch s dng mt s cng c n gin. S dng SSH l bin php hu hiu bo mt d liu trn ng truyn t h thng ny n h thng khc.-

Cch thc lm vic ca SSH thng qua 3 bc n gin: nh danh host: Vic nh danh host c thc hin qua vic trao i kho. Mi my tnh c h tr kiu truyn thng SSH c mt kho nh danh duy nht. Kho ny gm hai thnh phn: kho ring v kho cng cng. Kho cng cng c s dng khi cn trao i gia cc my ch vi nhau trong phin lm vic SSH, d liu s c m ho bng kho cng khai v ch c th gii m bng kho ring. Khi c s thay i v cu hnh trn my ch: thay i chng trnh SSH, thay i c bn trong h iu hnh, kho nh danh cng s thay i. Khi mi ngi s dng SSH ng nhp vo my ch ny u c cnh bo v s thay i ny. Khi hai h thng bt u mt phin lm vic SSH, my ch s gi kho cng cng ca n cho my khch. My khch sinh ra mt kho phin ngu nhin v m ho kho ny bng kho cng cng ca my ch, sau gi li cho my ch. My ch s gii m kho phin ny bng kho ring ca mnh v nhn c kho phin. Kho phin ny s l kho s dng trao i d liu gia hai my. Qu trnh ny c xem nh cc bc nhn din my ch v my khch.

M ho: Sau khi hon tt vic thit lp phin lm vic bo mt (trao i kho, nh danh), qu trnh trao i d liu din ra thng qua mt bc trung gian l m ho/gii m. iu

c ngha l d liu gi/nhn trn ng truyn u c m ho v gii m theo c ch tho thun trc gia my ch v my khch. Vic la chn c ch m ho thng do my khch quyt nh. Cc c ch m ho thng c chn bao gm: 3DES, IDEA, v Blowfish. Khi c ch m ho c la chn, my ch v my khch trao i kho m ho cho nhau. Vic trao i ny cng c bo mt da trn inh danh b mt ca cc my. K tn cng kh c th nghe trm thng tin trao i trn ng truyn v khng bit c kho m ho. Cc thut ton m ho khc nhau v cc u, nhc im ca tng loi: o 3DES (cng c bit nh triple-DES) -- phng php m ho mc nh cho SSH. o IDEA -- Nhanh hn 3DES, nhng chm hn Arcfour v Blowfish. o Arcfour -- Nhanh, nhng cc vn bo mt c pht hin. o Blowfish -- Nhanh v bo mt, nhng cc phng php m ho ang c ci tin. Chng thc: Vic chng thc l bc cui cng trong ba bc, v l bc a dng nht. Ti thi im ny, knh trao i bn thn n c bo mt. Mi nh danh v truy nhp ca ngi s dng c th c cung cp theo rt nhiu cch khc nhau. Chng hn, kiu chng thc rhosts c th c s dng, nhng khng phi l mc nh; n n gin ch kim tra nh danh ca my khch c lit k trong file rhost (theo DNS v a ch IP). Vic chng thc mt khu l mt cch rt thng dng nh danh ngi s dng, nhng ngoi ra cng c cc cch khc: chng thc RSA, s dng ssh-keygen v ssh-agent chng thc cc cp kho.

- Ni ngn gn, SSH l mt phng php (hoc k thut mt cht th n l mt giao thc (protocol)) dng kt ni hai my tnh di hnh thc m ha an ton. Khi hai my tnh c kt ni vi nhau thng qua SSH, tt c d liu truyn ti gia chng u c m ha. ng hm SSH (SSH Tunneling) n gin ch l mt phng php m chng ta s dng my tnh c kt ni mng nh mt proxy duyt web. Khi chng ta duyt web (vi trnh duyt ca mnh) thng qua ng hm SSH, proxy server s truy lc ni

dung web v gi n quay tr li my tnh ca mnh thng qua kt ni an ton. Hai u im chnh trong vic s dng SSH l: Che giu c a ch IP ca bn. To kt ni an ton trnh cc hacker c th nh hi thy d liu ca bn.

- SSH ch yu c s dng trong Linux v Mac, tuy nhin ngi dng Windows cng c th s dng SSH vi Cygwin.

-

Lch s pht trin: SSH1 v giao thc SSH-1 c trnh by nm 1995 bi Tatu Ylnen, mt nh nghin cu trng i hc k thut Helsinki ca Phn Lan. Sau khi mng trng i hc ca ng ta l nn nhn ca mt cuc tn cng nh cp password vo u nm . Thng 7 nm 1995, SSH1 c pht hnh rng ri di dng mt phn mm min ph c source code, cho php mi ngi sao chp v s dng m khng thu ph. Vo cui nm , c tnh c khong 20.000 ngi dng trn 50 quc gia s dng SSH1, v mi ngy Ylnen nhn 150 mail yu cu h tr. p li, Ylnen thnh lp SSH Communications Security (SCS, Tectia.com / en) vo thng 12 nm 1995 duy tr, thng nghip ho v tip tc pht trin SSH. Cng trong nm 1995, Ylnen son tho giao thc SSH-1 cn gi l Internet Engineering Task Force (IETF), n din t hot ng c bn ca phn mm SSH1 trn thc t. N l mt giao thc c phn qung co nhng cn mt s li v gii hn nhng rt ph bin. Nm 1996, SCS gii thiu mt phin bn mi l phin bn chnh ca giao thc, SSH 2.0 hay SSH-2, phin bn ny c kt hp cht ch nhng thut ton mi v khng hp vi SSH-1. Trong lc , IETF thnh lp mt nhm lm vic gi l SECSH (Secure Shell) chun ho giao thc v ch o s pht trin ca n trn li ch chung. Nhm lm vic SECSH trnh by bn phc tho Internet u tin i vi giao thc SSH-2 vo thng 2 nm 1997.

Nm 1998, SCS pht hnh sn phm phn mm SSH Secure Shell (SSH2), da trn giao thc SSH-2. Tuy nhin, SSH2 khng thay th SSH1 trong mt s lnh vc, c 2 l do. Th nht, SSH2 khng c mt s tin ch, cc c im c ch v cu hnh tu chn nh SSH1. Th hai, SSH2 c nhiu gii hn v vic ng k. Bn chnh SSH1 c sn min ph t Ylnen v trng i hc k thut Helsinki. Phin bn mi hn ca SSH1 t SCS vn c sn min ph cho hu ht ngi dng, thm ch c cu hnh thng mi cng min ph ch cn phn mm khng c trc tip bn cho vic thu li nhun hoc c tng nh l mt dch v cho khch hng. V th, tuy SSH2 xut hin, nhng hu ht nhng ngi ang s dng SSH1 u nhn ra vi u im ca SSH1 so vi SSH2 v tip tc s dng SSH1, ba nm sau khi SSH2 ra i th SSH1 vn l phin bn c s dng ph bin trn Internet v vt qua c SSH2 l giao thc tt hn v bo mt hn. Tuy nhin, SSH2 cng c hai s pht trin ha hn, l mt bn ni lng ca SSH2 bn quyn v s xut hin SSH-2 b sung. Nm 2000, SCS m rng SSH2 bn quyn cho php s dng khi lm vic ring l i vi cc t chc hot ng phi li nhun. N cng c m rng cho php dng min ph i vi Linux, NetBSD, FreeBSD v hiu hnh OpenBSD. Cng thi gian , OpenSSH (OpenSSH) c pht trin ni bt nh l mt SSH b sung, c pht trin di hot ng ca d n OpenBSD (OpenBSD) v min ph sn bn di OpenBSD c ng k. OpenSH h tr c SSH-1 v SSH-2 trong mt chng trnh. Tuy OpenSSH c pht trin trn nn OpenBSD nhng n cng hot ng c trn Linux, Solais, AIX v nhng hiu hnh khc. Mc d OpenSSH tng i mi v khng c vi c im c trong SSH1 v SSH2 nhng n ang trn pht trin nhanh chng v ha hn tr thnh bn SSH chnh trong tng lai khng xa.

2.

Tng quan ti:

- H iu hnh Ubuntu l mt trong nhng bn Linux kh thng dng. Trn Windows c kh nhiu cng c h tr vic iu khin, qun tr Ubuntu thng qua mng. Vic s dng cc cng c trn h

iu hnh Windows s gip ngi qun tr thao tc d dng hn, hiu qu hn m khng cn phi ngi trc tip ti Ubuntu. - Trong bi vit ny s hng dn cc cng c kt ni n Ubuntu c th thc hin cc lnh ssh. Do mi cng c cng c kh nhiu tnh nng v c nhiu khi nim lin quan n Linux n trong bi vit ny s hng dn cch thc hin n gin nht. Cc cng c c gii thiu: Phn mm thng mi Xmanager Enterprise (phin bn 3) vi cc cng c Xshell, Xftp, Xmanager. y l mt b cng c y v hon chnh trong vic kt ni n h iu hnh Linux, Solaris iu khin v qun tr. Phn mm min ph: Putty, WinSCP, Nomachine NX Free. Mi cng c min ph ny c nhng tnh nng ring, nu tnh c 3 cng c th cc chc nng chnh cng c th so snh c vi Xmanager Enterprise. - H iu hnh Ubuntu l mt trong nhng bn Linux kh thng dng. Trn Windows c kh nhiu cng c h tr vic iu khin, qun tr Ubuntu thng qua mng. Vic s dng cc cng c trn h iu hnh Windows s gip ngi qun tr thao tc d dng hn, hiu qu hn m khng cn phi ngi trc tip ti Ubuntu. Trong bi vit ny s hng dn cc cng c kt ni n Ubuntu c th thc hin cc lnh (telnet/ssh), truyn file n Ubuntu (sftp), kt ni n giao din ha ca Ubuntu. Do mi cng c cng c kh nhiu tnh nng v c nhiu khi nim lin quan n Linux n trong bi vit ny s hng dn cch thc hin n gin nht. Cc cng c c gii thiu: Xmanager Enterprise: cc bn c th dow bn min ph ca phn mm ny ti: http://www.mediafire.com/?iyzvmmzzznf

Putty: http://www.mediafire.com/?jlaj5yzh3ilqknk

Cc bc thc hinKt ni n ca s lnh vi giao thc SSH

OpenSSH l gi phn mm bao gm cc cng c nh: ssh, sshd, scp, ... Trn Ubuntu s c ci t gi phn mm ny. Khi trn Windows ch cn cng c h tr ssh nh Putty, Xshell l c th kt ni n Ubuntu thc hin cc lnh trn .-

Ci t Openssh trn Ubuntu

Gi phn mm openssh thng c la chn ngm nh khi ci h iu hnh Ubuntu Server. i vi bn Ubuntu Desktop, gi phn mm ny khng c chn ci ngm nh. Trn Ubuntu Desktop c th ci t openssh theo mt trong hai cch sau: Ci qua dng lnh: trn ca s Terminal ca Ubuntu, g lnh sau:-

sudo apt-get install openssh-server sudo apt-get install openssh-client Sao khi g cu lnh trn m hin dng E: Invalid operation intall th bn thnh cng vic ci openssh. S dng cng c Synaptic Package Manager: click menu System -> Administration -> Synaptic Package Manager. Trn giao din ca cng c Synaptic Package Manager, search vi t kha l openssh, sau chn 2 gi openssh-client v openssh-server, sau bm apply tin hnh ci, nh l lc ny my phi c kt ni vi internet.-

Kt ni Windows ti Ubuntu

ci t ip cho my Windows v my Ubuntu - my Windows: IP address: Subnetmask: 192.168.1.153 255.255.255.0

Default gateway: 192.168.1.1 - my Ubuntu: Trong terminal g lnh sudo gedit /etc/network/interfaces, chng trnh yu cu bn nhp password, nhp vo password ca user ang s dng.

Ca s File Interfaces s c m vi trnh son tho Gedit: ta s g a ch ip ca my Ubuntu ti y nh sau:

auto eth0 iface eth0 inet static address 192.168.1.152 netmask 255.255.255.0 gateway 192.168.1.1 Sau bm nt Save li v trong terminal g lnh sudo etc/init.d/networking restart khi ng li Networlk. Vy l xong bn thit lp ip cho my Ubuntu.-

S dng cng c Xshell trn Windows Start -> Programs -> Xmanager Enterprise -> Xshell. Giao din ca Xshell nh hnh sau:-

Giao din Xshell Hp thoi New Session Properties Chn File->), xut hin hp thoi New Session Properties. Trn hp thoi ny, mc General g tn session vo Name, IP vo Host v chn Protocol l SSH. Sau click chut vo mc Authentication.-

Hp thoi New Session Properties Authentication - Trong mc Authentication, chn Method l Password, sau nhp username/password ng nhp Ubuntu. Click nt OK kt thc vic to mt session mi. Khi s xut hin hp thoi Sessions c lu cc thng tin v cc session c to.

Hp thoi Sessions ca Xshell

- Trn hp thoi Sessions, la chn session cn thit, sau click nt Connect. Khi Xshell s kt ni n Ubuntu c a ch IP trn. S xut hin hp thoi SSH Security Warning nh hnh di.

Hp thoi SSH Security Warning - Trn hp thoi SSH Security Warning, click nt Accept & Save lu li host key xc thc vic kt ni. Qu trnh kt ni thnh cng, trn ca s ca Xshell s c th g cc lnh trn Ubuntu .

Xshell Kt ni thnh cng n mt Linux Server Ch : Cng c Xshell cho php chy mt s chng trnh c giao din ha ca Ubuntu trn Windows thng qua X11 Forwarding. Ti ca s lnh, c th g lnh chy chng trnh ny. V d c th chy cc chng trnh nh gedit, gnomecommander. Tnh nng ny cng h tr ngi dng thun tin hn khi iu khin, qun tr.-

Gnome Commander hin th trn Windows thng qua Xshell

S dng cng c Putty trn windows

- So vi Xshell th cng c Putty l cng c gn nh, min ph v ch bao gm 1 file chy duy nht. Chy chng trnh Putty, xut hin hp thoi Putty Configuration:

Hp thoi Putty Configuration

- Trn hp thoi Putty Configuration, mc Session, nhp cc gi tr: o Host Name (or IP address): Nhp IP ca Ubuntu. o Connection type: Chn giao thc SSH. o Saved Session: Nhp tn ca Session kt ni. d nh, c th s dng tn session l a ch IP ca my kt ni n. Sau khi nhp tn session, nhp nt Save lu li

thng tin v session . Xut hin ca s lnh yu cu ln lt xc nhn: - login as: user name trn my Linux. - Password: mt khu tng ng. Sau khi xc nhn cc thng tin trn, Putty s login vo Ubuntu v xut hin ca s lnh cho php thc hin cc lnh trn Ubuntu.

Ca s lnh ca Putty

Kt hp cc th mc remote trong Ubuntu s dng giao thc SSH

Chn Places -> connect to server:

-

Trong cc ca hp thoi connect to server :o o o o

Service type: chon dch v l SSH. Server : 192.168.1.152 Folder:/home/tieusumo3 User Name: tieusumo3

o Bookmark name: Work Sao bm connect.

Do chng ta s dng SSH, cho nn h thng s hin th thng bo kt ni ti server. Bm nt Log In Anyway.-

in mt khu xc nhn, c 3 quyn la chn

- Khi thc hin xong bn s thy ng dn xut hin trn desktop, kch p vo truy cp d liu chia s trn h thng:

- Nhng l chng ta thc hin bng cc cng c c giao din, i

vi dng lnh th :

V bn cht, cc d liu remote kt hp s c tm thy trong ~/.gvfs/ (trong ~ l shortcut ca th mc gc s c dng /home/). di chuyn ti v tr , m ca s Terminal (Applications/ Accessories/ Terminal) v g lnh sau:

cd ~/.gvfs/ in tham s ls s lit k ra tt c nhng th mc cha d liu c th kt hp (g 1 vi k t nhn din ban u ri g tab hin th tt c):


Configure Webserver & SSL secure & redirect in SuSE Linux Enterprise

Remote Access via SSH - Hentzenwerke Moving from Windows to Linux

Cs490ns-cotter1 SSH / SSL Supplementary material

Transport-level and Web Security (SSL / TLS, SSH) Chapter 17 of Stallings

Manual SSL v2 en Linux Debian

Proyecto Final Ssh y Ssl v1

Protocolo SSL, TLS Y SSH

Manual Ssh Linux Ubuntu

1. Introducción 2. SSH 3. TLS/SSL 4. VPN

SSL, HTTPS en SSH

Transport-level and Web Security ( SSL / TLS, SSH )

LINUX SYSTEM ADMINISTRATIONcs491-2/projects/konda-ssh-report.pdf · 2005. 8. 8. · LINUX SYSTEM ADMINISTRATION AND SECURITY SSH (The Secure Shell) 1.Introduction 2.Overview of features

GNU/Linux - riptutorial.com · Configurazione di un server SSH per accettare connessioni 69 Disabilita il servizio ssh 70 ... Capitolo 1: Iniziare con GNU / Linux Examples Ciao mondo

At8000 s configurando com ssh-ssl

libcurl, seven SSL libraries and one SSH library

Servidor Ssh Linux

Configuracion SSH y Telnet en GNU Linux

1 SSH / SSL Supplementary material. 2 Secure Shell (SSH) One of the primary goals of the ARPANET was remote access Several different connections allowed

Gain visibility and control over your SSH and SSL …...Gain complete visibility over your SSH and SSL environments. Centralize all key and certificate management operations. Enforce

SSH en Linux

Tutorial de SSH Para Linux

Tomcat + SSL - Windows/Linux

An Overview of SSH Presentation to Linux Users of Victorialevlafayette.com/files/2017luvssh.pdf · An Overview of SSH Presentation to Linux Users of Victoria ... rainmaker.wunderground.com

Manual Ssh Linux

Transport Level Securityict.siit.tu.ac.th/...Transport-Level-Security.pdf · Transport Security Web Security TLS/SSL HTTPS SSH SSL and TLS I Secure Sockets Layer (SSL) originated

New NOUVELLES TECHNOLOGIES RESEAUX SSH – SSL – TLSduris/NTREZO/20022003/SSH_SSL_TLS.pdf · 2006. 7. 26. · 2.2. PROBLEMES RESOLUS : SSH La solution SSH est basée sur une authentification

SSH The Secure Shell - UniForum Chicagouniforumchicago.org/slides/ssh/SSH.pdf · 26.06.2007 · SSH The Secure Shell Platform: Linux and Unix UniForum ... • IETF formed group called

Instalación Ftp, Telnet y SSH sobre Linux

Konfiguracja usługi SSH w systemie Linux. - greszata.plgreszata.pl/.../23_konfiguracja_uslugi_ssh_w_systemie_linux.pdf · i sprawdzenia poprawności działania usługi SSH w systemie

Monografia Pos Seguranca Openvpn Com Ssl No Linux

Welcome! Azure Cleveland Meetup · Azure Arc server management for Windows and Linux is in Public Preview . Learn more. November 2019 Managed RDP/SSH to VMs over SSL using private

Ssh Ssl Snmp

SSH Router CISCO-Servidor GNU/Linux. file8/7/2018 · SSH SERVER (config) ssh authentication—retries 3 SSH SERVER (config) ssh version 2 . Debianl [Corriendo] - Oracle VM Virtua180x

SSL, SSH and IPSec - Swarthmore College · SSL, SSH and IPSec. Overview of things to come • Security can be implemented at many levels – Kerberos, SSL and SSH are implemented

Seminar Internet- Technologie Inhalt Zertifikate SSL HTTPS SSH Seminar Internet-Technologie SS 07 1