Scribd Logo
Upload

Welcome to Scribd!

  • Using SSH

    Uploaded by

    Henry
    464 views31 pages
    SSH is a network Protocol - - NAT Friendly Secure Port Forwarding GUI Forwarding NetWare Windows (not natively) Linux MAC Allows Data to be Exchanged Securely - Multiple OS Support - (c) Novell Inc. SSH is standard on Linux and mac, and can be added to any OS as the source code is freely available SSH is fast (no graphical overhead, doesn't send tons of data to maintain connections, command-line based)

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    SSH is a network Protocol - - NAT Friendly Secure Port Forwarding GUI Forwarding NetWare Windows (not natively) Linux MAC Allows Data to be Exchanged Securely - Multiple OS Support - (c) Novell Inc. SSH is standard on Linux and mac, and can be added to any OS as the source code is freely available SSH is fast (no graphical overhead, doesn't send tons of data to maintain connections, command-line based)

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    464 views31 pages

    Using SSH

    Uploaded by

    Henry
    SSH is a network Protocol - - NAT Friendly Secure Port Forwarding GUI Forwarding NetWare Windows (not natively) Linux MAC Allows Data to be Exchanged Securely - Multiple OS Support - (c) Novell Inc. SSH is standard on Linux and mac, and can be added to any OS as the source code is freely available SSH is fast (no graphical overhead, doesn't send tons of data to maintain connections, command-line based)

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 31

    Using SSH

    Everyone Should Know this

    Aaron Burgemeister
    FOSS Bigot
    Novell, Inc. ab@novell.com
    What is SSH?
    • SSH is a network Protocol
    – NAT Friendly
    – Secure
    • Allows Data to be Exchanged Securely
    – Port Forwarding
    – GUI Forwarding
    • Multiple OS Support
    – NetWare
    – Windows (Not Natively)
    – Linux
    – MAC

    2 © Novell Inc. All rights reserved


    SSH Experience
    • Heard of it?
    • Used it?
    • Tunneled?
    • Forwarded GUI?
    • Remote Commands?
    • Copied File?

    3 © Novell Inc. All rights reserved


    Why SSH?????

    • It's already there (cross-plat)


    • It's secure (SSHv2 (good) vs. SSHv1 (old/bad))
    • It's fast (no graphical overhead, doesn't send tons of
    data to maintain connections, command-line based)

    4 © Novell Inc. All rights reserved


    Available SSH Tools
    On Linux and Mac
    • SSH is standard on Linux and Mac, and NetWare, and
    can be added to any OS as the source code is freely
    available
    SSH
    SCP

    • Putty is even available for Linux


    – http://www.chiark.greenend.org.uk/~sgtatham/putty/

    5 © Novell Inc. All rights reserved


    Available SSH Tools on Windows

    Putty (and related applications below)


    – http://www.chiark.greenend.org.uk/~sgtatham/puttyl
    PLINK (Great for scripting uses)
    PAGENT (Key Material Management)

    6 © Novell Inc. All rights reserved


    Available SSH Tools on Windows

    WinSCP
    – http://winscp.net/eng/index.php
    XMING
    – http://sourceforge.net/projects/xming
    Cygwin
    – http://www.cygwin.com/

    7 © Novell Inc. All rights reserved


    SSH Server (Daemons)

    • The SSH Daemon is Supported by All OS's


    – Windows must use cygwin or OpenSSH to run the Daemon
    – NetWare 6.5 SP3 or greater

    • Multiple Authentication Back-ends


    – Using PAM authentication
    > /etc/passwd

    > eDirectory/LDAP

    > Active Directory

    – Centrify (www.centrify.com)

    8 © Novell Inc. All rights reserved


    How Can SSH Be Used?
    Basic SSH Connection

    Basic SSH Connection


    Access Files
    Launch Scripts
    Launch Programs
    Install Linux Remotely

    ssh root@ssh_server

    10 © Novell Inc. All rights reserved


    Basic SSH Connection

    SSH is a Shell Connection

    Full Access to the Remote Computer

    Redirect Sound

    Restart Services

    Install Software

    11 © Novell Inc. All rights reserved


    Tunneling with SSH

    SSH Can Tunnel any TCP Traffic

    Local Forwarding / Remote Forwarding


    Local Forwarding
    ● Involves forwarding a socket from the client to the
    server
    Remote Forwarding
    ● Involves forwarding a socket from the server to the
    client.
    Gateway Port and Security Note

    12 © Novell Inc. All rights reserved


    Tunneling with SSH - Security

    Security Benefits of Tunneling

    From SSH Client to SSH Server the connection


    is secure
    From the SSH Server to the remote service may not
    be secure, for example, HTTP, telnet, etc.
    May provide a way to easily secure an insecure
    application
    Access to otherwise inaccessible (more-secure)
    applications via a single locked-down server.
    Preventing it from happening (for admins)?

    13 © Novell Inc. All rights reserved


    E-Mail

    ssh username@ssh_server -L 993:imap_server:993

    14 © Novell Inc. All rights reserved


    E-Mail – Making a Connection

    Making the SSH Connection

    ssh username@ssh_server -L 1993:imap_server:993

    The e-mail client can then simply be pointed to the local


    computer on port '1993' to connect to the remote,
    otherwise inaccessible IMAP server.

    The “pointing” could be done via client connection


    parameters, a modified 'hosts' file, DNS, etc.

    15 © Novell Inc. All rights reserved


    Remote Desktop -
    Making a Connection
    Making the SSH Connection

    ssh username@ssh_server -L 3389:win_server:3389

    Starting the Linux RDP Client

    rdesktop localhost:3389

    16 © Novell Inc. All rights reserved


    Multiple Connections

    Single Tunnel Point


    Multiple Destinations
    Multiple Ports

    Whole command as one single line


    ssh username@ssh_server
    -L 1993:imap_server:993
    -L 3389:win_server:3389
    -L 1025:smtp_server:25

    17 © Novell Inc. All rights reserved


    Redirecting X (GUI)
    Redirecting the “GUI”

    Redirecting the Graphical Screens of the Remote


    Computer, Installation, Application, to the Local
    Computer

    Very Simple
    Redirect an Oracle Installer
    Redirect Skype

    19 © Novell Inc. All rights reserved


    From Linux to Linux

    Very Simple
    Native Support

    ssh username@ssh_server -X

    20 © Novell Inc. All rights reserved


    From Windows to Linux

    Not as Simple
    No Native Support
    • Enable X Redirection and use one of the following
    X Servers
    – xming
    > http://sourceforge.net/projects/xming
    – XwinLogon
    > http://www.calcmaster.net/visual-c++/xwinlogon/
    – LabF's WinaXe
    > http://www.labf.com/winaxeplus/index.html

    21 © Novell Inc. All rights reserved


    From Mac to Linux

    Very Simple
    Native Support
    Redirect
    – YaST
    – Skype
    – Installs

    ssh username@ssh_server -X

    22 © Novell Inc. All rights reserved


    Copying Files with SSH
    Simple File Copy with SSH

    Very Simple
    Fairly Fast
    Secure

    scp localfile.txt username@ssh_server:/remote/destination/path/

    scp username@ssh_server:/remote/destination/path/file.txt
    /local/destination/path/

    24 © Novell Inc. All rights reserved


    RSYNC Over SSH

    Very Simple
    Requires RSYNC client
    Synchronizes whole folder structures

    rsync -avz -e ssh /source_dir/ username@ssh_server:/dest_dir/

    25 © Novell Inc. All rights reserved


    Running Remote Commands with SSH
    Remote Commands

    Output returned to client machine sending command


    Makes connection, runs, and exits
    Useful for monitoring remote machines
    – Mentioned in Nagios session an hour ago

    ssh username@ssh_server 'ps aux';


    ssh username@ssh_server 'top -d1 -n1';

    27 © Novell Inc. All rights reserved


    Key Material Management and Usage
    Key Material

    Makes the Connection More Secure (passwords can


    be disabled to prevent feasibility of brute-force attacks)
    Allows for unprompted Authentication
    – Immediate access to the system
    – Provide access to the system without ever giving out the
    password, even as different identities than the user's own user

    • Steps Involved:
    – Generating a client key
    – Copying the keys to the remote destination's store
    – 'ssh-agent' used to store keys for you

    29 © Novell Inc. All rights reserved


    Demo

    • Novell Remote ®

    – Give access to specific services in a restricted environment


    – Useful for support to access environments behind firewall
    – Share access to a VM environment (NAT, Host-only)
    • Audience Demo
    – Requirement: Network Access; support.novell.com
    account preferably

    30 © Novell Inc. All rights reserved

    You might also like