SlideShare uma empresa Scribd logo

Using Secure Shell on Linux: What Everyone Should Know

Novell
Novell

Secure Shell, or SSH, is a network protocol that allows data to be exchanged over a secure channel. SSH is much more than just data being passed over the wire. SSH can be used to tunnel traffic and specific ports or applications across multiple servers. SSH is a must for anyone using Linux. If you haven't used SSH, then you have not used Linux! This session is designed for all technical staff or decision makers curious about great Linux tools and making access to Windows services, remote desktops and remote servers easier and less complicated. During this session, we will demonstrate techniques to tunnel RDP sessions, SOAP sessions and HTTP sessions between remote systems.

1 de 38
Baixar para ler offline
Using SSH on Linux Everyone Should Know This Jared Jennings Aaron Burgemeister Senior Consultant Technical Support Engineer Data Technique, Inc. Novell, Inc. jjennings@datatechnique.com ab@novell.com
What is SSH? SSH is a Network Protocol – NAT Friendly – Secure Cross-platform Support 2 © Novell, Inc. All rights reserved.
SSH Experience? • Heard of it? • Used it? • Tunneled? • Forwarded GUI? • Remote commands? • File copies (scp or rsync over ssh)? • Authentication other than passwords (keys, GSSAPI)? • Came here just to find presenter inaccuracies? 3 © Novell, Inc. All rights reserved.
Why Use SSH? Accessibility Fast Allows data to be exchanged securely – Port forwarding – GUI forwarding 4 © Novell, Inc. All rights reserved.
SSH Commands On Linux and Mac SSH SCP SSH is standard on Linux, Unix and Mac 5 © Novell, Inc. All rights reserved.
Available SSH Tools on Windows • Putty – http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html • http://www.chiark.greenend.org.uk/~sgtatham/putty – PLINK (great for scripting uses) – PAGENT (key material management) – pscp (file management) 6 © Novell, Inc. All rights reserved.
Available SSH Tools on Windows WinSCP – http://winscp.net/eng/index.php XMING – http://sourceforge.net/projects/xming Cygwin – http://www.cygwin.com/ 7 © Novell, Inc. All rights reserved.
SSH Server (Daemons) • The SSH daemon is supported by all OS's – Linux/Unix/Mac X – Windows must use third-party software to run the Daemon – NetWare 6.5 sp3 or greater ® • Multiple authentication back-ends – Using PAM authentication > Novell eDirectory , files, OpenLDAP ® ™ • Multiple authentication methods – Password; Public Key – Challenge/Response – Kerberos – Host-based 8 © Novell, Inc. All rights reserved.
How Can SSH Be Used?
Basic SSH Connection • Access files • Control remote system > ssh sshsvr.com -l ab #explicit > ssh ab@sshsvr.com #simple 10 © Novell, Inc. All rights reserved.
Tunneling with SSH SSH can tunnel just about any TCP traffic (IPv4 or Ipv6) Local forwarding/remote forwarding Local forwarding – Involves forwarding a socket from the client to the server Remote forwarding – Involves forwarding a socket from the server to the client 11 © Novell, Inc. All rights reserved.
Tunneling with SSH Puposes/Security Benefits of tunneling Connection from client to server is secure – Regular connections from client to server may not otherwise be secure – rsync, http, etc. Access an otherwise-inaccessible network – Similar to a VPN, but without as much setup – Access a single system with access to secure apps 12 © Novell, Inc. All rights reserved.
Tunneling with SSH Details One side opens an address/port on the specified listening side See the (by default) localhost-listening socket with netstat SSH takes all TCP data from that address/port and sends it through the established, doing-whatever-else, SSH connection. The opposite side sends the TCP data to the destination address/port as specified during the connection setup. The TCP client, whose traffic is tunneled, thinks it is talking to the SSH machine on the listening side of the tunnel. The TCP server, whose traffic is tunneled, thinks the SSH machine at the end of the tunnel is the TCP client. Everything outside of the SSH participants and the TCP client and server just sees a single SSH connection sending data from time to time 13 © Novell, Inc. All rights reserved.
HTTP (Web Server) Client in SSH Web Insecure Land Server Server Firewall Forwarding SSH sh ab@sshsvr.com -L 1080:http_server:80 14 © Novell, Inc. All rights reserved.
HTTP Making a Connection Making the SSH connection ssh sshsvr.com -L 1080:http_server:80 Pointing the web browser to the site http://localhost:1080/rest/of/the/url.html 15 © Novell, Inc. All rights reserved.
Novell GroupWise ® ® ssh ab@sshsvr.com -L 1677:groupWise_server:1677 16 © Novell, Inc. All rights reserved.
Novell GroupWise ® ® Making a Connection Making the SSH connection ssh ab@sshsvr.com -L 1677:groupWise_server:1677 Starting the Novell GroupWise client grpwise.exe -ipa=localhost -ipp=1677 17 © Novell, Inc. All rights reserved.
Remote Desktop (RDP) Making a Connection Making the SSH connection ssh ab@sshsvr.com -L 13389:WindowsServer:3389 Starting the Linux RDP client rdesktop localhost:13389 18 © Novell, Inc. All rights reserved.
Multiple Connections Single Multiple Multiple Tunnel Point Destinations Ports ssh ab@sshsvr.com -L 1080:http_server:80 -L 3389:broken_windows:3389 -L 19001:groupwise_server:1677 19 © Novell, Inc. All rights reserved.
Redirecting X (GUI)
Redirecting the “GUI” Redirecting the graphical screens of the remote computer, installation, application, to the local computer Very Simple Redirect Skype Redirect the GroupWise Installer ® 21 © Novell, Inc. All rights reserved.
From Linux/Mac to Linux • Very simple • Native support • Redirect – YaST – SUSE Linux setup tool ® – Skype – VoIP application – Installs – anything else ssh ab@sshsvr.com -X 22 © Novell, Inc. All rights reserved.
From Windows to Linux • Not as simple • No native support • Still works Enable X redirection and use one of the following X servers: – xming > http://sourceforge.net/projects/xming – XwinLogon > http://www.calcmaster.net/visual-c++/xwinlogon/ – LabF's WinaXe > http://www.labf.com/winaxeplus/index.html 23 © Novell, Inc. All rights reserved.
Copying Files with SSH
Simple File Copy with SSH • Very simple • Fairly fast • Secure • Supports entire directory structures • Same syntax as cp (copy) except with a host – Can actually function as a local cp command cp ./file ab@sshsvr.com:/home/ab/ #here to there scp ab@sshsvr.com:/home/ab/file ./ #there to here 25 © Novell, Inc. All rights reserved.
RSYNC Over SSH • Very simple • Requires RSYNC client • Synchronizes whole folder structures rsync -avz -e ssh source_dir ab@sshsvr.com:/dest_path 26 © Novell, Inc. All rights reserved.
Running Remote Commands with SSH
Commands Run Remotely • Output returned to client machine sending command • Makes connection, runs, and exits • Useful for monitoring/configuring/patching remote machines ssh ab@ssh_svr 'ps aux' ssh -t ab@ssh_svr 'top -d1 -n1' 28 © Novell, Inc. All rights reserved.
Key Material Management and Usage
Key Material • Makes the authentication MORE secure – Disable passwords to prevent successful brute-forcing • Allows for un-prompted authentication – Immediate access to the system; automated scripting possible – Provide access to the system without ever giving out the password; can also change identities or use multiples Steps Involved: 1. Generate the client keys 2. Copying the public key to the remote machine 3. Login as usual 30 © Novell, Inc. All rights reserved.
SSH Proxy Server
SSH to Proxy Traffic • Uses: – Lets you access content despite your client-side filters – Lets you access proxy-enabled services securely – Does NOT proxy DNS requests unless the DNS-using application knows to send DNS via the same connection – #connect and use 5555 as the SOCKS port locally – #then forward all proxy-able data through ssh_svr.com – ssh ab@ssh_svr.com -D 5555 32 © Novell, Inc. All rights reserved.
SSH to Proxy Traffic - Browser • Configure your browser's proxy to point to – 127.0.0.1:5555 – (or whichever socket is configured to listen on the client side) Do not configure other fields to use this!! 33 © Novell, Inc. All rights reserved.
SSH Troubleshooting
SSH Troubleshooting • Understand the technology and feature – TCP-based – Tunneling/proxying opens sockets – X-forwarding requires X libraries on the forwarding side, X- server on the forwarded side – Authentication can happen in multiple ways • Test another system – Maybe client or server is a lemon, e.g. running Windows :-) • Use the -v[v[v]] options from the command line – More 'v' mean more-verbose... lots of good data in here – Get a baseline BEFORE it breaks 35 © Novell, Inc. All rights reserved.
Demo • Novell Remote ® – Give access to specific services in a restricted environment – Useful for support to access environments behind firewall – Share access to a VM environment (NAT, Host-only) • Audience Demo – Requirement: Network Access; support.novell.com account preferably 36 © Novell, Inc. All rights reserved.
Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Recomendados

An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
TELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAITELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAIMUSTAFA SAKHAI
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Telnet & SSH Configuration
Telnet & SSH ConfigurationTelnet & SSH Configuration
Telnet & SSH ConfigurationVinod Gour
 
Ssh
SshSsh
Sshgh02
 
SSH
SSHSSH
SSHZach Dennis
 

Recomendados

An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
Bh usa-01-kaminsky
Bh usa-01-kaminskyBh usa-01-kaminsky
Bh usa-01-kaminskyDan Kaminsky
 
Introduction to SSH
Introduction to SSHIntroduction to SSH
Introduction to SSHHemant Shah
 
TELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAITELNET and SSH by MUSTAFA SAKHAI
TELNET and SSH by MUSTAFA SAKHAIMUSTAFA SAKHAI
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Telnet & SSH Configuration
Telnet & SSH ConfigurationTelnet & SSH Configuration
Telnet & SSH ConfigurationVinod Gour
 
Ssh
SshSsh
Sshgh02
 
SSH
SSHSSH
SSHZach Dennis
 
Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authChanaka Lasantha
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Ssh
SshSsh
SshRaghu nath
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocolBaspally Sai Anirudh
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Network telnet ssh
Network telnet sshNetwork telnet ssh
Network telnet sshStefan Fodor
 
Secure SHell
Secure SHellSecure SHell
Secure SHellÇağrı Çakır
 
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configdmp1304
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Manovideos
 
High performance content hosting
High performance content hosting High performance content hosting
High performance content hosting Aleksey Korzun
 
Docker networking tutorial 102
Docker networking tutorial 102Docker networking tutorial 102
Docker networking tutorial 102LorisPack Project
 
Docker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneDocker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneMadhu Venugopal
 
The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014Puppet
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
14 network tools
14 network tools14 network tools
14 network toolsShay Cohen
 
OSDC 2014 ONIE by Nat Morris
OSDC 2014 ONIE by Nat MorrisOSDC 2014 ONIE by Nat Morris
OSDC 2014 ONIE by Nat MorrisCumulus Networks
 
4. open mano set up and usage
4. open mano set up and usage4. open mano set up and usage
4. open mano set up and usagevideos
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfvvideos
 
ONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, BerlinONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, BerlinNat Morris
 
Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network clientroot_fibo
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnelAmandeep Singh
 

Mais conteúdo relacionado

Mais procurados

Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authChanaka Lasantha
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling RecipesOSOCO
 
Secure shell
Secure shellSecure shell
Secure shellArjun Aj
 
Network telnet ssh
Network telnet sshNetwork telnet ssh
Network telnet sshStefan Fodor
 
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configdmp1304
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)Mehedi Farazi
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Manovideos
 
High performance content hosting
High performance content hosting High performance content hosting
High performance content hosting Aleksey Korzun
 
Docker networking tutorial 102
Docker networking tutorial 102Docker networking tutorial 102
Docker networking tutorial 102LorisPack Project
 
Docker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneDocker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneMadhu Venugopal
 
The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014Puppet
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)Pina Parmar
 
14 network tools
14 network tools14 network tools
14 network toolsShay Cohen
 
OSDC 2014 ONIE by Nat Morris
OSDC 2014 ONIE by Nat MorrisOSDC 2014 ONIE by Nat Morris
OSDC 2014 ONIE by Nat MorrisCumulus Networks
 
4. open mano set up and usage
4. open mano set up and usage4. open mano set up and usage
4. open mano set up and usagevideos
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfvvideos
 
ONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, BerlinONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, BerlinNat Morris
 

Mais procurados (20)

Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory auth
 
SSH Tunneling Recipes
SSH Tunneling RecipesSSH Tunneling Recipes
SSH Tunneling Recipes
 
Ssh
SshSsh
Ssh
 
Secure shell protocol
Secure shell protocolSecure shell protocol
Secure shell protocol
 
Secure shell
Secure shellSecure shell
Secure shell
 
Network telnet ssh
Network telnet sshNetwork telnet ssh
Network telnet ssh
 
Secure SHell
Secure SHellSecure SHell
Secure SHell
 
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh configFLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
 
Ssh (The Secure Shell)
Ssh (The Secure Shell)Ssh (The Secure Shell)
Ssh (The Secure Shell)
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano
 
High performance content hosting
High performance content hosting High performance content hosting
High performance content hosting
 
Docker networking tutorial 102
Docker networking tutorial 102Docker networking tutorial 102
Docker networking tutorial 102
 
Docker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneDocker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-Plane
 
The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014The Switch as a Server - PuppetConf 2014
The Switch as a Server - PuppetConf 2014
 
Secure Shell(ssh)
Secure Shell(ssh)Secure Shell(ssh)
Secure Shell(ssh)
 
14 network tools
14 network tools14 network tools
14 network tools
 
OSDC 2014 ONIE by Nat Morris
OSDC 2014 ONIE by Nat MorrisOSDC 2014 ONIE by Nat Morris
OSDC 2014 ONIE by Nat Morris
 
4. open mano set up and usage
4. open mano set up and usage4. open mano set up and usage
4. open mano set up and usage
 
3. configuring a compute node for nfv
3. configuring a compute node for nfv3. configuring a compute node for nfv
3. configuring a compute node for nfv
 
ONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, BerlinONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
ONIE: Open Network Install Environment @ OSDC 2014 Netways, Berlin
 

Semelhante a Using Secure Shell on Linux: What Everyone Should Know

Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network clientroot_fibo
 
[Mas 500] Various Topics
[Mas 500] Various Topics[Mas 500] Various Topics
[Mas 500] Various Topicsrahulbot
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Presentation nix
Presentation nixPresentation nix
Presentation nixfangjiafu
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thingMarc Cluet
 
SSH Tunneling
SSH TunnelingSSH Tunneling
SSH TunnelingThanh Tai
 
Migrating Novell GroupWise to Linux
Migrating Novell GroupWise to LinuxMigrating Novell GroupWise to Linux
Migrating Novell GroupWise to LinuxNovell
 
RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)Sumant Garg
 
Switch as a Server - PuppetConf 2014 - Leslie Carr
Switch as a Server - PuppetConf 2014 - Leslie CarrSwitch as a Server - PuppetConf 2014 - Leslie Carr
Switch as a Server - PuppetConf 2014 - Leslie CarrCumulus Networks
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker建澄 吳
 
OpenStack in action 4! Alessandro Pilotti - OpenStack, Hyper-V and Windows
OpenStack in action 4! Alessandro Pilotti - OpenStack, Hyper-V and WindowsOpenStack in action 4! Alessandro Pilotti - OpenStack, Hyper-V and Windows
OpenStack in action 4! Alessandro Pilotti - OpenStack, Hyper-V and WindowseNovance
 

Semelhante a Using Secure Shell on Linux: What Everyone Should Know (20)

Unit 13 network client
Unit 13 network clientUnit 13 network client
Unit 13 network client
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
 
linux
linuxlinux
linux
 
[Mas 500] Various Topics
[Mas 500] Various Topics[Mas 500] Various Topics
[Mas 500] Various Topics
 
Remote1
Remote1Remote1
Remote1
 
Windowshadoop
WindowshadoopWindowshadoop
Windowshadoop
 
Gwc3
Gwc3Gwc3
Gwc3
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Presentation nix
Presentation nixPresentation nix
Presentation nix
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
 
Ssh that wonderful thing
Ssh that wonderful thingSsh that wonderful thing
Ssh that wonderful thing
 
SSH Tunneling
SSH TunnelingSSH Tunneling
SSH Tunneling
 
Migrating Novell GroupWise to Linux
Migrating Novell GroupWise to LinuxMigrating Novell GroupWise to Linux
Migrating Novell GroupWise to Linux
 
Telnet presentation
Telnet presentationTelnet presentation
Telnet presentation
 
RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)RHCE (RED HAT CERTIFIED ENGINEERING)
RHCE (RED HAT CERTIFIED ENGINEERING)
 
Medusa Project
Medusa ProjectMedusa Project
Medusa Project
 
Switch as a Server - PuppetConf 2014 - Leslie Carr
Switch as a Server - PuppetConf 2014 - Leslie CarrSwitch as a Server - PuppetConf 2014 - Leslie Carr
Switch as a Server - PuppetConf 2014 - Leslie Carr
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
 
FreeSWITCH on Docker
FreeSWITCH on DockerFreeSWITCH on Docker
FreeSWITCH on Docker
 
OpenStack in action 4! Alessandro Pilotti - OpenStack, Hyper-V and Windows
OpenStack in action 4! Alessandro Pilotti - OpenStack, Hyper-V and WindowsOpenStack in action 4! Alessandro Pilotti - OpenStack, Hyper-V and Windows
OpenStack in action 4! Alessandro Pilotti - OpenStack, Hyper-V and Windows
 

Mais de Novell

Filr white paper
Filr white paperFilr white paper
Filr white paperNovell
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2Novell
 
Social media class 3
Social media class 3Social media class 3
Social media class 3Novell
 
Social media class 2
Social media class 2Social media class 2
Social media class 2Novell
 
Social media class 1
Social media class 1Social media class 1
Social media class 1Novell
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2Novell
 
LinkedIn training presentation
LinkedIn training presentationLinkedIn training presentation
LinkedIn training presentationNovell
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentationNovell
 
Getting started with social media
Getting started with social mediaGetting started with social media
Getting started with social mediaNovell
 
Strategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaStrategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaNovell
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHNovell
 
Workload iq final
Workload iq finalWorkload iq final
Workload iq finalNovell
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused EnterpriseNovell
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialNovell
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the CloudNovell
 
The New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsThe New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsNovell
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding businessNovell
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachNovell
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Novell
 

Mais de Novell (20)

Filr white paper
Filr white paperFilr white paper
Filr white paper
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2
 
Social media class 3
Social media class 3Social media class 3
Social media class 3
 
Social media class 2
Social media class 2Social media class 2
Social media class 2
 
Social media class 1
Social media class 1Social media class 1
Social media class 1
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2
 
LinkedIn training presentation
LinkedIn training presentationLinkedIn training presentation
LinkedIn training presentation
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentation
 
Getting started with social media
Getting started with social mediaGetting started with social media
Getting started with social media
 
Strategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaStrategies for sharing and commenting in social media
Strategies for sharing and commenting in social media
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
 
Workload iq final
Workload iq finalWorkload iq final
Workload iq final
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of Social
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the Cloud
 
The New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsThe New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration Trends
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding business
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated Approach
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
 

Using Secure Shell on Linux: What Everyone Should Know

  • 1. Using SSH on Linux Everyone Should Know This Jared Jennings Aaron Burgemeister Senior Consultant Technical Support Engineer Data Technique, Inc. Novell, Inc. jjennings@datatechnique.com ab@novell.com
  • 2. What is SSH? SSH is a Network Protocol – NAT Friendly – Secure Cross-platform Support 2 © Novell, Inc. All rights reserved.
  • 3. SSH Experience? • Heard of it? • Used it? • Tunneled? • Forwarded GUI? • Remote commands? • File copies (scp or rsync over ssh)? • Authentication other than passwords (keys, GSSAPI)? • Came here just to find presenter inaccuracies? 3 © Novell, Inc. All rights reserved.
  • 4. Why Use SSH? Accessibility Fast Allows data to be exchanged securely – Port forwarding – GUI forwarding 4 © Novell, Inc. All rights reserved.
  • 5. SSH Commands On Linux and Mac SSH SCP SSH is standard on Linux, Unix and Mac 5 © Novell, Inc. All rights reserved.
  • 6. Available SSH Tools on Windows • Putty – http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html • http://www.chiark.greenend.org.uk/~sgtatham/putty – PLINK (great for scripting uses) – PAGENT (key material management) – pscp (file management) 6 © Novell, Inc. All rights reserved.
  • 7. Available SSH Tools on Windows WinSCP – http://winscp.net/eng/index.php XMING – http://sourceforge.net/projects/xming Cygwin – http://www.cygwin.com/ 7 © Novell, Inc. All rights reserved.
  • 8. SSH Server (Daemons) • The SSH daemon is supported by all OS's – Linux/Unix/Mac X – Windows must use third-party software to run the Daemon – NetWare 6.5 sp3 or greater ® • Multiple authentication back-ends – Using PAM authentication > Novell eDirectory , files, OpenLDAP ® ™ • Multiple authentication methods – Password; Public Key – Challenge/Response – Kerberos – Host-based 8 © Novell, Inc. All rights reserved.
  • 9. How Can SSH Be Used?
  • 10. Basic SSH Connection • Access files • Control remote system > ssh sshsvr.com -l ab #explicit > ssh ab@sshsvr.com #simple 10 © Novell, Inc. All rights reserved.
  • 11. Tunneling with SSH SSH can tunnel just about any TCP traffic (IPv4 or Ipv6) Local forwarding/remote forwarding Local forwarding – Involves forwarding a socket from the client to the server Remote forwarding – Involves forwarding a socket from the server to the client 11 © Novell, Inc. All rights reserved.
  • 12. Tunneling with SSH Puposes/Security Benefits of tunneling Connection from client to server is secure – Regular connections from client to server may not otherwise be secure – rsync, http, etc. Access an otherwise-inaccessible network – Similar to a VPN, but without as much setup – Access a single system with access to secure apps 12 © Novell, Inc. All rights reserved.
  • 13. Tunneling with SSH Details One side opens an address/port on the specified listening side See the (by default) localhost-listening socket with netstat SSH takes all TCP data from that address/port and sends it through the established, doing-whatever-else, SSH connection. The opposite side sends the TCP data to the destination address/port as specified during the connection setup. The TCP client, whose traffic is tunneled, thinks it is talking to the SSH machine on the listening side of the tunnel. The TCP server, whose traffic is tunneled, thinks the SSH machine at the end of the tunnel is the TCP client. Everything outside of the SSH participants and the TCP client and server just sees a single SSH connection sending data from time to time 13 © Novell, Inc. All rights reserved.
  • 14. HTTP (Web Server) Client in SSH Web Insecure Land Server Server Firewall Forwarding SSH sh ab@sshsvr.com -L 1080:http_server:80 14 © Novell, Inc. All rights reserved.
  • 15. HTTP Making a Connection Making the SSH connection ssh sshsvr.com -L 1080:http_server:80 Pointing the web browser to the site http://localhost:1080/rest/of/the/url.html 15 © Novell, Inc. All rights reserved.
  • 16. Novell GroupWise ® ® ssh ab@sshsvr.com -L 1677:groupWise_server:1677 16 © Novell, Inc. All rights reserved.
  • 17. Novell GroupWise ® ® Making a Connection Making the SSH connection ssh ab@sshsvr.com -L 1677:groupWise_server:1677 Starting the Novell GroupWise client grpwise.exe -ipa=localhost -ipp=1677 17 © Novell, Inc. All rights reserved.
  • 18. Remote Desktop (RDP) Making a Connection Making the SSH connection ssh ab@sshsvr.com -L 13389:WindowsServer:3389 Starting the Linux RDP client rdesktop localhost:13389 18 © Novell, Inc. All rights reserved.
  • 19. Multiple Connections Single Multiple Multiple Tunnel Point Destinations Ports ssh ab@sshsvr.com -L 1080:http_server:80 -L 3389:broken_windows:3389 -L 19001:groupwise_server:1677 19 © Novell, Inc. All rights reserved.
  • 21. Redirecting the “GUI” Redirecting the graphical screens of the remote computer, installation, application, to the local computer Very Simple Redirect Skype Redirect the GroupWise Installer ® 21 © Novell, Inc. All rights reserved.
  • 22. From Linux/Mac to Linux • Very simple • Native support • Redirect – YaST – SUSE Linux setup tool ® – Skype – VoIP application – Installs – anything else ssh ab@sshsvr.com -X 22 © Novell, Inc. All rights reserved.
  • 23. From Windows to Linux • Not as simple • No native support • Still works Enable X redirection and use one of the following X servers: – xming > http://sourceforge.net/projects/xming – XwinLogon > http://www.calcmaster.net/visual-c++/xwinlogon/ – LabF's WinaXe > http://www.labf.com/winaxeplus/index.html 23 © Novell, Inc. All rights reserved.
  • 25. Simple File Copy with SSH • Very simple • Fairly fast • Secure • Supports entire directory structures • Same syntax as cp (copy) except with a host – Can actually function as a local cp command cp ./file ab@sshsvr.com:/home/ab/ #here to there scp ab@sshsvr.com:/home/ab/file ./ #there to here 25 © Novell, Inc. All rights reserved.
  • 26. RSYNC Over SSH • Very simple • Requires RSYNC client • Synchronizes whole folder structures rsync -avz -e ssh source_dir ab@sshsvr.com:/dest_path 26 © Novell, Inc. All rights reserved.
  • 28. Commands Run Remotely • Output returned to client machine sending command • Makes connection, runs, and exits • Useful for monitoring/configuring/patching remote machines ssh ab@ssh_svr 'ps aux' ssh -t ab@ssh_svr 'top -d1 -n1' 28 © Novell, Inc. All rights reserved.
  • 30. Key Material • Makes the authentication MORE secure – Disable passwords to prevent successful brute-forcing • Allows for un-prompted authentication – Immediate access to the system; automated scripting possible – Provide access to the system without ever giving out the password; can also change identities or use multiples Steps Involved: 1. Generate the client keys 2. Copying the public key to the remote machine 3. Login as usual 30 © Novell, Inc. All rights reserved.
  • 32. SSH to Proxy Traffic • Uses: – Lets you access content despite your client-side filters – Lets you access proxy-enabled services securely – Does NOT proxy DNS requests unless the DNS-using application knows to send DNS via the same connection – #connect and use 5555 as the SOCKS port locally – #then forward all proxy-able data through ssh_svr.com – ssh ab@ssh_svr.com -D 5555 32 © Novell, Inc. All rights reserved.
  • 33. SSH to Proxy Traffic - Browser • Configure your browser's proxy to point to – 127.0.0.1:5555 – (or whichever socket is configured to listen on the client side) Do not configure other fields to use this!! 33 © Novell, Inc. All rights reserved.
  • 35. SSH Troubleshooting • Understand the technology and feature – TCP-based – Tunneling/proxying opens sockets – X-forwarding requires X libraries on the forwarding side, X- server on the forwarded side – Authentication can happen in multiple ways • Test another system – Maybe client or server is a lemon, e.g. running Windows :-) • Use the -v[v[v]] options from the command line – More 'v' mean more-verbose... lots of good data in here – Get a baseline BEFORE it breaks 35 © Novell, Inc. All rights reserved.
  • 36. Demo • Novell Remote ® – Give access to specific services in a restricted environment – Useful for support to access environments behind firewall – Share access to a VM environment (NAT, Host-only) • Audience Demo – Requirement: Network Access; support.novell.com account preferably 36 © Novell, Inc. All rights reserved.
  • 37.
  • 38. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.