Enviar pesquisa
Carregar
Ssh that wonderful thing
•
2 gostaram
•
1,380 visualizações
Marc Cluet
Seguir
Lynx Consultants training into SSH
Leia menos
Leia mais
Tecnologia
Educação
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 19
Baixar agora
Baixar para ler offline
Recomendados
Introduction to SSH & PGP
Introduction to SSH & PGP
Sarang Ananda Rao
Secure Shell(ssh)
Secure Shell(ssh)
Pina Parmar
Secure SHell
Secure SHell
Çağrı Çakır
Ssh
Ssh
Raghu nath
Secure shell protocol
Secure shell protocol
Baspally Sai Anirudh
An introduction to SSH
An introduction to SSH
nussbauml
SSH - Secure Shell
SSH - Secure Shell
Peter R. Egli
Secure shell
Secure shell
Arjun Aj
Recomendados
Introduction to SSH & PGP
Introduction to SSH & PGP
Sarang Ananda Rao
Secure Shell(ssh)
Secure Shell(ssh)
Pina Parmar
Secure SHell
Secure SHell
Çağrı Çakır
Ssh
Ssh
Raghu nath
Secure shell protocol
Secure shell protocol
Baspally Sai Anirudh
An introduction to SSH
An introduction to SSH
nussbauml
SSH - Secure Shell
SSH - Secure Shell
Peter R. Egli
Secure shell
Secure shell
Arjun Aj
Intro to SSH
Intro to SSH
JP Bourget
Ssh And Rlogin
Ssh And Rlogin
Sourav Roy
SSH
SSH
Zach Dennis
Ssh (The Secure Shell)
Ssh (The Secure Shell)
Mehedi Farazi
Introduction to SSH
Introduction to SSH
Hemant Shah
Ssh tunnel
Ssh tunnel
Amandeep Singh
Secure shell ppt
Secure shell ppt
sravya raju
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
dmp1304
SSH.ppt
SSH.ppt
joekr1
Cryptography - Overview
Cryptography - Overview
Mohammed Adam
OpenSSH tricks
OpenSSH tricks
Assem CHELLI
SSL intro
SSL intro
Three Lee
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
Secure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLE
AmiraMohamedGalal
Ssh
Ssh
gh02
How to increase security with SSH
How to increase security with SSH
Vitalii Sharavara
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
Sandeep Gupta
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
Asad Ali
TLS/SSL Internet Security Talk
TLS/SSL Internet Security Talk
Nisheed KM
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
Novell
Presentation nix
Presentation nix
fangjiafu
Presentation nix
Presentation nix
fangjiafu
Mais conteúdo relacionado
Mais procurados
Intro to SSH
Intro to SSH
JP Bourget
Ssh And Rlogin
Ssh And Rlogin
Sourav Roy
SSH
SSH
Zach Dennis
Ssh (The Secure Shell)
Ssh (The Secure Shell)
Mehedi Farazi
Introduction to SSH
Introduction to SSH
Hemant Shah
Ssh tunnel
Ssh tunnel
Amandeep Singh
Secure shell ppt
Secure shell ppt
sravya raju
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
dmp1304
SSH.ppt
SSH.ppt
joekr1
Cryptography - Overview
Cryptography - Overview
Mohammed Adam
OpenSSH tricks
OpenSSH tricks
Assem CHELLI
SSL intro
SSL intro
Three Lee
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
Secure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLE
AmiraMohamedGalal
Ssh
Ssh
gh02
How to increase security with SSH
How to increase security with SSH
Vitalii Sharavara
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
Sandeep Gupta
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
Asad Ali
TLS/SSL Internet Security Talk
TLS/SSL Internet Security Talk
Nisheed KM
Mais procurados
(19)
Intro to SSH
Intro to SSH
Ssh And Rlogin
Ssh And Rlogin
SSH
SSH
Ssh (The Secure Shell)
Ssh (The Secure Shell)
Introduction to SSH
Introduction to SSH
Ssh tunnel
Ssh tunnel
Secure shell ppt
Secure shell ppt
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
FLOSS UK DEVOPS Spring 2015 Enhancing ssh config
SSH.ppt
SSH.ppt
Cryptography - Overview
Cryptography - Overview
OpenSSH tricks
OpenSSH tricks
SSL intro
SSL intro
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Secure shell(ssh) AND telnet AND CONSOLE
Secure shell(ssh) AND telnet AND CONSOLE
Ssh
Ssh
How to increase security with SSH
How to increase security with SSH
Ssl (Secure Socket Layer)
Ssl (Secure Socket Layer)
Ssl (Secure Sockets Layer)
Ssl (Secure Sockets Layer)
TLS/SSL Internet Security Talk
TLS/SSL Internet Security Talk
Semelhante a Ssh that wonderful thing
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
Novell
Presentation nix
Presentation nix
fangjiafu
Presentation nix
Presentation nix
fangjiafu
encryption presentation (SAGE-WA, 2010-10-05)
encryption presentation (SAGE-WA, 2010-10-05)
Alastair Irvine
SSh_part_1.pptx
SSh_part_1.pptx
Shelly119532
Configure ssh cell
Configure ssh cell
Andre Septian
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
Muhammad Moinur Rahman
Secure socket layer
Secure socket layer
BU
So you want to be a security expert
So you want to be a security expert
Royce Davis
Windowshadoop
Windowshadoop
arunkumar sadhasivam
SSH Tunneling
SSH Tunneling
Thanh Tai
Tatu: ssh as a service
Tatu: ssh as a service
Pino deCandia
Creating SSH Key.pptx
Creating SSH Key.pptx
Saumya876452
DSSH: Innovation in SSH
DSSH: Innovation in SSH
Juraj Bednar
Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)
Abhishek Kumar
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
VEXXHOST Private Cloud
Ost ssl lec
Ost ssl lec
Kaustubh Joshi
Owning computers without shell access dark
Owning computers without shell access dark
Royce Davis
SSH for pen-testers
SSH for pen-testers
E D Williams
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructure
webhostingguy
Semelhante a Ssh that wonderful thing
(20)
Using Secure Shell on Linux: What Everyone Should Know
Using Secure Shell on Linux: What Everyone Should Know
Presentation nix
Presentation nix
Presentation nix
Presentation nix
encryption presentation (SAGE-WA, 2010-10-05)
encryption presentation (SAGE-WA, 2010-10-05)
SSh_part_1.pptx
SSh_part_1.pptx
Configure ssh cell
Configure ssh cell
FreeBSD and Hardening Web Server
FreeBSD and Hardening Web Server
Secure socket layer
Secure socket layer
So you want to be a security expert
So you want to be a security expert
Windowshadoop
Windowshadoop
SSH Tunneling
SSH Tunneling
Tatu: ssh as a service
Tatu: ssh as a service
Creating SSH Key.pptx
Creating SSH Key.pptx
DSSH: Innovation in SSH
DSSH: Innovation in SSH
Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
How To Create a SSL Certificate on Nginx for Ubuntu.pptx
Ost ssl lec
Ost ssl lec
Owning computers without shell access dark
Owning computers without shell access dark
SSH for pen-testers
SSH for pen-testers
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructure
Mais de Marc Cluet
Your Kernel and You
Your Kernel and You
Marc Cluet
Managing DevOps teams, staying alive
Managing DevOps teams, staying alive
Marc Cluet
The DevOps journey - How to get there painlessly
The DevOps journey - How to get there painlessly
Marc Cluet
Elastic Beanstalk, usos prácticos y conceptos
Elastic Beanstalk, usos prácticos y conceptos
Marc Cluet
Service discovery and puppet
Service discovery and puppet
Marc Cluet
Puppet Camp London Fall 2015 - Service Discovery and Puppet
Puppet Camp London Fall 2015 - Service Discovery and Puppet
Marc Cluet
Puppet and your Metadata - PuppetCamp London 2015
Puppet and your Metadata - PuppetCamp London 2015
Marc Cluet
Consul First Steps
Consul First Steps
Marc Cluet
Autoscaling Best Practices - WebPerf Barcelona Oct 2014
Autoscaling Best Practices - WebPerf Barcelona Oct 2014
Marc Cluet
Microservices and the Cloud - DevOps Cardiff Meetup
Microservices and the Cloud - DevOps Cardiff Meetup
Marc Cluet
Microservices and the Cloud
Microservices and the Cloud
Marc Cluet
How to implement microservices
How to implement microservices
Marc Cluet
A Metadata Ocean in Chef and Puppet
A Metadata Ocean in Chef and Puppet
Marc Cluet
Autoscaling Best Practices
Autoscaling Best Practices
Marc Cluet
Rackspace Hack Night - Vagrant & Packer
Rackspace Hack Night - Vagrant & Packer
Marc Cluet
Innovation in the Cloud - Rackspace Zurich Event
Innovation in the Cloud - Rackspace Zurich Event
Marc Cluet
Introduction to DevOps - Rackspace tech night
Introduction to DevOps - Rackspace tech night
Marc Cluet
Hadoop operations
Hadoop operations
Marc Cluet
Introduction to hadoop
Introduction to hadoop
Marc Cluet
Networking & dns 101
Networking & dns 101
Marc Cluet
Mais de Marc Cluet
(20)
Your Kernel and You
Your Kernel and You
Managing DevOps teams, staying alive
Managing DevOps teams, staying alive
The DevOps journey - How to get there painlessly
The DevOps journey - How to get there painlessly
Elastic Beanstalk, usos prácticos y conceptos
Elastic Beanstalk, usos prácticos y conceptos
Service discovery and puppet
Service discovery and puppet
Puppet Camp London Fall 2015 - Service Discovery and Puppet
Puppet Camp London Fall 2015 - Service Discovery and Puppet
Puppet and your Metadata - PuppetCamp London 2015
Puppet and your Metadata - PuppetCamp London 2015
Consul First Steps
Consul First Steps
Autoscaling Best Practices - WebPerf Barcelona Oct 2014
Autoscaling Best Practices - WebPerf Barcelona Oct 2014
Microservices and the Cloud - DevOps Cardiff Meetup
Microservices and the Cloud - DevOps Cardiff Meetup
Microservices and the Cloud
Microservices and the Cloud
How to implement microservices
How to implement microservices
A Metadata Ocean in Chef and Puppet
A Metadata Ocean in Chef and Puppet
Autoscaling Best Practices
Autoscaling Best Practices
Rackspace Hack Night - Vagrant & Packer
Rackspace Hack Night - Vagrant & Packer
Innovation in the Cloud - Rackspace Zurich Event
Innovation in the Cloud - Rackspace Zurich Event
Introduction to DevOps - Rackspace tech night
Introduction to DevOps - Rackspace tech night
Hadoop operations
Hadoop operations
Introduction to hadoop
Introduction to hadoop
Networking & dns 101
Networking & dns 101
Último
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Lorenzo Miniero
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Raghuram Pandurangan
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
mohitsingh558521
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
LoriGlavin3
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
LoriGlavin3
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Último
(20)
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Ssh that wonderful thing
1.
Marc Cluet –
Lynx Consultants How I learned to stop worrying and love the shell
2.
What we’ll cover? ¡
Understand how SSH works ¡ Get a clear picture of how ssh bastion hosts work ¡ Be able to do more awesome stuff with SSH! Lynx Consultants © 2013
3.
What is SSH? ¡
Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client (running SSH server and SSH client programs, respectively).[1] The protocol specification distinguishes two major versions that are referred to as SSH-‐1 and SSH-‐2…. *whew* Lynx Consultants © 2013
4.
But really, what
is SSH? ¡ SSH opens a terminal connection to a remote host ¡ It does so using cryptography to avoid any break or leak in communication ¡ It is a very powerful tool for remote execution ¡ It is awesome! Lynx Consultants © 2013
5.
How does SSH
create a connection? ¡ You run your SSH command ssh user@host ¡ SSH client connects to host ¡ SSH client negotiates with host crypto and version ¡ SSH host requests authentication (password, certificates) ¡ SSH client replies with the crypto challenge ¡ Communication is open! Lynx Consultants © 2013
6.
Authentication methods ¡ Password
§ Typical manual password § Turing keyboard test ¡ Certificates § Public Key certificates (RSA1, RSA, DSA, GSS) § Host-‐based certificates Lynx Consultants © 2013
7.
Certificates ¡ A certificate
ensures your identity by providing a crypto key divided in public and private parts (asymmetric cryptography) ¡ A public crypto key can be shared and is mathematically linked to the private key ¡ A private key shouldn’t be shared and is able to unlock and decipher the ciphertext Lynx Consultants © 2013
8.
Certificates ¡ A certificate
can be generated for each host or group of hosts you want to access ¡ Each certificate can and should be protected by a password for extra security ¡ Certificates are easy to revoke, so in case of any incident a new certificate can be generated Lynx Consultants © 2013
9.
Certificates ¡ Run the
command § ssh-‐keygen –t rsa ~/.ssh/id_foryournetwork ¡ This will create a unique certificate for network hosts ¡ All your other hosts or keys (github, etc) are safely different Lynx Consultants © 2013
10.
Security risks of
running an infrastructure ¡ If we leave password authentication open we’re subject to dictionary attacks § The whole system strength is defined by the weakest password ¡ Each host that has ssh open is another security risk ¡ All this can be resolved by Bastion Hosts! Lynx Consultants © 2013
11.
What is a
Bastion Host? Lynx Consultants © 2013
12.
What is a
Bastion Host? ¡ A Bastion Host sits between two networks, one trusted and one untrusted ¡ It regulates traffic between those networks, highlighting any malicious traffic and refusing it ¡ It is the first line of defence in a system Lynx Consultants © 2013
13.
SSH Configuration ¡ Here’s
an example # Config to access bastion host! Host bastionhost! !User myuser! !IdentityFile ~/.ssh/id_mynetwork! !Hostname 1.2.3.4! Lynx Consultants © 2013
14.
How to Diagnose
connections ¡ Always run ssh –v (-‐v for verbose) ¡ Make sure you test each point of your connection Lynx Consultants © 2013
15.
How to Diagnose
connections ¡ Always run ssh –v (-‐v for verbose) ¡ Make sure you test each point of your connection § First bastion host § Then proceed further up ¡ Regular issues § Lack of Certificate § DNS problem § Internets is broken Lynx Consultants © 2013
16.
Awesome Stuff –
Port Redirection ¡ You can redirect a port from your machine to the remote host or the other way around § -‐L myport:destination:destport ▪ Forwards a connection made to localhost 8080 to myhost port 80 (-‐ L 8080:myhost:80) Lynx Consultants © 2013
17.
Awesome Stuff –
Port Redirection ¡ You can redirect a port from your machine to the remote host or the other way around § -‐R remoteport:destination:destport ▪ Forwards a connection made to destination port 8080 to localhost port 80 (-‐R 80:myhost:8080) Lynx Consultants © 2013
18.
Awesome Stuff –
Socks Proxy ¡ You can create a SOCKS Proxy transparently with SSH § This will allow you to navigate the remote network as if it was your own ¡ ssh –D2222 user@myhost ¡ Configure your browser to use a SOCKS proxy at localhost port 2222 ¡ Navigate to all internal network pages! Lynx Consultants © 2013
19.
Questions? Lynx Consultants ©
2013
Baixar agora