SlideShare une entreprise Scribd logo

OpenSSH: Secure Remote Login Tool

W
webelement

OpenSSH is a free software suite that implements secure, remote login and file transfer capabilities using the SSH protocol. It provides a secure replacement for older protocols like telnet, FTP, and rlogin. OpenSSH allows for remote login, file transfer, port forwarding, X11 forwarding, and more. It offers strong security features like public-key authentication and encrypted connections.

Technologie
1  sur  24
Télécharger pour lire hors ligne
OpenSSH tomas.corej@websupport.sk @tomas_corej
OpenSSH ● nastroj pre bezpecne, vzdialene prihlasovanie ● prepisana verzia originalneho SSH nastroja ● priklad flexibilneho nastroja pouzitelneho na ovela viac nez len vzdialene prihlasovanie ● nahrada za telnet, ftp, rlogin ●
Od zaciatku pesnik:~$ ssh testor alebo pesnik:~$ ln -s /usr/bin/ssh-argv0 $HOME/bin/testor pesnik:~$ testor
Od zaciatku pesnik:~$ ssh testor user@testor password: ^C pesnik:~$ ssh-keygen pesnik:~$ ssh-copy-id testor Now try logging into the machine, with "ssh 'testor'", and check in: ~/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
Od zaciatku pesnik:~$ ssh testor Warning: the RSA host key for 'testor' differs from the key for the IP address '37.9.170.2' Offending key for IP in /home/tomas.corej/.ssh/known_hosts:57 Matching host key in /home/tomas.corej/.ssh/known_hosts:875 You have mail. Last login: Thu Jul 11 00:12:57 2012 from services testor:~$ ^D pesnik: ~$ ssh-keygen -R 37.9.170.2
Od zaciatku pesnik:~$ ssh testor You have mail. Last login: Thu Jul 11 00:12:57 2012 from pesnik testor:~$
Od zaciatku pesnik:~$ ssh testor You have mail. Last login: Thu Jul 11 00:12:57 2012 from services testor:~$ testor:~$ ~? Supported escape sequences: ~. - terminate connection (and any multiplexed sessions) ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# - list forwarded connections ~& - background ssh (when waiting for connections to terminate) ~? - this message ~~ - send the escape character by typing it twice (Note that escapes are only recognized immediately after newline.)
Pouzitelne v skriptoch pesnik:~$ ssh testor /bin/true && echo ok ok if ssh testor prikaz; then ... fi
Nechce sa mi pouzit scp pesnik:~$ dllllhyyy prikaz | ssh testor "cat > remotefile" pesnik:~$ mysqldump -uroot -p db | ssh testor "gzip - > db.gz" pesnik:~$ mysqldump -uroot -p db |gzip - | ssh testor "cat > db.gz" pesnik:~$ cat zoznam | ssh testor "while read input; do prikaz $input $USER;done"
X11 jednoducho pesnik:~$ ssh -X testor firefox pesnik:~$ ssh -X testor.vpn gnome-terminal pesnik:~$ ssh -X testor.vpn xeyes
Agent forwarding tomas.corej@pesnik:~$ ssh-add -l 2048 f8:c6:6a:f4:ca:ee:0e:57:86:ed:f1:4b:ec:d3:84:ba /home/tomas.corej/.ssh/id_rsa (RSA) tomas.corej@pesnik:~$ ssh -A testor tomas.corej@testor:~$ ssh-add -l 2048 f8:c6:6a:f4:ca:ee:0e:57:86:ed:f1:4b:ec:d3:84:ba /home/tomas.corej/.ssh/id_rsa (RSA) tomas.corej@pesnik:~$ ssh -A testor2 mozne bezpecnostne riziko adresar s unixovym socketom pristupny v /tmp moze viest k chybam hlavne pri spustani cron skriptov
SOCKS proxy a tunelovanie pesnikl:~$ ssh -D 3128 testor -L[bind_address:]port:host:hostport Request local forward -R[bind_address:]port:host:hostport Request remote forward -D[bind_address:]port Request dynamic forward 1.
Host * User root ForwardAgent yes ForwardX11 yes ConnectTimeout=20 PreferredAuthentications=publickey,password,keyboard- interactive StrictHostKeyChecking=no ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h:%p SendEnv BASH_ENV IdentityFile ~/.ssh/id_rsa IdentityFile ~/.ssh/customers_vps Compression yes Host abcd IdentityFile ~/.ssh/abcd.pub Ulozme si to vsetko do $HOME/.ssh/config
level++
ProxyCommand ● moze to byt cokolvek, dolezite je, aby to spracovavalo STDIN a STDOUT ssh -o ProxyCommand="$HOME/.ssh/gateway.sh %h %p" testor ● Nahradzuje %h, %p a %r ● pristup cez prostrednika ssh -o ProxyCommand="ssh user@testor nc %h %p" user@192. 168.1.2 "uname -a" ● parameter -W ● riziko DOS
Multiplexovanie SSH spojeni ● pri castom generovani SSH spojeni a vo velkom mnozstve ● skracuje cas a znizuje overhead (0.2s vs 0.014s) ● config ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h:%p ● ovladanie cez -O check,forward,stop,exit
Multiplexovanie SSH spojeni pesnik:~$ ssh testor You have mail. Last login: Thu Jul 11 00:12:57 2012 from pesnik testor:~$ testor:~$ ~^Z pesnik:~$ cd ~/.ssh/sockets pesnik:~$ ~/.ssh/sockets$ ls user@testor:22 pesnik:~$ ssh -O check user@testor Master running (pid=22797) pesnik:~$ fg testor:~$
Subsystemy ● ina forma spustania remotnych prikazov ● SFTP je subsystem ● moze ist aj o internu funkcionalitu (sftp a chroot) ● server sshd_config Subsystem backup /root/bin/backupcmd ● ssh klient ssh -s backup root@testor
DNS SSHFP ● rozsireny sposob verifikacie odtlackov ● fingerprinty SSHD je mozne ulozit aj do DNS zaznamov ● VerifyHostKeyDNS yes|ask|no
Sukromne kluce ● sukromne kluce sa nachadzaju v $HOME/id_rsa (defaulne) ● Kluce je mozne dodatocne specifikovat no-port-forwarding,no-user-rc,no-X11-forwarding,no-pty, command="/bin/nc $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAB3NzMMAND" ssh-rsa AAAAB3Nza.... ● $SSH_ORIGINAL_COMMAND obsahuje text prikazu ssh root@testor prikaz
OpenSSH-lpk ● OpenSSH-lpk patch ○ sposobuje dotazovanie sa na verejne kluce na LDAP server
factotum ● prispevok zo sveta operacneho systemu Plan9
OpenSSH: Secure Remote Login Tool

Recommandé

Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbookJean-Marie Renouard
 
Pf: the OpenBSD packet filter
Pf: the OpenBSD packet filterPf: the OpenBSD packet filter
Pf: the OpenBSD packet filterGiovanni Bechis
 
Redis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationRedis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationrjsmelo
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Bash Scripting Workshop
Bash Scripting WorkshopBash Scripting Workshop
Bash Scripting WorkshopAhmed Magdy Ezzeldin, MSc.
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!Giovanni Bechis
 
Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Giovanni Bechis
 
Cis 216 – shell scripting
Cis 216 – shell scriptingCis 216 – shell scripting
Cis 216 – shell scriptingDan Morrill
 

Recommandé

Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbookJean-Marie Renouard
 
Pf: the OpenBSD packet filter
Pf: the OpenBSD packet filterPf: the OpenBSD packet filter
Pf: the OpenBSD packet filterGiovanni Bechis
 
Redis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationRedis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationrjsmelo
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Bash Scripting Workshop
Bash Scripting WorkshopBash Scripting Workshop
Bash Scripting WorkshopAhmed Magdy Ezzeldin, MSc.
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!Giovanni Bechis
 
Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Giovanni Bechis
 
Cis 216 – shell scripting
Cis 216 – shell scriptingCis 216 – shell scripting
Cis 216 – shell scriptingDan Morrill
 
Linux tech talk
Linux tech talkLinux tech talk
Linux tech talkPrince Raj
 
Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingDan Morrill
 
Devinsampa nginx-scripting
Devinsampa nginx-scriptingDevinsampa nginx-scripting
Devinsampa nginx-scriptingTony Fabeen
 
Border Patrol - Count, throttle, kick & ban in perl
Border Patrol - Count, throttle, kick & ban in perlBorder Patrol - Count, throttle, kick & ban in perl
Border Patrol - Count, throttle, kick & ban in perlDavid Morel
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Isham Rashik
 
tdc2012
tdc2012tdc2012
tdc2012Juan Lopes
 
Combine vs RxSwift
Combine vs RxSwiftCombine vs RxSwift
Combine vs RxSwiftshark-sea
 
Redis as a message queue
Redis as a message queueRedis as a message queue
Redis as a message queueBrandon Lamb
 
OWASP Proxy
OWASP ProxyOWASP Proxy
OWASP ProxySecurity B-Sides
 
Steam Learn: Composer
Steam Learn: ComposerSteam Learn: Composer
Steam Learn: Composerinovia
 
Nginx-lua
Nginx-luaNginx-lua
Nginx-luaДэв Тим Афс
 
Linux networking
Linux networkingLinux networking
Linux networkingArie Bregman
 
Basic command for linux
Basic command for linuxBasic command for linux
Basic command for linuxgt0ne
 
How to admin
How to adminHow to admin
How to adminyalegko
 
Service intergration
Service intergration Service intergration
Service intergration 재민 장
 
Gitosis on Mac OS X Server
Gitosis on Mac OS X ServerGitosis on Mac OS X Server
Gitosis on Mac OS X ServerYasuhiro Asaka
 
Install git and drush on Godaddy shared hosting
Install git and drush on Godaddy shared hostingInstall git and drush on Godaddy shared hosting
Install git and drush on Godaddy shared hostingC13L0
 
uerj201212
uerj201212uerj201212
uerj201212Juan Lopes
 
Crack.ba
Crack.baCrack.ba
Crack.baYance Iyai
 
clonehd01
clonehd01clonehd01
clonehd01Luiz Francisco Bozo
 
Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2Jean-Marie Renouard
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 

Contenu connexe

Tendances

Linux tech talk
Linux tech talkLinux tech talk
Linux tech talkPrince Raj
 
Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingDan Morrill
 
Devinsampa nginx-scripting
Devinsampa nginx-scriptingDevinsampa nginx-scripting
Devinsampa nginx-scriptingTony Fabeen
 
Border Patrol - Count, throttle, kick & ban in perl
Border Patrol - Count, throttle, kick & ban in perlBorder Patrol - Count, throttle, kick & ban in perl
Border Patrol - Count, throttle, kick & ban in perlDavid Morel
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Isham Rashik
 
Combine vs RxSwift
Combine vs RxSwiftCombine vs RxSwift
Combine vs RxSwiftshark-sea
 
Redis as a message queue
Redis as a message queueRedis as a message queue
Redis as a message queueBrandon Lamb
 
Steam Learn: Composer
Steam Learn: ComposerSteam Learn: Composer
Steam Learn: Composerinovia
 
Basic command for linux
Basic command for linuxBasic command for linux
Basic command for linuxgt0ne
 
How to admin
How to adminHow to admin
How to adminyalegko
 
Service intergration
Service intergration Service intergration
Service intergration 재민 장
 
Gitosis on Mac OS X Server
Gitosis on Mac OS X ServerGitosis on Mac OS X Server
Gitosis on Mac OS X ServerYasuhiro Asaka
 
Install git and drush on Godaddy shared hosting
Install git and drush on Godaddy shared hostingInstall git and drush on Godaddy shared hosting
Install git and drush on Godaddy shared hostingC13L0
 

Tendances (20)

Linux tech talk
Linux tech talkLinux tech talk
Linux tech talk
 
Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scripting
 
Devinsampa nginx-scripting
Devinsampa nginx-scriptingDevinsampa nginx-scripting
Devinsampa nginx-scripting
 
Border Patrol - Count, throttle, kick & ban in perl
Border Patrol - Count, throttle, kick & ban in perlBorder Patrol - Count, throttle, kick & ban in perl
Border Patrol - Count, throttle, kick & ban in perl
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet
 
tdc2012
tdc2012tdc2012
tdc2012
 
Combine vs RxSwift
Combine vs RxSwiftCombine vs RxSwift
Combine vs RxSwift
 
Redis as a message queue
Redis as a message queueRedis as a message queue
Redis as a message queue
 
OWASP Proxy
OWASP ProxyOWASP Proxy
OWASP Proxy
 
Steam Learn: Composer
Steam Learn: ComposerSteam Learn: Composer
Steam Learn: Composer
 
Nginx-lua
Nginx-luaNginx-lua
Nginx-lua
 
Linux networking
Linux networkingLinux networking
Linux networking
 
Basic command for linux
Basic command for linuxBasic command for linux
Basic command for linux
 
How to admin
How to adminHow to admin
How to admin
 
Service intergration
Service intergration Service intergration
Service intergration
 
Gitosis on Mac OS X Server
Gitosis on Mac OS X ServerGitosis on Mac OS X Server
Gitosis on Mac OS X Server
 
Install git and drush on Godaddy shared hosting
Install git and drush on Godaddy shared hostingInstall git and drush on Godaddy shared hosting
Install git and drush on Godaddy shared hosting
 
uerj201212
uerj201212uerj201212
uerj201212
 
Crack.ba
Crack.baCrack.ba
Crack.ba
 
clonehd01
clonehd01clonehd01
clonehd01
 

Similaire à OpenSSH: Secure Remote Login Tool

An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
How to send files to remote server via ssh in php
How to send files to remote server via ssh in phpHow to send files to remote server via ssh in php
How to send files to remote server via ssh in phpAndolasoft Inc
 
One-Liners to Rule Them All
One-Liners to Rule Them AllOne-Liners to Rule Them All
One-Liners to Rule Them Allegypt
 
Importance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesImportance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesAPNIC
 
Importance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesImportance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesMuhammad Moinur Rahman
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Really useful linux commands
Really useful linux commandsReally useful linux commands
Really useful linux commandsMichael J Geiser
 

Similaire à OpenSSH: Secure Remote Login Tool (20)

Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
 
Advanced open ssh
Advanced open sshAdvanced open ssh
Advanced open ssh
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
OpenSSH tricks
OpenSSH tricksOpenSSH tricks
OpenSSH tricks
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
 
Puppet @ Seat
Puppet @ SeatPuppet @ Seat
Puppet @ Seat
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
 
How to send files to remote server via ssh in php
How to send files to remote server via ssh in phpHow to send files to remote server via ssh in php
How to send files to remote server via ssh in php
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
EC2
EC2EC2
EC2
 
One-Liners to Rule Them All
One-Liners to Rule Them AllOne-Liners to Rule Them All
One-Liners to Rule Them All
 
Python build your security tools.pdf
Python build your security tools.pdfPython build your security tools.pdf
Python build your security tools.pdf
 
Cluster setup multinode_aws
Cluster setup multinode_awsCluster setup multinode_aws
Cluster setup multinode_aws
 
Importance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesImportance of SSHFP for Network Devices
Importance of SSHFP for Network Devices
 
Importance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesImportance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devices
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Really useful linux commands
Really useful linux commandsReally useful linux commands
Really useful linux commands
 
Sshstuff
SshstuffSshstuff
Sshstuff
 

Plus de webelement

WebElement #22: Peter Slivka - Úvod do AWS
WebElement #22: Peter Slivka - Úvod do AWSWebElement #22: Peter Slivka - Úvod do AWS
WebElement #22: Peter Slivka - Úvod do AWSwebelement
 
WebElement #20: Ondrej Svitek - Hacking Life With Git
WebElement #20: Ondrej Svitek - Hacking Life With GitWebElement #20: Ondrej Svitek - Hacking Life With Git
WebElement #20: Ondrej Svitek - Hacking Life With Gitwebelement
 
Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...
Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...
Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...webelement
 
Lukáš Šabľa - Vim
Lukáš Šabľa - VimLukáš Šabľa - Vim
Lukáš Šabľa - Vimwebelement
 
Martin Strýček - Ako začať s MongoDB
Martin Strýček - Ako začať s MongoDBMartin Strýček - Ako začať s MongoDB
Martin Strýček - Ako začať s MongoDBwebelement
 
Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?
Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?
Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?webelement
 

Plus de webelement (6)

WebElement #22: Peter Slivka - Úvod do AWS
WebElement #22: Peter Slivka - Úvod do AWSWebElement #22: Peter Slivka - Úvod do AWS
WebElement #22: Peter Slivka - Úvod do AWS
 
WebElement #20: Ondrej Svitek - Hacking Life With Git
WebElement #20: Ondrej Svitek - Hacking Life With GitWebElement #20: Ondrej Svitek - Hacking Life With Git
WebElement #20: Ondrej Svitek - Hacking Life With Git
 
Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...
Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...
Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...
 
Lukáš Šabľa - Vim
Lukáš Šabľa - VimLukáš Šabľa - Vim
Lukáš Šabľa - Vim
 
Martin Strýček - Ako začať s MongoDB
Martin Strýček - Ako začať s MongoDBMartin Strýček - Ako začať s MongoDB
Martin Strýček - Ako začať s MongoDB
 
Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?
Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?
Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?
 

Dernier

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 

OpenSSH: Secure Remote Login Tool

  • 2. OpenSSH ● nastroj pre bezpecne, vzdialene prihlasovanie ● prepisana verzia originalneho SSH nastroja ● priklad flexibilneho nastroja pouzitelneho na ovela viac nez len vzdialene prihlasovanie ● nahrada za telnet, ftp, rlogin ●
  • 3. Od zaciatku pesnik:~$ ssh testor alebo pesnik:~$ ln -s /usr/bin/ssh-argv0 $HOME/bin/testor pesnik:~$ testor
  • 4. Od zaciatku pesnik:~$ ssh testor user@testor password: ^C pesnik:~$ ssh-keygen pesnik:~$ ssh-copy-id testor Now try logging into the machine, with "ssh 'testor'", and check in: ~/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
  • 5. Od zaciatku pesnik:~$ ssh testor Warning: the RSA host key for 'testor' differs from the key for the IP address '37.9.170.2' Offending key for IP in /home/tomas.corej/.ssh/known_hosts:57 Matching host key in /home/tomas.corej/.ssh/known_hosts:875 You have mail. Last login: Thu Jul 11 00:12:57 2012 from services testor:~$ ^D pesnik: ~$ ssh-keygen -R 37.9.170.2
  • 6. Od zaciatku pesnik:~$ ssh testor You have mail. Last login: Thu Jul 11 00:12:57 2012 from pesnik testor:~$
  • 7. Od zaciatku pesnik:~$ ssh testor You have mail. Last login: Thu Jul 11 00:12:57 2012 from services testor:~$ testor:~$ ~? Supported escape sequences: ~. - terminate connection (and any multiplexed sessions) ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# - list forwarded connections ~& - background ssh (when waiting for connections to terminate) ~? - this message ~~ - send the escape character by typing it twice (Note that escapes are only recognized immediately after newline.)
  • 8. Pouzitelne v skriptoch pesnik:~$ ssh testor /bin/true && echo ok ok if ssh testor prikaz; then ... fi
  • 9. Nechce sa mi pouzit scp pesnik:~$ dllllhyyy prikaz | ssh testor "cat > remotefile" pesnik:~$ mysqldump -uroot -p db | ssh testor "gzip - > db.gz" pesnik:~$ mysqldump -uroot -p db |gzip - | ssh testor "cat > db.gz" pesnik:~$ cat zoznam | ssh testor "while read input; do prikaz $input $USER;done"
  • 10. X11 jednoducho pesnik:~$ ssh -X testor firefox pesnik:~$ ssh -X testor.vpn gnome-terminal pesnik:~$ ssh -X testor.vpn xeyes
  • 11. Agent forwarding tomas.corej@pesnik:~$ ssh-add -l 2048 f8:c6:6a:f4:ca:ee:0e:57:86:ed:f1:4b:ec:d3:84:ba /home/tomas.corej/.ssh/id_rsa (RSA) tomas.corej@pesnik:~$ ssh -A testor tomas.corej@testor:~$ ssh-add -l 2048 f8:c6:6a:f4:ca:ee:0e:57:86:ed:f1:4b:ec:d3:84:ba /home/tomas.corej/.ssh/id_rsa (RSA) tomas.corej@pesnik:~$ ssh -A testor2 mozne bezpecnostne riziko adresar s unixovym socketom pristupny v /tmp moze viest k chybam hlavne pri spustani cron skriptov
  • 12. SOCKS proxy a tunelovanie pesnikl:~$ ssh -D 3128 testor -L[bind_address:]port:host:hostport Request local forward -R[bind_address:]port:host:hostport Request remote forward -D[bind_address:]port Request dynamic forward 1.
  • 13. Host * User root ForwardAgent yes ForwardX11 yes ConnectTimeout=20 PreferredAuthentications=publickey,password,keyboard- interactive StrictHostKeyChecking=no ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h:%p SendEnv BASH_ENV IdentityFile ~/.ssh/id_rsa IdentityFile ~/.ssh/customers_vps Compression yes Host abcd IdentityFile ~/.ssh/abcd.pub Ulozme si to vsetko do $HOME/.ssh/config
  • 15. ProxyCommand ● moze to byt cokolvek, dolezite je, aby to spracovavalo STDIN a STDOUT ssh -o ProxyCommand="$HOME/.ssh/gateway.sh %h %p" testor ● Nahradzuje %h, %p a %r ● pristup cez prostrednika ssh -o ProxyCommand="ssh user@testor nc %h %p" user@192. 168.1.2 "uname -a" ● parameter -W ● riziko DOS
  • 16. Multiplexovanie SSH spojeni ● pri castom generovani SSH spojeni a vo velkom mnozstve ● skracuje cas a znizuje overhead (0.2s vs 0.014s) ● config ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h:%p ● ovladanie cez -O check,forward,stop,exit
  • 17. Multiplexovanie SSH spojeni pesnik:~$ ssh testor You have mail. Last login: Thu Jul 11 00:12:57 2012 from pesnik testor:~$ testor:~$ ~^Z pesnik:~$ cd ~/.ssh/sockets pesnik:~$ ~/.ssh/sockets$ ls user@testor:22 pesnik:~$ ssh -O check user@testor Master running (pid=22797) pesnik:~$ fg testor:~$
  • 18. Subsystemy ● ina forma spustania remotnych prikazov ● SFTP je subsystem ● moze ist aj o internu funkcionalitu (sftp a chroot) ● server sshd_config Subsystem backup /root/bin/backupcmd ● ssh klient ssh -s backup root@testor
  • 19. DNS SSHFP ● rozsireny sposob verifikacie odtlackov ● fingerprinty SSHD je mozne ulozit aj do DNS zaznamov ● VerifyHostKeyDNS yes|ask|no
  • 20. Sukromne kluce ● sukromne kluce sa nachadzaju v $HOME/id_rsa (defaulne) ● Kluce je mozne dodatocne specifikovat no-port-forwarding,no-user-rc,no-X11-forwarding,no-pty, command="/bin/nc $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAB3NzMMAND" ssh-rsa AAAAB3Nza.... ● $SSH_ORIGINAL_COMMAND obsahuje text prikazu ssh root@testor prikaz
  • 21. OpenSSH-lpk ● OpenSSH-lpk patch ○ sposobuje dotazovanie sa na verejne kluce na LDAP server
  • 22.
  • 23. factotum ● prispevok zo sveta operacneho systemu Plan9