SlideShare une entreprise Scribd logo

OpenSSH: Secure Remote Login Tool

W
webelement

OpenSSH is a free software suite that implements secure, remote login and file transfer capabilities using the SSH protocol. It provides a secure replacement for older protocols like telnet, FTP, and rlogin. OpenSSH allows for remote login, file transfer, port forwarding, X11 forwarding, and more. It offers strong security features like public-key authentication and encrypted connections.

Technologie
1  sur  24
Télécharger pour lire hors ligne
OpenSSH tomas.corej@websupport.sk @tomas_corej
OpenSSH ● nastroj pre bezpecne, vzdialene prihlasovanie ● prepisana verzia originalneho SSH nastroja ● priklad flexibilneho nastroja pouzitelneho na ovela viac nez len vzdialene prihlasovanie ● nahrada za telnet, ftp, rlogin ●
Od zaciatku pesnik:~$ ssh testor alebo pesnik:~$ ln -s /usr/bin/ssh-argv0 $HOME/bin/testor pesnik:~$ testor
Od zaciatku pesnik:~$ ssh testor user@testor password: ^C pesnik:~$ ssh-keygen pesnik:~$ ssh-copy-id testor Now try logging into the machine, with "ssh 'testor'", and check in: ~/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
Od zaciatku pesnik:~$ ssh testor Warning: the RSA host key for 'testor' differs from the key for the IP address '37.9.170.2' Offending key for IP in /home/tomas.corej/.ssh/known_hosts:57 Matching host key in /home/tomas.corej/.ssh/known_hosts:875 You have mail. Last login: Thu Jul 11 00:12:57 2012 from services testor:~$ ^D pesnik: ~$ ssh-keygen -R 37.9.170.2
Od zaciatku pesnik:~$ ssh testor You have mail. Last login: Thu Jul 11 00:12:57 2012 from pesnik testor:~$
Od zaciatku pesnik:~$ ssh testor You have mail. Last login: Thu Jul 11 00:12:57 2012 from services testor:~$ testor:~$ ~? Supported escape sequences: ~. - terminate connection (and any multiplexed sessions) ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# - list forwarded connections ~& - background ssh (when waiting for connections to terminate) ~? - this message ~~ - send the escape character by typing it twice (Note that escapes are only recognized immediately after newline.)
Pouzitelne v skriptoch pesnik:~$ ssh testor /bin/true && echo ok ok if ssh testor prikaz; then ... fi
Nechce sa mi pouzit scp pesnik:~$ dllllhyyy prikaz | ssh testor "cat > remotefile" pesnik:~$ mysqldump -uroot -p db | ssh testor "gzip - > db.gz" pesnik:~$ mysqldump -uroot -p db |gzip - | ssh testor "cat > db.gz" pesnik:~$ cat zoznam | ssh testor "while read input; do prikaz $input $USER;done"
X11 jednoducho pesnik:~$ ssh -X testor firefox pesnik:~$ ssh -X testor.vpn gnome-terminal pesnik:~$ ssh -X testor.vpn xeyes
Agent forwarding tomas.corej@pesnik:~$ ssh-add -l 2048 f8:c6:6a:f4:ca:ee:0e:57:86:ed:f1:4b:ec:d3:84:ba /home/tomas.corej/.ssh/id_rsa (RSA) tomas.corej@pesnik:~$ ssh -A testor tomas.corej@testor:~$ ssh-add -l 2048 f8:c6:6a:f4:ca:ee:0e:57:86:ed:f1:4b:ec:d3:84:ba /home/tomas.corej/.ssh/id_rsa (RSA) tomas.corej@pesnik:~$ ssh -A testor2 mozne bezpecnostne riziko adresar s unixovym socketom pristupny v /tmp moze viest k chybam hlavne pri spustani cron skriptov
SOCKS proxy a tunelovanie pesnikl:~$ ssh -D 3128 testor -L[bind_address:]port:host:hostport Request local forward -R[bind_address:]port:host:hostport Request remote forward -D[bind_address:]port Request dynamic forward 1.
Host * User root ForwardAgent yes ForwardX11 yes ConnectTimeout=20 PreferredAuthentications=publickey,password,keyboard- interactive StrictHostKeyChecking=no ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h:%p SendEnv BASH_ENV IdentityFile ~/.ssh/id_rsa IdentityFile ~/.ssh/customers_vps Compression yes Host abcd IdentityFile ~/.ssh/abcd.pub Ulozme si to vsetko do $HOME/.ssh/config
level++
ProxyCommand ● moze to byt cokolvek, dolezite je, aby to spracovavalo STDIN a STDOUT ssh -o ProxyCommand="$HOME/.ssh/gateway.sh %h %p" testor ● Nahradzuje %h, %p a %r ● pristup cez prostrednika ssh -o ProxyCommand="ssh user@testor nc %h %p" user@192. 168.1.2 "uname -a" ● parameter -W ● riziko DOS
Multiplexovanie SSH spojeni ● pri castom generovani SSH spojeni a vo velkom mnozstve ● skracuje cas a znizuje overhead (0.2s vs 0.014s) ● config ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h:%p ● ovladanie cez -O check,forward,stop,exit
Multiplexovanie SSH spojeni pesnik:~$ ssh testor You have mail. Last login: Thu Jul 11 00:12:57 2012 from pesnik testor:~$ testor:~$ ~^Z pesnik:~$ cd ~/.ssh/sockets pesnik:~$ ~/.ssh/sockets$ ls user@testor:22 pesnik:~$ ssh -O check user@testor Master running (pid=22797) pesnik:~$ fg testor:~$
Subsystemy ● ina forma spustania remotnych prikazov ● SFTP je subsystem ● moze ist aj o internu funkcionalitu (sftp a chroot) ● server sshd_config Subsystem backup /root/bin/backupcmd ● ssh klient ssh -s backup root@testor
DNS SSHFP ● rozsireny sposob verifikacie odtlackov ● fingerprinty SSHD je mozne ulozit aj do DNS zaznamov ● VerifyHostKeyDNS yes|ask|no
Sukromne kluce ● sukromne kluce sa nachadzaju v $HOME/id_rsa (defaulne) ● Kluce je mozne dodatocne specifikovat no-port-forwarding,no-user-rc,no-X11-forwarding,no-pty, command="/bin/nc $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAB3NzMMAND" ssh-rsa AAAAB3Nza.... ● $SSH_ORIGINAL_COMMAND obsahuje text prikazu ssh root@testor prikaz
OpenSSH-lpk ● OpenSSH-lpk patch ○ sposobuje dotazovanie sa na verejne kluce na LDAP server
factotum ● prispevok zo sveta operacneho systemu Plan9
OpenSSH: Secure Remote Login Tool

Recommandé

Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbookJean-Marie Renouard
 
Pf: the OpenBSD packet filter
Pf: the OpenBSD packet filterPf: the OpenBSD packet filter
Pf: the OpenBSD packet filterGiovanni Bechis
 
Redis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationRedis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationrjsmelo
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Bash Scripting Workshop
Bash Scripting WorkshopBash Scripting Workshop
Bash Scripting WorkshopAhmed Magdy Ezzeldin, MSc.
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!Giovanni Bechis
 
Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Giovanni Bechis
 
Cis 216 – shell scripting
Cis 216 – shell scriptingCis 216 – shell scripting
Cis 216 – shell scriptingDan Morrill
 

Recommandé

Ssh cookbook
Ssh cookbookSsh cookbook
Ssh cookbookJean-Marie Renouard
 
Pf: the OpenBSD packet filter
Pf: the OpenBSD packet filterPf: the OpenBSD packet filter
Pf: the OpenBSD packet filterGiovanni Bechis
 
Redis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationRedis & ZeroMQ: How to scale your application
Redis & ZeroMQ: How to scale your applicationrjsmelo
 
OpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeOpenSSH: keep your secrets safe
OpenSSH: keep your secrets safeGiovanni Bechis
 
Bash Scripting Workshop
Bash Scripting WorkshopBash Scripting Workshop
Bash Scripting WorkshopAhmed Magdy Ezzeldin, MSc.
 
OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!OpenSMTPD: we deliver !!
OpenSMTPD: we deliver !!Giovanni Bechis
 
Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Giovanni Bechis
 
Cis 216 – shell scripting
Cis 216 – shell scriptingCis 216 – shell scripting
Cis 216 – shell scriptingDan Morrill
 
Linux tech talk
Linux tech talkLinux tech talk
Linux tech talkPrince Raj
 
Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingDan Morrill
 
Devinsampa nginx-scripting
Devinsampa nginx-scriptingDevinsampa nginx-scripting
Devinsampa nginx-scriptingTony Fabeen
 
Border Patrol - Count, throttle, kick & ban in perl
Border Patrol - Count, throttle, kick & ban in perlBorder Patrol - Count, throttle, kick & ban in perl
Border Patrol - Count, throttle, kick & ban in perlDavid Morel
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Isham Rashik
 
tdc2012
tdc2012tdc2012
tdc2012Juan Lopes
 
Combine vs RxSwift
Combine vs RxSwiftCombine vs RxSwift
Combine vs RxSwiftshark-sea
 
Redis as a message queue
Redis as a message queueRedis as a message queue
Redis as a message queueBrandon Lamb
 
OWASP Proxy
OWASP ProxyOWASP Proxy
OWASP ProxySecurity B-Sides
 
Steam Learn: Composer
Steam Learn: ComposerSteam Learn: Composer
Steam Learn: Composerinovia
 
Nginx-lua
Nginx-luaNginx-lua
Nginx-luaДэв Тим Афс
 
Linux networking
Linux networkingLinux networking
Linux networkingArie Bregman
 
Basic command for linux
Basic command for linuxBasic command for linux
Basic command for linuxgt0ne
 
How to admin
How to adminHow to admin
How to adminyalegko
 
Service intergration
Service intergration Service intergration
Service intergration 재민 장
 
Gitosis on Mac OS X Server
Gitosis on Mac OS X ServerGitosis on Mac OS X Server
Gitosis on Mac OS X ServerYasuhiro Asaka
 
Install git and drush on Godaddy shared hosting
Install git and drush on Godaddy shared hostingInstall git and drush on Godaddy shared hosting
Install git and drush on Godaddy shared hostingC13L0
 
uerj201212
uerj201212uerj201212
uerj201212Juan Lopes
 
Crack.ba
Crack.baCrack.ba
Crack.baYance Iyai
 
clonehd01
clonehd01clonehd01
clonehd01Luiz Francisco Bozo
 
Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2Jean-Marie Renouard
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 

Contenu connexe

Tendances

Linux tech talk
Linux tech talkLinux tech talk
Linux tech talkPrince Raj
 
Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingDan Morrill
 
Devinsampa nginx-scripting
Devinsampa nginx-scriptingDevinsampa nginx-scripting
Devinsampa nginx-scriptingTony Fabeen
 
Border Patrol - Count, throttle, kick & ban in perl
Border Patrol - Count, throttle, kick & ban in perlBorder Patrol - Count, throttle, kick & ban in perl
Border Patrol - Count, throttle, kick & ban in perlDavid Morel
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Isham Rashik
 
Combine vs RxSwift
Combine vs RxSwiftCombine vs RxSwift
Combine vs RxSwiftshark-sea
 
Redis as a message queue
Redis as a message queueRedis as a message queue
Redis as a message queueBrandon Lamb
 
Steam Learn: Composer
Steam Learn: ComposerSteam Learn: Composer
Steam Learn: Composerinovia
 
Basic command for linux
Basic command for linuxBasic command for linux
Basic command for linuxgt0ne
 
How to admin
How to adminHow to admin
How to adminyalegko
 
Service intergration
Service intergration Service intergration
Service intergration 재민 장
 
Gitosis on Mac OS X Server
Gitosis on Mac OS X ServerGitosis on Mac OS X Server
Gitosis on Mac OS X ServerYasuhiro Asaka
 
Install git and drush on Godaddy shared hosting
Install git and drush on Godaddy shared hostingInstall git and drush on Godaddy shared hosting
Install git and drush on Godaddy shared hostingC13L0
 

Tendances (20)

Linux tech talk
Linux tech talkLinux tech talk
Linux tech talk
 
Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scripting
 
Devinsampa nginx-scripting
Devinsampa nginx-scriptingDevinsampa nginx-scripting
Devinsampa nginx-scripting
 
Border Patrol - Count, throttle, kick & ban in perl
Border Patrol - Count, throttle, kick & ban in perlBorder Patrol - Count, throttle, kick & ban in perl
Border Patrol - Count, throttle, kick & ban in perl
 
Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet Linux Commands - Cheat Sheet
Linux Commands - Cheat Sheet
 
tdc2012
tdc2012tdc2012
tdc2012
 
Combine vs RxSwift
Combine vs RxSwiftCombine vs RxSwift
Combine vs RxSwift
 
Redis as a message queue
Redis as a message queueRedis as a message queue
Redis as a message queue
 
OWASP Proxy
OWASP ProxyOWASP Proxy
OWASP Proxy
 
Steam Learn: Composer
Steam Learn: ComposerSteam Learn: Composer
Steam Learn: Composer
 
Nginx-lua
Nginx-luaNginx-lua
Nginx-lua
 
Linux networking
Linux networkingLinux networking
Linux networking
 
Basic command for linux
Basic command for linuxBasic command for linux
Basic command for linux
 
How to admin
How to adminHow to admin
How to admin
 
Service intergration
Service intergration Service intergration
Service intergration
 
Gitosis on Mac OS X Server
Gitosis on Mac OS X ServerGitosis on Mac OS X Server
Gitosis on Mac OS X Server
 
Install git and drush on Godaddy shared hosting
Install git and drush on Godaddy shared hostingInstall git and drush on Godaddy shared hosting
Install git and drush on Godaddy shared hosting
 
uerj201212
uerj201212uerj201212
uerj201212
 
Crack.ba
Crack.baCrack.ba
Crack.ba
 
clonehd01
clonehd01clonehd01
clonehd01
 

Similaire à OpenSSH: Secure Remote Login Tool

An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSHnussbauml
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoTiago Cruz
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios
 
How to send files to remote server via ssh in php
How to send files to remote server via ssh in phpHow to send files to remote server via ssh in php
How to send files to remote server via ssh in phpAndolasoft Inc
 
One-Liners to Rule Them All
One-Liners to Rule Them AllOne-Liners to Rule Them All
One-Liners to Rule Them Allegypt
 
Importance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesImportance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesAPNIC
 
Importance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesImportance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesMuhammad Moinur Rahman
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
Really useful linux commands
Really useful linux commandsReally useful linux commands
Really useful linux commandsMichael J Geiser
 

Similaire à OpenSSH: Secure Remote Login Tool (20)

Ssh cookbook v2
Ssh cookbook v2Ssh cookbook v2
Ssh cookbook v2
 
An introduction to SSH
An introduction to SSHAn introduction to SSH
An introduction to SSH
 
Advanced open ssh
Advanced open sshAdvanced open ssh
Advanced open ssh
 
Intro to SSH
Intro to SSHIntro to SSH
Intro to SSH
 
OpenSSH tricks
OpenSSH tricksOpenSSH tricks
OpenSSH tricks
 
SSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso RemotoSSH: Seguranca no Acesso Remoto
SSH: Seguranca no Acesso Remoto
 
Puppet @ Seat
Puppet @ SeatPuppet @ Seat
Puppet @ Seat
 
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform EnviornmentNagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
Nagios Conference 2013 - Leland Lammert - Nagios in a Multi-Platform Enviornment
 
How to send files to remote server via ssh in php
How to send files to remote server via ssh in phpHow to send files to remote server via ssh in php
How to send files to remote server via ssh in php
 
tutorial-ssh.pdf
tutorial-ssh.pdftutorial-ssh.pdf
tutorial-ssh.pdf
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
EC2
EC2EC2
EC2
 
One-Liners to Rule Them All
One-Liners to Rule Them AllOne-Liners to Rule Them All
One-Liners to Rule Them All
 
Python build your security tools.pdf
Python build your security tools.pdfPython build your security tools.pdf
Python build your security tools.pdf
 
Cluster setup multinode_aws
Cluster setup multinode_awsCluster setup multinode_aws
Cluster setup multinode_aws
 
Importance of SSHFP for Network Devices
Importance of SSHFP for Network DevicesImportance of SSHFP for Network Devices
Importance of SSHFP for Network Devices
 
Importance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devicesImportance of sshfp and configuring sshfp for network devices
Importance of sshfp and configuring sshfp for network devices
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
Really useful linux commands
Really useful linux commandsReally useful linux commands
Really useful linux commands
 
Sshstuff
SshstuffSshstuff
Sshstuff
 

Plus de webelement

WebElement #22: Peter Slivka - Úvod do AWS
WebElement #22: Peter Slivka - Úvod do AWSWebElement #22: Peter Slivka - Úvod do AWS
WebElement #22: Peter Slivka - Úvod do AWSwebelement
 
WebElement #20: Ondrej Svitek - Hacking Life With Git
WebElement #20: Ondrej Svitek - Hacking Life With GitWebElement #20: Ondrej Svitek - Hacking Life With Git
WebElement #20: Ondrej Svitek - Hacking Life With Gitwebelement
 
Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...
Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...
Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...webelement
 
Lukáš Šabľa - Vim
Lukáš Šabľa - VimLukáš Šabľa - Vim
Lukáš Šabľa - Vimwebelement
 
Martin Strýček - Ako začať s MongoDB
Martin Strýček - Ako začať s MongoDBMartin Strýček - Ako začať s MongoDB
Martin Strýček - Ako začať s MongoDBwebelement
 
Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?
Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?
Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?webelement
 

Plus de webelement (6)

WebElement #22: Peter Slivka - Úvod do AWS
WebElement #22: Peter Slivka - Úvod do AWSWebElement #22: Peter Slivka - Úvod do AWS
WebElement #22: Peter Slivka - Úvod do AWS
 
WebElement #20: Ondrej Svitek - Hacking Life With Git
WebElement #20: Ondrej Svitek - Hacking Life With GitWebElement #20: Ondrej Svitek - Hacking Life With Git
WebElement #20: Ondrej Svitek - Hacking Life With Git
 
Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...
Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...
Ján Kmeťko - NoSQL a distribuované databázy – pohľad zhora na konzistentnosť ...
 
Lukáš Šabľa - Vim
Lukáš Šabľa - VimLukáš Šabľa - Vim
Lukáš Šabľa - Vim
 
Martin Strýček - Ako začať s MongoDB
Martin Strýček - Ako začať s MongoDBMartin Strýček - Ako začať s MongoDB
Martin Strýček - Ako začať s MongoDB
 
Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?
Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?
Marek Lichtner - Používať alebo nepoužívať ORM vo webových aplikáciách?
 

Dernier

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Dernier (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

OpenSSH: Secure Remote Login Tool

  • 2. OpenSSH ● nastroj pre bezpecne, vzdialene prihlasovanie ● prepisana verzia originalneho SSH nastroja ● priklad flexibilneho nastroja pouzitelneho na ovela viac nez len vzdialene prihlasovanie ● nahrada za telnet, ftp, rlogin ●
  • 3. Od zaciatku pesnik:~$ ssh testor alebo pesnik:~$ ln -s /usr/bin/ssh-argv0 $HOME/bin/testor pesnik:~$ testor
  • 4. Od zaciatku pesnik:~$ ssh testor user@testor password: ^C pesnik:~$ ssh-keygen pesnik:~$ ssh-copy-id testor Now try logging into the machine, with "ssh 'testor'", and check in: ~/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
  • 5. Od zaciatku pesnik:~$ ssh testor Warning: the RSA host key for 'testor' differs from the key for the IP address '37.9.170.2' Offending key for IP in /home/tomas.corej/.ssh/known_hosts:57 Matching host key in /home/tomas.corej/.ssh/known_hosts:875 You have mail. Last login: Thu Jul 11 00:12:57 2012 from services testor:~$ ^D pesnik: ~$ ssh-keygen -R 37.9.170.2
  • 6. Od zaciatku pesnik:~$ ssh testor You have mail. Last login: Thu Jul 11 00:12:57 2012 from pesnik testor:~$
  • 7. Od zaciatku pesnik:~$ ssh testor You have mail. Last login: Thu Jul 11 00:12:57 2012 from services testor:~$ testor:~$ ~? Supported escape sequences: ~. - terminate connection (and any multiplexed sessions) ~B - send a BREAK to the remote system ~C - open a command line ~R - Request rekey (SSH protocol 2 only) ~^Z - suspend ssh ~# - list forwarded connections ~& - background ssh (when waiting for connections to terminate) ~? - this message ~~ - send the escape character by typing it twice (Note that escapes are only recognized immediately after newline.)
  • 8. Pouzitelne v skriptoch pesnik:~$ ssh testor /bin/true && echo ok ok if ssh testor prikaz; then ... fi
  • 9. Nechce sa mi pouzit scp pesnik:~$ dllllhyyy prikaz | ssh testor "cat > remotefile" pesnik:~$ mysqldump -uroot -p db | ssh testor "gzip - > db.gz" pesnik:~$ mysqldump -uroot -p db |gzip - | ssh testor "cat > db.gz" pesnik:~$ cat zoznam | ssh testor "while read input; do prikaz $input $USER;done"
  • 10. X11 jednoducho pesnik:~$ ssh -X testor firefox pesnik:~$ ssh -X testor.vpn gnome-terminal pesnik:~$ ssh -X testor.vpn xeyes
  • 11. Agent forwarding tomas.corej@pesnik:~$ ssh-add -l 2048 f8:c6:6a:f4:ca:ee:0e:57:86:ed:f1:4b:ec:d3:84:ba /home/tomas.corej/.ssh/id_rsa (RSA) tomas.corej@pesnik:~$ ssh -A testor tomas.corej@testor:~$ ssh-add -l 2048 f8:c6:6a:f4:ca:ee:0e:57:86:ed:f1:4b:ec:d3:84:ba /home/tomas.corej/.ssh/id_rsa (RSA) tomas.corej@pesnik:~$ ssh -A testor2 mozne bezpecnostne riziko adresar s unixovym socketom pristupny v /tmp moze viest k chybam hlavne pri spustani cron skriptov
  • 12. SOCKS proxy a tunelovanie pesnikl:~$ ssh -D 3128 testor -L[bind_address:]port:host:hostport Request local forward -R[bind_address:]port:host:hostport Request remote forward -D[bind_address:]port Request dynamic forward 1.
  • 13. Host * User root ForwardAgent yes ForwardX11 yes ConnectTimeout=20 PreferredAuthentications=publickey,password,keyboard- interactive StrictHostKeyChecking=no ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h:%p SendEnv BASH_ENV IdentityFile ~/.ssh/id_rsa IdentityFile ~/.ssh/customers_vps Compression yes Host abcd IdentityFile ~/.ssh/abcd.pub Ulozme si to vsetko do $HOME/.ssh/config
  • 15. ProxyCommand ● moze to byt cokolvek, dolezite je, aby to spracovavalo STDIN a STDOUT ssh -o ProxyCommand="$HOME/.ssh/gateway.sh %h %p" testor ● Nahradzuje %h, %p a %r ● pristup cez prostrednika ssh -o ProxyCommand="ssh user@testor nc %h %p" user@192. 168.1.2 "uname -a" ● parameter -W ● riziko DOS
  • 16. Multiplexovanie SSH spojeni ● pri castom generovani SSH spojeni a vo velkom mnozstve ● skracuje cas a znizuje overhead (0.2s vs 0.014s) ● config ControlMaster auto ControlPath ~/.ssh/sockets/%r@%h:%p ● ovladanie cez -O check,forward,stop,exit
  • 17. Multiplexovanie SSH spojeni pesnik:~$ ssh testor You have mail. Last login: Thu Jul 11 00:12:57 2012 from pesnik testor:~$ testor:~$ ~^Z pesnik:~$ cd ~/.ssh/sockets pesnik:~$ ~/.ssh/sockets$ ls user@testor:22 pesnik:~$ ssh -O check user@testor Master running (pid=22797) pesnik:~$ fg testor:~$
  • 18. Subsystemy ● ina forma spustania remotnych prikazov ● SFTP je subsystem ● moze ist aj o internu funkcionalitu (sftp a chroot) ● server sshd_config Subsystem backup /root/bin/backupcmd ● ssh klient ssh -s backup root@testor
  • 19. DNS SSHFP ● rozsireny sposob verifikacie odtlackov ● fingerprinty SSHD je mozne ulozit aj do DNS zaznamov ● VerifyHostKeyDNS yes|ask|no
  • 20. Sukromne kluce ● sukromne kluce sa nachadzaju v $HOME/id_rsa (defaulne) ● Kluce je mozne dodatocne specifikovat no-port-forwarding,no-user-rc,no-X11-forwarding,no-pty, command="/bin/nc $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAB3NzMMAND" ssh-rsa AAAAB3Nza.... ● $SSH_ORIGINAL_COMMAND obsahuje text prikazu ssh root@testor prikaz
  • 21. OpenSSH-lpk ● OpenSSH-lpk patch ○ sposobuje dotazovanie sa na verejne kluce na LDAP server
  • 22.
  • 23. factotum ● prispevok zo sveta operacneho systemu Plan9