Remote Connectivity
Chia sẻ bởi Nguyễn Việt Vương |
Ngày 29/04/2019 |
79
Chia sẻ tài liệu: Remote Connectivity thuộc Bài giảng khác
Nội dung tài liệu:
Remote Connectivity
Objectives
Explain :
telnet
rsh
ssh
Configure FTP
Telnet
Telnet is used to communicate to a host through telnet protocol on default port 23
It operates on client/server basic. The client requires an account on the server to login
Most telnet servers will not allow you login as root because of security. You can login as normal user and su to root
Telnet
telnet is insecure protocol : username and password send from client to server across network in clear text
why people still use it ? - telnet can be used for debugging text based protocol : HTTP, SMTP and POP
Relevant File - ~/.telnetrc
When users has .telnetrc file in their home directories, telnet will execute the commands listed in this file.
# this is a comment
saigonctt send ayt
DEFAULT environ export USER
Telnet Commands
Command Format :
telnet [IP address|host name] [port]
If telnet is executed without options, it will be started in command mode with prompt “telnet>”
You can change to command mode by “Ctrl-]” after connected.
Telnet Commands
?, h, help Lists commands with description
? More information of command (arg)
open Open connection to the IP address or host name
close = quit Terminates connection from client
logout Requests server to terminate the connection
send Send a special character sequence to the server
status A brief status report of telnet
…
( See #man telnet for more commands )
The r Commands
There are 3 programs :
rlogin Remote login
rsh Remote shell executes command
rcp Remote copy
Password NOT required if following files are configured:
/etc/hosts.equiv (system-wide)
$HOME/.rhosts (per-user)
( Entry : [+|-] [hostname] [username] )
The r Commands
rlogin : similar to telnet
rlogin [-l username]
rsh : executes cmd on remote host
rsh [-l username]
Shell meta-characters can be used in To have rsh interpret the meta-characters on remote machine, put `quotation mark around them. If not quotes,meta-characters are interpreted on local machine :
# rsh –l minh saigonctt “cat ~/file” > local_file
# rsh –l minh saigonctt “cat ~/file” “>” remote_file
The r Commands
rcp : copy files between machines
rcp @:
rcp@:
Example :
rcp /home/file minh@saigonctt:/backup
rcp minh@saigonctt:/backup/file /home
rcp -r /etc minh@saigonctt:/backup/etc
rcp –p /etc minh@saigonctt:/backup/etc
Security of r Commands
centers around the idea of trusted users and hosts , NOT password authentication.
Trusted hosts are also known as equivalent hosts
If NO hosts.equiv is present, NO hosts are trusted
The .rhosts file is used to control access to an individual user account
It grant/denies password-free access to an individual user account by means of .rhosts
hosts.equiv does NOT work with root account but .rhosts does
SSH – Secure Shell
SSH originally authored by Tatu Ylonen in Finland, replacement for telnet, rlogin, rsh, rcp
Everything SSH send across network is encrypted. SSH has become de-factor standard for remote connection
SSH can hanlde X connection
SSH Features
Strong authentication with RSA, SecurID, S/Key, Kerberos and TIS
Secure X11 sessions
Arbitrary TCP/IP ports can be redirect through the encrypted channel in both directions
For forwarding, ssh captures on port 6010
Optional compression of all data with gzip
Complete replacement for rlogin, rsh, rcp
Component of SSH1
sshd Server
ssh Client
scp Sercure copy files, replaces rcp
ssh-keygen Creates RSA keys (host key and authentication keys)
ssh-agent Authetication agent, used to hold RSA keys for authentication
ssh-add Used to register new key with the agent
make-ssh-known-hosts Used to create /etc/ssh/ssh_known_hosts file
Component of SSH2
sshd2 Server
ssh2 Client
sftp-server2 SFTP Server (executed by sshd2)
sftp2 SFTP Client (need ssh2)
scp2 Sercure copy files, replaces rcp
Component of SSH2
ssh-keygen2 The utility for generating keys
ssh-agent2 Authetication agent, used to hold RSA keys for authentication
ssh-add2 Add identifier to the authentication agent
ssh-askpass2 X11 utility for querying password
SSH2 Changes
SSH has been 98% rewritten
Supports other key-exchange methods besides RSA : Diffie-Hellman key exchange
Supports for DSA and other public key algorithms besides RSA
SSH2 Changes
New added features : sftp , the secure file transfer protocol
More secure and allows integration into public key infrastrures
Supports “subsystems”, platform-independent module, built-in SOCKS, …
Install SSH1 – from OpenSSH
Because of legal reasons, SSH is not included by default in Linux. You can download and install from source code or from OpenSSH
OpenSSH suite includes :
ssh (replaces telnet and rlogin)
scp (replaces rcp)
sftp (replaces ftp)
Install SSH1 – from OpenSSH
Server : openssh-server-xxx.rpm
(sshd, sshd_config, sftp-server, ...)
Client : openssh-clients-xxx.rpm
(ssh, ssh_config, sftp, ...)
Addtion tools : openssh-xxx.rpm
(scp, ssh-keygen, ...)
Configure SSH1
Configure files :
Server : /etc/ssh/sshd_config
Client : /etc/ssh/ssh_config
These file contains keyword-value pairs, one per line, use ‘#’ as comment. Keyword are case sensitive :
# more /etc/ssh/sshd_config
Port 22
ListenAddress 0.0.0.0
PermitRootLogin yes
IgnoreRhosts yes
RhostsAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
...
File Transfer - ftp
ftp (file transfer protocol) provides service for file transfer from/to your computer.
All Linux distributions offer the wu-ftpd program, which is ftp daemon developed at Washington University.
wu-ftpd is the most common daemon on the Internet
FTP – Relevant Files
/etc/ftpaccess
/etc/ftphosts
/etc/ftpusers
/etc/ftpconversion
/etc/ftpaccess
It’s main configuration file
class all real,guest,anonymous *
email root@localhost
loginfails 5
message /welcome.msg login
message .message cwd=*
compress yes all
tar yes all
chmod no guest,anonymous
delete no anonymous
rename no anonymous
…
/etc/ftphosts
It’s used to allow or deny access to certain accounts from various hosts.
allow henry 10.1.2.3
deny fred example.org 10.2.3.*
/etc/ftpusers
It contains login names of users who are NOT allow to login to your system
root
bin
daemon
adm
lp
mail
news
uucp
…
Proftpd
It’s another powerful ftp server, not popular as wu-ftpd but easier to configure and more secure.
It can run as stand-alone server or from inetd
Relevant files :
/usr/sbin/in.proftpd : server daemon
/etc/proftpd.conf : main configuration file
/etc/proftpd.conf
The End
Objectives
Explain :
telnet
rsh
ssh
Configure FTP
Telnet
Telnet is used to communicate to a host through telnet protocol on default port 23
It operates on client/server basic. The client requires an account on the server to login
Most telnet servers will not allow you login as root because of security. You can login as normal user and su to root
Telnet
telnet is insecure protocol : username and password send from client to server across network in clear text
why people still use it ? - telnet can be used for debugging text based protocol : HTTP, SMTP and POP
Relevant File - ~/.telnetrc
When users has .telnetrc file in their home directories, telnet will execute the commands listed in this file.
# this is a comment
saigonctt send ayt
DEFAULT environ export USER
Telnet Commands
Command Format :
telnet [IP address|host name] [port]
If telnet is executed without options, it will be started in command mode with prompt “telnet>”
You can change to command mode by “Ctrl-]” after connected.
Telnet Commands
?, h, help Lists commands with description
open
close = quit Terminates connection from client
logout Requests server to terminate the connection
send Send a special character sequence to the server
status A brief status report of telnet
…
( See #man telnet for more commands )
The r Commands
There are 3 programs :
rlogin Remote login
rsh Remote shell executes command
rcp Remote copy
Password NOT required if following files are configured:
/etc/hosts.equiv (system-wide)
$HOME/.rhosts (per-user)
( Entry : [+|-] [hostname] [username] )
The r Commands
rlogin : similar to telnet
rlogin [-l username]
rsh : executes cmd on remote host
rsh [-l username]
Shell meta-characters can be used in
# rsh –l minh saigonctt “cat ~/file” > local_file
# rsh –l minh saigonctt “cat ~/file” “>” remote_file
The r Commands
rcp : copy files between machines
rcp
rcp
Example :
rcp /home/file minh@saigonctt:/backup
rcp minh@saigonctt:/backup/file /home
rcp -r /etc minh@saigonctt:/backup/etc
rcp –p /etc minh@saigonctt:/backup/etc
Security of r Commands
centers around the idea of trusted users and hosts , NOT password authentication.
Trusted hosts are also known as equivalent hosts
If NO hosts.equiv is present, NO hosts are trusted
The .rhosts file is used to control access to an individual user account
It grant/denies password-free access to an individual user account by means of .rhosts
hosts.equiv does NOT work with root account but .rhosts does
SSH – Secure Shell
SSH originally authored by Tatu Ylonen in Finland, replacement for telnet, rlogin, rsh, rcp
Everything SSH send across network is encrypted. SSH has become de-factor standard for remote connection
SSH can hanlde X connection
SSH Features
Strong authentication with RSA, SecurID, S/Key, Kerberos and TIS
Secure X11 sessions
Arbitrary TCP/IP ports can be redirect through the encrypted channel in both directions
For forwarding, ssh captures on port 6010
Optional compression of all data with gzip
Complete replacement for rlogin, rsh, rcp
Component of SSH1
sshd Server
ssh Client
scp Sercure copy files, replaces rcp
ssh-keygen Creates RSA keys (host key and authentication keys)
ssh-agent Authetication agent, used to hold RSA keys for authentication
ssh-add Used to register new key with the agent
make-ssh-known-hosts Used to create /etc/ssh/ssh_known_hosts file
Component of SSH2
sshd2 Server
ssh2 Client
sftp-server2 SFTP Server (executed by sshd2)
sftp2 SFTP Client (need ssh2)
scp2 Sercure copy files, replaces rcp
Component of SSH2
ssh-keygen2 The utility for generating keys
ssh-agent2 Authetication agent, used to hold RSA keys for authentication
ssh-add2 Add identifier to the authentication agent
ssh-askpass2 X11 utility for querying password
SSH2 Changes
SSH has been 98% rewritten
Supports other key-exchange methods besides RSA : Diffie-Hellman key exchange
Supports for DSA and other public key algorithms besides RSA
SSH2 Changes
New added features : sftp , the secure file transfer protocol
More secure and allows integration into public key infrastrures
Supports “subsystems”, platform-independent module, built-in SOCKS, …
Install SSH1 – from OpenSSH
Because of legal reasons, SSH is not included by default in Linux. You can download and install from source code or from OpenSSH
OpenSSH suite includes :
ssh (replaces telnet and rlogin)
scp (replaces rcp)
sftp (replaces ftp)
Install SSH1 – from OpenSSH
Server : openssh-server-xxx.rpm
(sshd, sshd_config, sftp-server, ...)
Client : openssh-clients-xxx.rpm
(ssh, ssh_config, sftp, ...)
Addtion tools : openssh-xxx.rpm
(scp, ssh-keygen, ...)
Configure SSH1
Configure files :
Server : /etc/ssh/sshd_config
Client : /etc/ssh/ssh_config
These file contains keyword-value pairs, one per line, use ‘#’ as comment. Keyword are case sensitive :
# more /etc/ssh/sshd_config
Port 22
ListenAddress 0.0.0.0
PermitRootLogin yes
IgnoreRhosts yes
RhostsAuthentication no
RSAAuthentication yes
PasswordAuthentication yes
...
File Transfer - ftp
ftp (file transfer protocol) provides service for file transfer from/to your computer.
All Linux distributions offer the wu-ftpd program, which is ftp daemon developed at Washington University.
wu-ftpd is the most common daemon on the Internet
FTP – Relevant Files
/etc/ftpaccess
/etc/ftphosts
/etc/ftpusers
/etc/ftpconversion
/etc/ftpaccess
It’s main configuration file
class all real,guest,anonymous *
email root@localhost
loginfails 5
message /welcome.msg login
message .message cwd=*
compress yes all
tar yes all
chmod no guest,anonymous
delete no anonymous
rename no anonymous
…
/etc/ftphosts
It’s used to allow or deny access to certain accounts from various hosts.
allow henry 10.1.2.3
deny fred example.org 10.2.3.*
/etc/ftpusers
It contains login names of users who are NOT allow to login to your system
root
bin
daemon
adm
lp
news
uucp
…
Proftpd
It’s another powerful ftp server, not popular as wu-ftpd but easier to configure and more secure.
It can run as stand-alone server or from inetd
Relevant files :
/usr/sbin/in.proftpd : server daemon
/etc/proftpd.conf : main configuration file
/etc/proftpd.conf
The End
* Một số tài liệu cũ có thể bị lỗi font khi hiển thị do dùng bộ mã không phải Unikey ...
Người chia sẻ: Nguyễn Việt Vương
Dung lượng: |
Lượt tài: 4
Loại file:
Nguồn : Chưa rõ
(Tài liệu chưa được thẩm định)