Scribd Logo
Upload

Welcome to Scribd!

  • Remote Connectivity: 69-3 Nguyen Thi Nho, P9, Q.Tbinh, Tp. HCM

    Uploaded by

    m3onh0x84
    29 views28 pages
    This document chapter explains remote connectivity tools including telnet, rsh, rlogin, rcp and secure shell (SSH). It describes how telnet operates on a client/server model but is insecure. The r-commands allow passwordless login between trusted hosts but lack security. SSH was created as a secure replacement, encrypting all network traffic and supporting strong authentication methods. The document outlines the components, features and installation of OpenSSH, the most common implementation of SSH.

    Original Description:

    ch16-remoteaccess - LPI 102

    Original Title

    ch16-remoteaccess

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document chapter explains remote connectivity tools including telnet, rsh, rlogin, rcp and secure shell (SSH). It describes how telnet operates on a client/server model but is insecure. The r-commands allow passwordless login between trusted hosts but lack security. SSH was created as a secure replacement, encrypting all network traffic and supporting strong authentication methods. The document outlines the components, features and installation of OpenSSH, the most common implementation of SSH.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    29 views28 pages

    Remote Connectivity: 69-3 Nguyen Thi Nho, P9, Q.Tbinh, Tp. HCM

    Uploaded by

    m3onh0x84
    This document chapter explains remote connectivity tools including telnet, rsh, rlogin, rcp and secure shell (SSH). It describes how telnet operates on a client/server model but is insecure. The r-commands allow passwordless login between trusted hosts but lack security. SSH was created as a secure replacement, encrypting all network traffic and supporting strong authentication methods. The document outlines the components, features and installation of OpenSSH, the most common implementation of SSH.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 28

    Chapter 16

    Remote Connectivity

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Objectives

    Explain :
    telnet
    Rsh
    ssh
    Configure FTP

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Telnet

    Telnet is used to communicate to a host


    through telnet protocol on default port 23
    It operates on client/server basic. The client
    requires an account on the server to login
    Most telnet servers will not allow you login as
    root because of security. You can login as
    normal user and su to root.

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Telnet

    telnet is insecure protocol : username and


    password send from client to server across
    network in clear text
    why people still use it ? - telnet can be used
    for debugging text based protocol : HTTP,
    SMTP and POP

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Relevant File ~/.telnetrc

    When users has .telnetrc file in their home


    directories, telnet will execute the commands
    listed in this file.
    # this is a comment
    command1
    command2

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Telnet Commands

    Command Format :
    telnet [IP address|host name] [port]
    If telnet is executed without options, it will be
    started in command mode with prompt “telnet>”
    You can change to command mode by “Ctrl-]”
    after connected.

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Telnet Commands

    ?, h, help Lists commands with description


    <command> ? More information of command (arg)
    open <IP address> Open connection to the IP
    address or host name
    close = quit Terminates connection from client
    logout Requests server to terminate the connection
    send Send a special character sequence to the server
    status A brief status report of telnet

    ( See #man telnet for more commands )
    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    The r Commands

    There are 3 programs :


    rlogin Remote login
    rsh Remote shell executes command
    rcp Remote copy
    Password NOT required if following files are
    configured:
    /etc/hosts.equiv (system-wide)
    $HOME/.rhosts (per-user)
    ( Entry : [+|-] [hostname] [username] )
    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    The r Commands

    rlogin : similar to telnet


    rlogin [-l username] <hostname>
    rsh : executes cmd on remote host
    rsh [-l username] <hostname> <cmd>
    Shell meta-characters can be used in <cmd> To have
    rsh interpret the meta-characters on remote machine,
    put quotation mark around them. If not quotes,
    metacharacters are interpreted on local machine :
    # rsh –l minh saigonctt “cat ~/file” > local_file
    # rsh –l minh saigonctt “cat ~/file” “>” remote_file
    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    The r Commands

    rcp : copy files between machines


    rcp <dir> <remote username>@<hostname>:<dir>
    rcp <remote username>@<hostname>:<dir> <dir>
    Example :
    rcp /home/file minh@saigonlab:/backup
    rcp minh@saigonlab:/backup/file /home
    rcp -r /etc minh@saigonlab:/backup/etc
    rcp –rp /etc minh@saigonlab:/backup/etc

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Security of r Commands

    centers around the idea of trusted users and


    hosts , NOT password authentication.
    Trusted hosts are also known as equivalent hosts
    If NO hosts.equiv is present, NO hosts are trusted
    The .rhosts file is used to control access to an
    individual user account
    It grant/denies password-free access to an
    individual user account by means of .rhosts
    hosts.equiv does NOT work with root account but
    .rhosts does

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    SSH – Secure Shell

    SSH originally authored by Tatu Ylonen in


    Finland, replacement for telnet, rlogin, rsh, rcp
    Everything SSH send across network is
    encrypted. SSH has become de-factor
    standard for remote connection
    SSH can handle X connection

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    SSH Features

    Strong authentication with RSA, SecurID,


    S/Key, Kerberos and TIS
    Secure X11 sessions
    Arbitrary TCP/IP ports can be redirect through
    the encrypted channel in both directions
    Optional compression of all data with gzip
    Complete replacement for rlogin, rsh, rcp

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Component of SSH1

    sshd Server
    ssh Client
    scp Secure copy files, replaces rcp
    ssh-keygen Creates RSA keys (host key and
    authentication keys)
    ssh-agent Authentication agent, used to hold RSA
    keys for authentication
    ssh-add Used to register new key with the agent
    make-ssh-known-hosts Used to create
    /etc/ssh/ssh_known_hosts file
    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Component of SSH2

    sshd2 Server
    ssh2 Client
    sftp-server2 SFTP Server (executed by sshd2)
    sftp2 SFTP Client (need ssh2)
    scp2 Secure copy files, replaces rcp

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Component of SSH2

    ssh-keygen2 The utility for generating keys


    ssh-agent2 Authentication agent, used to hold
    RSA keys for authentication
    ssh-add2 Add identifier to the authentication
    agent
    ssh-askpass2 X11 utility for querying
    password

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    SSH2 Changes

    SSH has been 98% rewritten


    Supports other key-exchange methods
    besides RSA :Diffie-Hellman key exchange
    Supports for DSA and other public key
    algorithms besides RSA
    New added features : sftp , the secure file
    transfer protocol

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    SSH2 Changes

    New added features : sftp , the secure file


    transfer protocol
    More secure and allows integration into public
    key infrastrucres
    Supports “subsystems”, platformindependent
    module, built-in SOCKS, …

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Install SSH1 – from OpenSSH

    Because of legal reasons, SSH is not


    included by default in Linux. You can download
    and install from source code or from OpenSSH
    OpenSSH suite includes :
    ssh (replaces telnet and rlogin)
    scp (replaces rcp)
    sftp (replaces ftp)

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Install SSH1 – from OpenSSH

    Server : openssh-server-xxx.rpm (sshd,


    sshd_config, sftp-server,...)
    Client : openssh-clients-xxx.rpm (ssh,
    ssh_config, sftp, ...)
    Addtion tools : openssh-xxx.rpm (scp, ssh-
    keygen, ...)

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    SSH1 Configure
    Configure files :
    Server : /etc/ssh/sshd_config
    Client : /etc/ssh/ssh_config
    These file contains keyword-value pairs, one per line, use ‘#’
    as comment. Keyword are case sensitive :
    # more /etc/ssh/sshd_config
    Port 22
    ListenAddress 0.0.0.0
    PermitRootLogin yes
    IgnoreRhosts yes
    RhostsAuthentication no
    RSAAuthentication yes
    PasswordAuthentication yes
    ...

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Using SSH

    Using ssh is similar to telnet or rlogin.


    Here are some examples for a server
    named “smallfry” in your /etc/hosts file
    [root@bigboy tmp]# ssh smallfry
    [root@bigboy tmp]# ssh –l peter smallfry
    [root@bigboy tmp]# ssh –l peter –p 435 \
    smallfry

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    File Transfer - ftp

     ftp (file transfer protocol) provides service for


    file transfer from/to your computer.
    All Linux distributions offer the wu-ftpd
    program, which is ftp daemon developed at
    Washington University.
    wu-ftpd is the most common daemon on the
    Internet

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    FTP – Relevant Files

    /etc/ftpaccess
    /etc/ftphosts
    /etc/ftpusers
    /etc/ftpconversion

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    /etc/ftpaccess
    It’s main configuration file
    class all real,guest,anonymous *
    email root@localhost
    loginfails 5
    message /welcome.msg login
    message .message cwd=*
    compress yes all
    tar yes all
    chmod no guest,anonymous
    delete no anonymous
    rename no anonymous

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    /etc/ftphosts

    It’s used to allow or deny access to certain


    accounts from various hosts.

    allow henry 10.1.2.3


    deny fred example.org 10.2.3.*

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    /etc/ftpusers

    It contains login names of users who are NOT


    allow to login to your system
    root
    bin
    daemon
    adm
    lp
    mail
    news
    uucp

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102
    Proftpd

    It’s another powerful ftp server, not popular as


    wu-ftpd but easier to configure and more
    secure.
    It can run as stand-alone server or from inetd
    Relevant files :
    /usr/sbin/in.proftpd : server daemon
    /etc/proftpd.conf : main configuration file

    SAIGONLAB 83 Nguyễn
    69-3 ThịThi
    Nguyen Nhỏ,Nho,
    P9, Q.Tân Bình, Tp.Tp.
    P9, Q.TBinh, HCMHCM LPI 102

    You might also like