%% $Header: /cvsroot/lcdp/lpic/general-linux-2/slides/gl2.113.7.slides.tex,v 1.4 2003/10/25 04:27:27 anguslees Exp $ \input{gl2.slide-header.tex} %\overlaysfalse %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \begin{document} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %----10->|-----20->|-----30->|-----40->|-----50->|-----60->|-----70->|-----80-> \begin{slide} %================================================================ \begin{center} \LARGE \textsf{-- General Linux 2 -- \\ } \LARGE Set up secure shell (OpenSSH) \textsf{[] } \\[2mm] \large \textsf{(Linux Professional Institute Certification)}\\[1mm] \normalsize\end{center} \footnote{Copyright \copyright\ 2002 Geoffrey Robertson. Permission is granted to make and distribute verbatim copies or modified versions of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation---either version 2 of the License or (at your option) any later version.} \scriptsize \begin{verbatim} .~. Based on a talk by Gus Lees /V\ // \\ geoffrey robertson @._.@ geoffrey@zip.com.au \end{verbatim} \tiny \begin{verbatim} $Id: gl2.113.7.slides.tex,v 1.4 2003/10/25 04:27:27 anguslees Exp $ \end{verbatim} \normalsize \vfill \end{slide} %----------------------------------------------------------- %----10->|-----20->|-----30->|-----40->|-----50->|-----60->|-----70->|-----80-> %============================================================================== \begin{slide} %ghr \listofslides \vfill \end{slide} %------------------------------------------------------------------------------ %============================================================================== \begin{slide}{} %ghr \Slidecontents \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide} %ghr \slideheading{Networking Services} \begin{description} \item[2.113.1] Configure and manage inetd, xinetd, and related services \item[2.113.2] Operate and perform basic configuration of sendmail \item[2.113.3] Operate and perform basic configuration of Apache \item[2.113.4] Properly manage the NFS, smb, and nmb daemons \item[2.113.5] Setup and configure basic DNS services [] \item[2.113.7] {\bf \underline{Set up Secure Shell (OpenSSH)}} \end{description} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== \begin{slide}{} %ghr \Slidecontents \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide} %ghr \slideheading{Set up Secure Shell (OpenSSH)} \slidesubheading{Objective} The candidate should be able to obtain and configure OpenSSH. This objective includes basic OpenSSH installation and troubleshooting, as well as configuring sshd to start at system boot. \vfill \end{slide} %----------------------------------------------------------- %============================================================================== \begin{slide} %ghr \Slideheading{Set up Secure Shell (OpenSSH)} \slidesubheading{Key files, terms, and utilities} \begin{alltt} /etc/hosts.allow /etc/hosts.deny /etc/nologin /etc/ssh/sshd_config /etc/ssh_known_hosts /etc/sshrc sshd ssh-keygen \end{alltt} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== \begin{slide} %ghr \Slideheading{Set up Secure Shell (OpenSSH)} \slidesubheading{Resources of Interest} \begin{description} \item[TBA] \begin{alltt} \end{alltt} \end{description} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \slideheading{``Secure SHell''} A functional replacement of the ancient \texttt{rsh} command, except with encryption and authentication. \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \slideheading{Versions} \begin{description} \item[Commercial SSH] Finnish company. Original authors of SSH. \item[OpenSSH] Split from last free version of commercial SSH. Development led by OpenBSD team. \end{description} Draft ``secsh'' RFC. Alternative implementations exist (Putty, Net::SSH::Perl, etc) \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \slideheading{Commands} \begin{description} \item[ssh] Run a shell command on a remote host \item[sshd] SSH server daemon \item[scp] Copy files using SSH \item[sftp] An ftp-like interface into \texttt{scp} \item[ssh-keygen] Generate an SSH key pair \item[ssh-agent, ssh-add] SSH key forwarding \end{description} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Commands} \slidesubheading{ssh} \begin{verbatim} ssh [options] host [command] \end{verbatim} Run a shell command on a remote host. Acts like a normal shell command. ie: \textsc{STDIN}, \textsc{STDOUT} work as normal. Without a \textit{command}, ssh runs an interactive login. \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Commands} \slidesubheading{scp} \begin{verbatim} scp user@host:path/file user2@host2:path/file2 \end{verbatim} Copy a file over ssh. \textit{user} defaults to current login, \textit{user@host} maybe omitted for local files, \textit{path} is relative to \$HOME \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Commands} \slidesubheading{sftp} \begin{verbatim} sftp user@host:path \end{verbatim} \texttt{ftp}-like command line interface to scp. Only provided with more recent ssh versions. \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \slideheading{Advanced Usage} Remember that \textsc{STDIN} and \textsc{STDOUT} still work as normal (unlike \texttt{telnet}): \begin{verbatim} ssh remote tar zcf - /remotepath > localfile.tar.gz \end{verbatim} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Advanced Usage} \slidesubheading{X Forwarding} \begin{verbatim} ssh -X host \end{verbatim} Login to \textit{host} and ``forward'' X11 connections back to the local Xserver. A ``fake'' \$DISPLAY and \texttt{xauth} environment are created, and the X11 data is passed back over the same SSH connection. \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Advanced Usage} \slidesubheading{X Forwarding \textit{ctd\ldots}} Forwarding X over SSH is secure and easy, but slower than not doing it. On a local LAN, the encryption is probably unnecessary---use normal X methods such as rstart instead (rstart can use ssh for authentication anyway). Specialised X11 caching methods (eg: LBX) can get better performance than ssh compression over slow links. There are concerns over connecting to a hostile remote machine and forwarding X back again, so don't forward X by default. A hostile remote site may forward damaging commands back down the link to your X server (ie your screen and keyboard). \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Advanced Usage} \slidesubheading{Port Forwarding} Arbitrary ports can also be forwarded over the SSH connection, to add security to other protocols (or bypass poor firewall policies\dots) \begin{verbatim} # .fetchmailrc example poll localhost protocol pop3 port 11110: preconnect "ssh -C -f user@host.com \ -L 11110:host.com:110 sleep 10" \end{verbatim} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Advanced Usage} \slidesubheading{SSH Keys} Public key authentication. More secure alternative to password login. Generate a public/private ``key pair'' with \texttt{ssh-keygen}. \textbf{Keep the private key secret}. Append the public key into your (remote) \url{~/.ssh/authorized_keys} to allow access. \cmd{cat identity.pub >> $\sim$/.ssh/authorized\_keys} More powerful automation (scripting) possibilities. \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Advanced Usage} \slidesubheading{SSH Authentication Agent} \texttt{ssh-agent} allows key information to be ``forwarded'' between its child processes---even across nested ssh sessions. Start \texttt{ssh-agent} in your X-session or login scripts, and run \texttt{ssh-add} to add keys. \texttt{ssh-askpass} is (basically) an X11 version of \texttt{ssh-add}. \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Advanced Usage} \slidesubheading{SSH from win32} \begin{description} \item[Putty] Includes command line ``pscp.exe'' scp clone too. {\small \url{http://www.chiark.greenend.org.uk/~sgtatham/putty/}} \item[Winscp] Graphical SCP client. \url{http://winscp.vse.cz/eng} \end{description} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== %============================================================================== \begin{slide}{} \Slideheading{Advanced Usage} \slidesubheading{Other ``frontends''} \begin{description} \item[KDE kio\_fish] Provides \url{ssh://} konquerer paths. \item[tramp.el] Transparent access to remote files for emacs. \item[rsh-compatible] Anything that can use rsh (eg: CVS) \end{description} \vfill \end{slide} %----------------------------------------------------------- %============================================================================== \begin{slide}{} %ghr \heading{The End} \Slidecontents \vfill \end{slide} %----------------------------------------------------------- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \end{document} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %============================================================================== %============================================================================== \begin{slide}{} \slideheading{} \vfill \end{slide} %----------------------------------------------------------- ============================================================================= \begin{slide}{} \end{slide} %------------------------------------------------------------------ %============================================================================== \begin{slide}{} %ghr \Slidecontents \vfill \end{slide} %-----------------------------------------------------------