ch16-remoteaccess

8/9/2019 ch16-remoteaccess

1/28

SAIGONLAB 69-3 Nguyen Thi Nho, P9, Q.TBinh, Tp. HCM LPI 102

SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

Chapter 16

Remote Connectivity


2/28



Objectives

Explain :

telnet

Rsh

ssh

Configure FTP


3/28



Telnet

Telnet is used to communicate to a hostthrough telnetprotocol on default port 23

It operates on client/server basic. The clientrequires an account on the server to login

Most telnetservers will not allow you login asrootbecause of security. You can login asnormal user and suto root.


4/28


5/28



Relevant File ~/.telnetrc

When users has .telnetrcfile in their home

directories, telnetwill execute the commandslisted in this file.

# this is a comment

command1command2


6/28



Telnet Commands

Command Format :

telnet [IP address|host name] [port]If telnet is executed withoutoptions, it will bestarted in command mode with prompt telnet>

You can change to command mode by Ctrl-]after connected.


7/28

SAIGONLAB 69-3 Nguyen Thi Nho, P9, Q.TBinh, Tp. HCM LPI 102SAIGONLAB 83 Nguyn Th Nh, P9, Q.Tn Bnh, Tp. HCM LPI 102

Telnet Commands

?, h, helpLists commands with description

?More information of command (arg)

open Open connection to the IP

address or host nameclose = quitTerminates connection from client

logoutRequests server to terminate the connection

send Send a special character sequence to the server

statusA brief status report of telnet

( See #man telnetfor more commands )


8/28


TherCommands

There are 3 programs :

rlogin Remote login

rsh Remote shell executes command

rcp Remote copy

Password NOT required if following files areconfigured:

/etc/hosts.equiv (system-wide)$HOME/.rhosts (per-user)

( Entry : [+|-] [hostname] [username] )


9/28


TherCommands

rlogin : similar to telnet

rlogin [-l username]

rsh : executes cmd on remote host

rsh [-l username]

Shell meta-characters can be used in To haversh interpret the meta-characters on remote machine,put quotation mark around them. If not quotes,metacharacters are interpreted on local machine :

# rsh l minh saigonctt cat ~/file > local_file

# rsh l minh saigonctt cat ~/file >remote_file


10/28


TherCommands

rcp : copy files between machines

rcp @:

rcp @: Example :

rcp /home/file minh@saigonlab:/backup

rcp minh@saigonlab:/backup/file /homercp -r /etc minh@saigonlab:/backup/etc

rcp rp /etc minh@saigonlab:/backup/etc


11/28


SecurityofrCommands

centers around the idea oftrusted usersandhosts, NOT password authentication.

Trusted hosts are also known as equivalent hosts

IfNO hosts.equivis present, NO hosts are trusted

The .rhosts file is used to control access to anindividual user account

It grant/denies password-free access to anindividual user account by means of.rhosts

hosts.equivdoes NOT work with rootaccount but.rhosts does


12/28


SSH Secure Shell

SSH originally authored by Tatu Ylonen in

Finland, replacement for telnet, rlogin, rsh, rcpEverything SSH send across network isencrypted. SSH has become de-factorstandard for remote connection

SSH can handle X connection


13/28


SSH Features

Strong authentication with RSA, SecurID,S/Key, Kerberos and TIS

Secure X11 sessions

Arbitrary TCP/IP ports can be redirect throughthe encrypted channel in both directions

Optional compression of all data with gzip

Complete replacement for rlogin, rsh, rcp


14/28


ComponentofSSH1

sshd Server

ssh Client

scp Secure copy files, replaces rcp

ssh-keygen Creates RSA keys (host key andauthentication keys)

ssh-agentAuthentication agent, used to hold RSAkeys for authentication

ssh-add Used to register new key with the agent

make-ssh-known-hosts Used to create/etc/ssh/ssh_known_hosts file


15/28


ComponentofSSH2

sshd2 Server

ssh2 Client

sftp-server2 SFTP Server (executed by sshd2)

sftp2 SFTP Client (need ssh2)

scp2 Secure copy files, replaces rcp


16/28


ComponentofSSH2

ssh-keygen2 The utility for generating keys

ssh-agent2Authentication agent, used to holdRSA keys for authentication

ssh-add2Add identifier to the authenticationagent

ssh-askpass2 X11 utility for queryingpassword


17/28


SSH2 Changes

SSH has been 98% rewritten

Supports other key-exchange methodsbesides RSA :Diffie-Hellman key exchange

Supports forDSA and other public keyalgorithms besides RSA

New added features : sftp, the secure filetransfer protocol


18/28


SSH2 Changes

New added features : sftp, the secure file

transfer protocolMore secure and allows integration into publickey infrastrucres

Supports subsystems, platformindependentmodule, built-in SOCKS,


19/28


Install SSH1 from OpenSSH

Because of legal reasons, SSH is notincluded by default in Linux. You can download

and install from source code or from OpenSSH

OpenSSH suite includes :

ssh (replaces telnet and rlogin)

scp (replaces rcp)

sftp (replaces ftp)


20/28


Install SSH1 from OpenSSH

Server : openssh-server-xxx.rpm (sshd,

sshd_config, sftp-server,...)Client : openssh-clients-xxx.rpm (ssh,ssh_config, sftp, ...)

Addtion tools : openssh-xxx.rpm (scp, ssh-keygen, ...)


21/28


SSH1 Configure

Configurefiles :

Server : /etc/ssh/sshd_config

Client : /etc/ssh/ssh_config

These file contains keyword-value pairs, one per line, use #as comment. Keyword are case sensitive :

# more /etc/ssh/sshd_config

Port 22

ListenAddress 0.0.0.0

PermitRootLogin yes

I

gnoreRhosts yesRhostsAuthentication no

RSAAuthentication yes

PasswordAuthentication yes

...


22/28


Using SSH

Using ssh is similar to telnet or rlogin.

Here are some examples for a server

named smallfry in your /etc/hosts file

[root@bigboy tmp]# ssh smallfry

[root@bigboy tmp]# ssh l peter smallfry

[root@bigboy tmp]# ssh l peter p 435 \

smallfry


23/28


File Transfer - ftp

ftp (file transfer protocol) provides service forfile transfer from/to your computer.

All Linux distributions offer the wu-ftpdprogram, which is ftp daemon developed atWashington University.

wu-ftpd is the most common daemon on theInternet


24/28


FTP Relevant Files

/etc/ftpaccess

/etc/ftphosts

/etc/ftpusers

/etc/ftpconversion


25/28


/etc/ftpaccess

Itsmain configuration fileclass all real,guest,anonymous *

email root@localhost

loginfails 5

message /welcome.msg loginmessage .message cwd=*

compress yes all

tar yes all

chmod no guest,anonymous

delete no anonymous

rename no anonymous


26/28


/etc/ftphosts

Its used to allow or deny access to certain

accounts from various hosts.

allow henry 10.1.2.3

deny fred example.org 10.2.3.*


27/28


/etc/ftpusers

Itcontainslogin namesofuserswhoareNOTallowtologin toyoursystem

root

bin

daemon

adm

lp

mail

news

uucp


28/28


Proftpd

Its another powerful ftp server, not popular aswu-ftpd but easier to configure and more

secure.It can run as stand-alone server or from inetd

Relevant files :

/usr/sbin/in.proftpd : server daemon

/etc/proftpd.conf : main configuration file

ch16-remoteaccess

Documents

Transcript of ch16-remoteaccess