Post on 12-Feb-2022
transcript
SSH Server Setup using OpenSSH on CentOS 5.8
Prof Jeong Chul
tland12.wordpress.com
Computer Science
ITC and RUPP in Cambodia
SSH Server Setup using OpenSSH
on CentOS 5.8 Part 1 • Step 1 Package installation and Startup
• Step 2 SSH Authentication
Part 2 • Step 3 SSH Port Forwarding
• Step 4 X11 Forwarding
• Step 5 SSH Client Tools
• Step 6 SSH Access Control
Step 1 Package installation & service startup
1. Package installation • openssh-askpass-4.3p2-82.el5 // X11 passphrase • openssh-clients-4.3p2-82.el5 // ssh,slogin,ssh-add,sftp • openssh-4.3p2-82.el5 // ssh-keygen, scp • openssh-server-4.3p2-82.el5 // sshd 2. Service startup # service sshd start 3. Service startup checking # ps –ef | grep sshd # netstat –nat | grep 22 4. Runlevel registration # chkconfig sshd on # chkconfig –list sshd 5. Testing : ssh username@ssh-server
Step 2 SSH Authentication (1)
Step 2 SSH Authentication (1)
Step 2 SSH Authentication (1)
Step 2 SSH Authentication (2)
1. Server Authentication (/etc/ssh) ssh_host_rsa_key & ssh_host_rsa_key.pub
ssh_host_dsa_key & ssh_host_dsa_key.pub
~/.ssh/known_hosts
# ssh –vvvv username@ssh-server
2. User Authentication • Password Authentication
• Public Key Authentication
• Host based Authentication
• Kerberos
Step 2 SSH Authentication (3)
1.Public Key Authentication On Server RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys
# service sshd restart On Client $ ssh-keygen –t rsa(dsa) –b 1024 $ scp .ssh/id_rsa.pub user@server:.ssh/authorized_keys $ ssh user@ssh-server 2. Adding Keys $ eval $(ssh-agent) or ssh-agent bash $ ssh-add $ ssh-add -l
Step 3 SSH Port Forwarding
1. Port Forwarding = Tunneling TCP connections over secure tunnel using OpenSSH 2. Server Configuration AllowTcpForwarding yes GatewayPorts yes 3. Local Forwarding # ssh –L 1234:localhost:25 –N user@ssh-server # telnet localhost 1234 4. Remote Forwarding On SSH Client (server system) # service httpd start # ssh –R 10000:localhost:80 –N user@ssh-server On SSH Server (client system) http://localhost:10000/
Step 3 SSH Port Forwarding
Local Port Forwarding
Step 3 SSH Port Forwarding
Remote Port Forwarding
Step 4 X11 Forwarding
1. GUI Program Forwarding
2. On Server
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
# service sshd restart
3. On Client
ForwardAgent yes
ForwardX11 yes
# xhost +
$ ssh –X user@ssh-server
$ xclock &
Step 5 SSH Client Tools 1. ssh
$ ssh root@ssh-server reboot
$ ssh linux@ssh-server
2. scp
$ scp linux@ssh-server:.ssh/authorized_keys id_rsa.pub
3. sftp
$ sftp server
$ sftp username@server
4. sshfs
# yum install sshfs $ sshfs server:/remote_dir /mnt/local_dir
5. ssh-keyscan
$ ssh-keyscan -t rsa,dsa client
6. Windows Clients
SecureCRT, Putty, Teraterm
Step 6 Access Control
1. Tcp_wraper
/etc/hosts.deny
sshd:ALL
/etc/hosts.allow
sshd:192.168.80.0/255.255.255.0
2. Options
AllowUsers/AllowGroups // Only these users
DenyUsers/DenyGroups // Only these users
PermitRootLogin yes or no
3. IPTABLES (Firewall) -A INPUT -s 192.168.80.0/24 -m state --state NEW,ESTABLISHED -p tcp --dport 22 -j
ACCEPT
SSH Server Setup using OpenSSH
on CentOS 5.8
Thank you !!