+ All Categories
Home > Documents > SSH-server -

SSH-server -

Date post: 12-Feb-2022
Category:
Upload: others
View: 9 times
Download: 0 times
Share this document with a friend
15
SSH Server Setup using OpenSSH on CentOS 5.8 Prof Jeong Chul tland12.wordpress.com Computer Science ITC and RUPP in Cambodia
Transcript
Page 1: SSH-server -

SSH Server Setup using OpenSSH on CentOS 5.8

Prof Jeong Chul

tland12.wordpress.com

Computer Science

ITC and RUPP in Cambodia

Page 2: SSH-server -

SSH Server Setup using OpenSSH

on CentOS 5.8 Part 1 • Step 1 Package installation and Startup

• Step 2 SSH Authentication

Part 2 • Step 3 SSH Port Forwarding

• Step 4 X11 Forwarding

• Step 5 SSH Client Tools

• Step 6 SSH Access Control

Page 3: SSH-server -

Step 1 Package installation & service startup

1. Package installation • openssh-askpass-4.3p2-82.el5 // X11 passphrase • openssh-clients-4.3p2-82.el5 // ssh,slogin,ssh-add,sftp • openssh-4.3p2-82.el5 // ssh-keygen, scp • openssh-server-4.3p2-82.el5 // sshd 2. Service startup # service sshd start 3. Service startup checking # ps –ef | grep sshd # netstat –nat | grep 22 4. Runlevel registration # chkconfig sshd on # chkconfig –list sshd 5. Testing : ssh username@ssh-server

Page 4: SSH-server -

Step 2 SSH Authentication (1)

Page 5: SSH-server -

Step 2 SSH Authentication (1)

Page 6: SSH-server -

Step 2 SSH Authentication (1)

Page 7: SSH-server -

Step 2 SSH Authentication (2)

1. Server Authentication (/etc/ssh) ssh_host_rsa_key & ssh_host_rsa_key.pub

ssh_host_dsa_key & ssh_host_dsa_key.pub

~/.ssh/known_hosts

# ssh –vvvv username@ssh-server

2. User Authentication • Password Authentication

• Public Key Authentication

• Host based Authentication

• Kerberos

Page 8: SSH-server -

Step 2 SSH Authentication (3)

1.Public Key Authentication On Server RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys

# service sshd restart On Client $ ssh-keygen –t rsa(dsa) –b 1024 $ scp .ssh/id_rsa.pub user@server:.ssh/authorized_keys $ ssh user@ssh-server 2. Adding Keys $ eval $(ssh-agent) or ssh-agent bash $ ssh-add $ ssh-add -l

Page 9: SSH-server -

Step 3 SSH Port Forwarding

1. Port Forwarding = Tunneling TCP connections over secure tunnel using OpenSSH 2. Server Configuration AllowTcpForwarding yes GatewayPorts yes 3. Local Forwarding # ssh –L 1234:localhost:25 –N user@ssh-server # telnet localhost 1234 4. Remote Forwarding On SSH Client (server system) # service httpd start # ssh –R 10000:localhost:80 –N user@ssh-server On SSH Server (client system) http://localhost:10000/

Page 10: SSH-server -

Step 3 SSH Port Forwarding

Local Port Forwarding

Page 11: SSH-server -

Step 3 SSH Port Forwarding

Remote Port Forwarding

Page 12: SSH-server -

Step 4 X11 Forwarding

1. GUI Program Forwarding

2. On Server

X11Forwarding yes

X11DisplayOffset 10

X11UseLocalhost yes

# service sshd restart

3. On Client

ForwardAgent yes

ForwardX11 yes

# xhost +

$ ssh –X user@ssh-server

$ xclock &

Page 13: SSH-server -

Step 5 SSH Client Tools 1. ssh

$ ssh root@ssh-server reboot

$ ssh linux@ssh-server

2. scp

$ scp linux@ssh-server:.ssh/authorized_keys id_rsa.pub

3. sftp

$ sftp server

$ sftp username@server

4. sshfs

# yum install sshfs $ sshfs server:/remote_dir /mnt/local_dir

5. ssh-keyscan

$ ssh-keyscan -t rsa,dsa client

6. Windows Clients

SecureCRT, Putty, Teraterm

Page 14: SSH-server -

Step 6 Access Control

1. Tcp_wraper

/etc/hosts.deny

sshd:ALL

/etc/hosts.allow

sshd:192.168.80.0/255.255.255.0

2. Options

AllowUsers/AllowGroups // Only these users

DenyUsers/DenyGroups // Only these users

PermitRootLogin yes or no

3. IPTABLES (Firewall) -A INPUT -s 192.168.80.0/24 -m state --state NEW,ESTABLISHED -p tcp --dport 22 -j

ACCEPT

Page 15: SSH-server -

SSH Server Setup using OpenSSH

on CentOS 5.8

Thank you !!


Recommended