SSH! Keep it secret. Keep it safe



Similar documents
Secure Shell. The Protocol

TS-800. Configuring SSH Client Software in UNIX and Windows Environments for Use with the SFTP Access Method in SAS 9.2, SAS 9.3, and SAS 9.

WinSCP PuTTY as an alternative to F-Secure July 11, 2006

Install and configure SSH server

Securing Windows Remote Desktop with CopSSH

File transfer clients manual File Delivery Services

Configuring for SFTP March 2013

Connectivity using ssh, rsync & vsftpd

Securing Windows Remote Desktop with CopSSH

SSH and FTP on Ubuntu WNYLUG Neal Chapman 09/09/2009

HPCC - Hrothgar Getting Started User Guide

OpenSSH: Secure Shell

Secure File Transfer Installation. Sender Recipient Attached FIles Pages Date. Development Internal/External None 11 6/23/08

Adobe Marketing Cloud Using FTP and sftp with the Adobe Marketing Cloud

SSSD and OpenSSH Integration

File Transfer Examples. Running commands on other computers and transferring files between computers

Using SSH Secure FTP Client INFORMATION TECHNOLOGY SERVICES California State University, Los Angeles Version 2.0 Fall 2008.

Overview. Remote access and file transfer. SSH clients by platform. Logging in remotely

AnzioWin FTP Dialog. AnzioWin version 15.0 and later

Integrating F5 BIG-IP load balancer administration with HP ProLiant Essentials Rapid Deployment Pack

ASX SFTP External User Guide

If you prefer to use your own SSH client, configure NG Admin with the path to the executable:

File Transfers. Contents

SSH, SCP, SFTP, Denyhosts. Süha TUNA Res. Assist.

Decision Support System to MODEM communications

Using sftp in Informatica PowerCenter

Pro OpenSSH. Michael Stahnke. Apress* =# # w^ l&l ## frsft. *,«.,*

CASHNet Secure File Transfer Instructions

Security Configuration Guide P/N Rev A05

2 Advanced Session... Properties 3 Session profile... wizard. 5 Application... preferences. 3 ASCII / Binary... Transfer

Using WinSCP to Transfer Data with Florida SHOTS

Secure access to the DESY network using SSH

Methods available to GHP for out of band PUBLIC key distribution and verification.

Introductory Note 711 & 811. Remote Access to Computer Science Linux Files Using Secure Shell Protocols

fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé

SERVER HARDENING. Presented by: Daniel Waymel and Corrin Thompson at TexSAW 2014 at the University of Texas at Dallas

TELE 301 Network Management. Lecture 16: Remote Terminal Services

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

How to upload large files to a JTAC Case

Clearswift Information Governance

PTC X/Server. Evaluation Guide. PTC Inc.

Please note that a username and password will be made available upon request. These are necessary to transfer files.

A SHORT INTRODUCTION TO BITNAMI WITH CLOUD & HEAT. Version

Using SFTP on the z/os Platform

Encrypted File Transfer - Customer Testing

ICE Futures Europe. AFTS Technical Guide for Large Position Reporting V1.0

Implementing Secure Shell

File Protection using rsync. Setup guide

Authentication in a Heterogeneous Environment

What s New in Centrify Server Suite 2014

SSH with private/public key authentication

SSL Tunnels. Introduction

SSH The Secure Shell

Step One: Installing Rsnapshot and Configuring SSH Keys

Miami University RedHawk Cluster Connecting to the Cluster Using Windows

Configure Backup Server for Cisco Unified Communications Manager

Linux Overview. Local facilities. Linux commands. The vi (gvim) editor

Obtaining a user account and password: To obtain a user account, please submit the following information to AJRR staff:

How to install and set up the WinSCP software for Secure File Transfer

Defeating Firewalls : Sneaking Into Office Computers From Home

/ Preparing to Manage a VMware Environment Page 1

Configuring SSH and Telnet

Contents. Part 1 SSH Basics 1. Acknowledgments About the Author Introduction

CTERA Agent for Linux

SSH Secure Client (Telnet & SFTP) Installing & Using SSH Secure Shell for Windows Operation Systems

EventTracker Windows syslog User Guide

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

Back Up Linux And Windows Systems With BackupPC

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

Joint Venture Hospital Laboratories. Secure File Transfer Protocol (SFTP) Secure Socket Shell (SSH) User s Guide for plmweb.jvhl.

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

Access Instructions for United Stationers ECDB (ecommerce Database) 2.0

Secure File Transfer Protocol User Guide. Date Created: November 10, 2009 Date Updated: April 14, 2014 Version: 1.7

Tera Term Telnet. Introduction

MobaXTerm: A good gnome-terminal like tabbed SSH client for Windows / Windows Putty Tabs Alternative

freesshd SFTP Server on Windows

F-Secure. Securing the Mobile Distributed Enterprise. F-Secure SSH User's and Administrator's Guide

XFTP 5 User Guide. The Powerful SFTP/FTP File Transfer Program. NetSarang Computer Inc.

Getting Started with RES Automation Manager Agent for Linux

Parallels. for your Linux or Windows Server. Small Business Panel. Getting Started Guide. Parallels Small Business Panel // Linux & Windows Server

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

Laboration 3 - Administration

CA ehealth. Remote Poller Guide. r6.1

Use Enterprise SSO as the Credential Server for Protected Sites

IBM WebSphere Application Server Version 7.0

About This Document 3. About the Migration Process 4. Requirements and Prerequisites 5. Requirements... 5 Prerequisites... 5

Network Management Card Security Implementation

Upgrade Guide. Product Version: Publication Date: 02/11/2015

PowerLink for Blackboard Vista and Campus Edition Install Guide

Introduction. Installation of SE S AM E BARCODE virtual machine distribution. (Windows / Mac / Linux)

Configuring Claims Based FBA with Active Directory store 1

Prerequisites and Configuration Guide

LOCKSS on LINUX. CentOS6 Installation Manual 08/22/2013

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Transcription:

SSH! Keep it secret. Keep it safe Using Secure Shell to Help Manage Multiple Servers Don Prezioso Ashland University Why use SSH? Proliferation of servers Physical servers now Virtual / Hosted System management without console Inter-server processes and file transfers Less worry about passwords What is SSH? Secure Shell (encrypted connections) Replaces telnet (ssh) Secure copy (scp) Secure file transfers (sftp) Public/Private key pairs for encryption No passwords needed! 1

Server Software for Linux OpenSSH Free ssh for unix based systems Red Hat Packages: openssh-4.3p2-82.el5 - Core SSH components used by both client and server openssh-askpass-4.3p2-82.el5 - Passphrase dialog for X11 openssh-clients-4.3p2-82.el5 - SSH Client components (ssh, scp, sftp, etc...) openssh-server-4.3p2-82.el5 - SSH Server components (sshd) /etc/ssh/sshd_config: UsePAM yes Subsystem sftp /usr/libexec/openssh/sftp-server AllowGroups sys adm ftpusers staff Server Software for Windows freesshd See www.freesshd.com to download installation package Edit C:\Program Files\freeSSHd\FreeSSHDService.ini: [SSH server] SSHPublickeyPath=C:\Program Files\freeSSHd\Authorized_Keys [Users] UserCount=2 [User0] Name=datatel Auth=2 Password=000000000000000000000000000000000000000000 Domain= Shell=1 SFTP=1 Tunnel=0 [User1] Name=dprez Auth=0 Password=000000000000000000000000000000000000000000 Domain=AD Shell=0 SFTP=1 Tunnel=0 Clients for Linux Included in OpenSSH: ssh Secure Shell client telnet replacement remote command execution scp Secure Copy Copy files between systems sftp Secure FTP client /etc/ssh/ssh_config changes: Host * ConnectTimeout 120 StrictHostKeyChecking no 2

rsync! Not part of OpenSSH Does not require ssh, but will use it Synchronize entire directory trees between multiple servers Delta-transfer algorithm dramatically reduces the data sent over the network Not just a client... Clients for Windows http://www.chiark.greenend.org.uk/~sgtatham/putty/ PuTTY Terminal emulation Saved profiles Command line options for shortcuts PuTTYgen Utility to create key pairs Plink Remote command execution (CGI) PSCP and PSFTP Command mode file transfer http://winscp.net Clients for Windows WinSCP Graphical file transfer utility Live editing of remote files! 3

Public / Private Key Pairs Generated automatically if needed Password needed for authentication Some clients will allow saving passwords (not secure!) May be created and exchanged ahead of time No password needed Public key Not secret (May be e-mailed or published) Private Key Keep it secret Keep it safe! Generating Keys on unix ssh-keygen (OpenSSH) command: ssh-keygen -C datatel@datatel.ashland.edu Defaults: 2048 bit RSA type keys ~/.ssh/id_rsa (private key) ~/.ssh/id_rsa.pub (public key) I don t use passphrase normally Comment just for your identification.ssh directory is private don t change Generating Keys on Windows PuTTYgen Click Generate Move mouse Save private key Copy public key and paste in authorized_keys file Load private key file to see public key 4

Where to put Public Keys On the system you will connect to Unix: ~/.ssh/authorized_keys Windows: C:\Program Files\freeSSHd\Authorized_Keys\username Each key is one (long) line of text: ssh rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuMqLt5t+lF1W3oz7WtSBQX8zaBFHrD0vG 4B4yyHBC9gLid44Mr3CFwiDAK8YZTtLzqWHHZdjMv90kZ3AKC8O6m+VQbS42Q6jCPN18 khpkplt+cj1rhwyy1iwbenhtanixuw3amw6fgpjyjgcipjjibzauk1s5ihul5agg+ajv MHa6wsePKJn3jkl3py1kPLz67DitboXvErCVtxBEwFeGzYFTP23MXE6Uwj7I5m0OH5m9 o9tetfuef9ovwfmr/qsksahogq3gjo9mvuumpdtlzzkjvhtdsq3xelwalj/onflnehzp ej0tk0jevj3ms3c2xl9bmlup5as72sw7jk4rw== datatel@datatel.ashland.edu Paste key using any text editor Unix Automatic! Using the Private Key PuTTY Command line (-i path) Saved Session Connection>SSH>Auth Using the Private Key WinSCP Command Line (/privatekey path) Advanced Site Settings SSH>Authentication 5

Logging in as root! No need to give out root password Each user generates their own key pair If they leave just remove their public key (don t need to change the password!) Treat other servers as additional users Importing Bookstore Charges (GLIM) RemoteHost="TAO700673@taonlinesys.mbsbooks.com" RemotePath="FromMBS" ImportPath="/datatel/coll18/production/apphome/DATA/DATA_G/GL.INTERFACES" DropPath="/home/mbsftp" DropFile="bks*.TXT" Get files from the remote server /usr/bin/scp $RemoteHost:$RemotePath/$DropFile "$DropPath/" >> $logfile 2>&1 Now that we have them local, delete them from the remote server for filepath in $DropPath/$DropFile ; do filename=$(basename $filepath) RemoteCommand="rm -f $RemotePath/$filename" ssh $RemoteHost "$RemoteCommand" >> $logfile 2>&1 done Restarting Tomcat (WebAdvisor)!/bin/bash if [[ $( /bin/hostname ) = "datatel.ashland.edu" ]] ; then /usr/bin/ssh root@webadvisor.ashland.edu service tomcat restart fi Part of Colleague system boot process Run as root so no need to default key pair is used No password in script 6

Locking UI Users start UI with: https://ui.ashland.edu Normal web.config file redirects to: https://ui.ashland.edu:8183/colleague/launch.htm Script gets a copy of web.config file using sftp Script creates a new web.config that redirects to: http://ui.ashland.edu/oos.htm Script transfers new web.config to the web server using sftp Users who know the real URL can still use UI Unlock just does the reverse Locking WebAdvisor Similar to locking UI No files are transferred between systems Script uses ssh to copy files on the web server Users who know the whole URL can still run Doesn t lock portal access to WebAdvisor Works in combination with stopping listener Better message File Transfers in UniData X.SFTP.SEND UniBasic program any user can run Builds a temporary script for input to sftp Copies datatel private key and sets permissions Runs sftp with b option to process the temporary script and use private key copy Deletes copy of private key X.SFTP.SEND _HOLD_ XEI_Datatel_Membership_S.csv Ashland_XEI fts.angellearning.com 7

File Transfers in Envision Basic (Studio) S.EXECUTE.SFTP (Ellucian provided) SFTP.GET.FILE: * Get path to _HOLD_ X.HOLD.PATH = "_HOLD_" X.PATH.ERROR = "" X.PATH.MSG = "" CALL S.GET.ABS.PATH(X.HOLD.PATH, X.PATH.ERROR, X.PATH.MSG) * * Call SFTP to transfer the file X.SCH.IMPORTS.FILE.NAME = "export.csv X.SFTP.ERROR = "" XL.SFTP.RESULT = "" X.SFTP.CONFIG = "SCHI" X.SFTP.ACTION = "get" CALL S.EXECUTE.SFTP(X.SFTP.ERROR, XL.SFTP.RESULT, X.SFTP.CONFIG, X.SFTP.ACTION, X.SCH.IMPORTS.FILE.NAME, X.HOLD.PATH) RETURN Envision SFTP Configuration SFTP screen: Conclusion Easy connection to multiple servers Automation of system management tasks Fewer passwords Questions? Don Prezioso dprez@ashland.edu 419-289-5077 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information