Pro OpenSSH. Michael Stahnke. Apress* =# # w^ l&l ## frsft. *,«.,*



Similar documents
SSH Client Alternatives

SSH The Secure Shell

Secure File Transfer Installation. Sender Recipient Attached FIles Pages Date. Development Internal/External None 11 6/23/08

Secure Shell. The Protocol

OpenSSH: Secure Shell

Contents. Part 1 SSH Basics 1. Acknowledgments About the Author Introduction

SSH! Keep it secret. Keep it safe

SSH, SCP, SFTP, Denyhosts. Süha TUNA Res. Assist.

SSSD and OpenSSH Integration

Remote Access Options to University Resources. Samuel Petreski IT Security Office

File Transfers. Contents

WinSCP PuTTY as an alternative to F-Secure July 11, 2006

Connectivity using ssh, rsync & vsftpd

Secure access to the DESY network using SSH

File transfer clients manual File Delivery Services

TELE 301 Network Management. Lecture 16: Remote Terminal Services

TS-800. Configuring SSH Client Software in UNIX and Windows Environments for Use with the SFTP Access Method in SAS 9.2, SAS 9.3, and SAS 9.

Securing Windows Remote Desktop with CopSSH

Secure Remote Access with OpenSSH and rssh

IBM eserver iseries ITSO Technical Forum 2005

Configuring for SFTP March 2013

SSH and FTP on Ubuntu WNYLUG Neal Chapman 09/09/2009

10/23/12. Fundamentals of Linux Platform Security. Linux Platform Security. Roadmap. Security Training Course. Module 9 Application Security

Using SFTP on the z/os Platform

Redpaper. Securing Communications with OpenSSH on IBM i5/os. Front cover. ibm.com/redbooks. Learn how to install, configure, and use SSH with i5/os

File Transfer Examples. Running commands on other computers and transferring files between computers

SERVER HARDENING. Presented by: Daniel Waymel and Corrin Thompson at TexSAW 2014 at the University of Texas at Dallas

Securing Windows Remote Desktop with CopSSH

Overview. Remote access and file transfer. SSH clients by platform. Logging in remotely

Know your tools SSH. Dariusz Puchalak Dariusz_Puchalak < at > ProbosIT.pl

A SHORT INTRODUCTION TO BITNAMI WITH CLOUD & HEAT. Version

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

Access Instructions for United Stationers ECDB (ecommerce Database) 2.0

Using sftp in Informatica PowerCenter

Install and configure SSH server

If you prefer to use your own SSH client, configure NG Admin with the path to the executable:

noway.toonux.com 09 January 2014

Security Configuration Guide P/N Rev A05

Configuring SSH and Telnet

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

ICE Futures Europe. AFTS Technical Guide for Large Position Reporting V1.0

HPCC - Hrothgar Getting Started User Guide

Pragma FortressSSH 5.0

Defeating Firewalls : Sneaking Into Office Computers From Home

MKS Toolkit. Connectivity Solutions Guide. MKS Inc.

Configure Backup Server for Cisco Unified Communications Manager

finger, ftp, host, hostname, mesg, rcp, rlogin, rsh, scp, sftp, slogin, ssh, talk, telnet, users, w, walla, who, write,...

Introduction à OpenSSH

Using WinSCP to Transfer Data with Florida SHOTS

Royal Mail Business Integration Gateway Specification

Auditing and Hardening Unix Systems Using CIS benchmarks on SUSE Linux

Methods available to GHP for out of band PUBLIC key distribution and verification.

RETRIEVING NMR DATA JB Stothers NMR Facility Materials Science Addition 0216 Department of Chemistry Western University

File Transfer. User Guide For Clients and Vendors. Last Revised: October

Connecting to the School of Computing Servers and Transferring Files

CASHNet Secure File Transfer Instructions

Adobe Marketing Cloud Using FTP and sftp with the Adobe Marketing Cloud

How to install and set up the WinSCP software for Secure File Transfer

Installation. Wayne Nucleus Point-of-Sale (POS) System Secure FTP Back-Office Interface Version 1.02 R1. P/N 000-W Rev 05

CA ehealth. Remote Poller Guide. r6.1

Encrypted File Transfer - Customer Testing

Introductory Note 711 & 811. Remote Access to Computer Science Linux Files Using Secure Shell Protocols

AnzioWin FTP Dialog. AnzioWin version 15.0 and later

Cisco ASA. Administrators

Guide to the Configuration and Use of SFTP Clients for Uploading Digital Treatment Planning Data to ITC

Apple Pro Training Series. OS X Server. Essentials. Arek Dreyer. and Ben Greisler

Testing New Applications In The DMZ Using VMware ESX. Ivan Dell Era Software Engineer IBM

SSH Secure Shell. Administrator s Guide

F-Secure SSH. for Windows. User s Guide

Configuring and Tuning SSH/SFTP on z/os

Guide to the Configuration and Use of SFTP Clients for Uploading Digital Treatment Planning Data to IROC RI

HP-UX Secure Shell A , A , and A Release Notes. HP-UX 11i V1, HP-UX 11i V2, and HP-UX 11i V3

SCP - Strategic Infrastructure Security

How to Bypass Your Corporate Firewall Using SSH Tunneling

Network Management Card Security Implementation

Introduction Connecting Via FTP Where do I upload my website? What to call your home page? Troubleshooting FTP...

Linux VPS with cpanel. Getting Started Guide

Aspera Proxy Red Hat, Debian ADMIN GUIDE

Understanding the Pros and Cons of Combination Networks 7. Acknowledgments Introduction. Establishing the Numbers of Clients and Servers 4

Automated Offsite Backup with rdiff-backup

1 Scope of Assessment

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

RELEASE NOTES. Release Notes. Introduction. Platform. Product/version/build: Remote Control ( ) ActiveX Guest 11.

HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD Course Outline CIS INTRODUCTION TO UNIX

Online Banking for Business Secure FTP with SSH (Secure Shell) USER GUIDE

There s a variety of software that can be used, but the approach described here uses freely available Cygwin software: (1) Cygwin/X (2) Cygwin/openssh

Secure File Transfer with SSH

Running a Default Vulnerability Scan

Overview SSL/TLS HTTPS SSH. TLS Protocol Architecture TLS Handshake Protocol TLS Record Protocol. SSH Protocol Architecture SSH Transport Protocol

Remote Management. Vyatta System. REFERENCE GUIDE SSH Telnet Web GUI Access SNMP VYATTA, INC.

ICE Futures Europe. MFT Technical Guide for Position Reporting V1.2

Transcription:

Pro OpenSSH =# # w^ l&l ## frsft. *,«.,* Michael Stahnke Apress*

GöorJnpal alüäs! ^ * k <i.'.. * J8 _T ^ Ä tf :!.^ Aboirt the Author About the Technical Reviewer Acknowledgments Introduction xiii xv xvü xix PART 1 ^CHAPTER 1 Quick and Secure Legacy Protocols: Why Replace Telnet, FTP, rsh, rcp, and rlogin with SSH? 3 CHAPTER 2 A Quick SSH Implementation 17 PART 2 J Configuring OpenSSH fchapter 3 The File Structure of OpenSSH 37 ^CHAPTER 4 The OpenSSH Server 47 CHAPTER 5 The OpenSSH Client 69 SHAPTER 6 Authentication 113 PART 3» - - Advanced Topics * CHAPTER 7 TCP Forwarding 147 :CHAPTER 8 Managing Your OpenSSH Environment 165 PART 4 * Administration with OpenSSH rchapter 9 Scripting with OpenSSH 201 'CHAPTER 10 SSH TectiaServer 227 fappendix A SSH Client Alternatives 241 :APPENDIX B OpenSSH on Windows 263 -INDEX 273 in

About the Author About the Technical Reviewer Acknowledgments Introduction xiii xv xvn xix PART 1 :r«quick and Secure CHAPTER 1 Legacy Protocols: Why Replace Telnet, FTP, rsh, rcp, and rlogin with SSH? 3 Foundations of Information Security 3 Analysis of Legacy Protocols 4 Common Strengths in Legacy Protocols 4 What Makes These Protocols Legacy? 5 Learn to Replace Legacy Protocols 9 improving Security with OpenSSH 9 Establishing Security Basics 10 OpenSSH Replacing Legacy Protocols 14 Summary 15 CHAPTER 2 A Quick SSH Implementation 17 A Brief Introduction to SSH 17 What Is SSH Doing? 19 Basics of SSH 20 Installing SSH 20 Choices in SSH 21 Connecting via OpenSSH 22 Installing OpenSSH 22 Downloading OpenSSH 22 Installing OpenSSH 24

vi»contents Turning Off Telnet 30 What About FP? 30 scp 31 Client Tools for Windows 32 Summary 34 PART 2 **s Configuring OpenSSH»tCHAPTER 3 The File Structure of OpenSSH 37 Server Configuration Files 37 ssh_host_key 38 ssh_host_key.pub 38 ssh_randoitlseecl 38 sshd 39 sshd_config 39 banner 39 sshd.pid 40 nologin 40 ssh_known_hosts 40 hosts.equiv 40 shosts.equiv 41 ssh-rand-helper* 41 ssh-keyscan* 41 ssh-keygen* 41 sftp-server* 41 Server Summary 42 Client Configuration Files 42 ssh_config 42.rhosts 42.shosts 43.Xauthority 43 identity, id_dsa, id_rsa 43 config 44 known hosts 44 authorized_keys 44 environment 44 rc 44 agent.<ppid> 44 ssh-keysign* 45

.CONTENTS vii ssh-add* 45 SSh* 45 ssh-agent* 45 scp*, sftp* 45 Client Summary 46 Conclusion 46 richapter 4 The OpenSSH Server 47 OpenSSH Server Testing 47 Checking the Syntax of sshd_config 47 Changing the Default Configuration File and Port 48 Running the OpenSSH Server in Debug Mode 48 Reloading Configuration Files 49 Managing the OpenSSH Server 49 OpenSSH sshd config 51 AcceptEnv 51 AliowGroups 51 AllowTCPForwarding 52 AllowUsers 52 AuthorizedKeysFile 52 Banner 52 ChallengeResponseAuthentication 53 Ciphers 53 ClientAliveCountMax 53 CiientAtivelnterval 54 Compression 54 DenyGroups 54 DenyUsers 54 GatewayPorts 54 GSSAPIAuthentication 55 GSSAPICIeanupCredentials 55 HostbasedAuthentication 55 HostKey 55 IgnoreRhosts 56 IgnoreUserKnownHosts 56 KerberosAuthentication 56 KerberosGetAFSToken 56 KerberosOrLocaiPasswd 56 KerberosTicketCleanup 56 KeyRegenerationlnterval 57

vtii ««ONTENTS ListenAddress 57 LoginGraceTime 57 LogLevel 57 MACs 57 MaxAuthTries 58 MaxStartups 58 PasswordAuthentication 58 PermitEmptyPasswords 58 PermitRootLogin 58 PermitUserEnvironment 59 PidFile 59 Port 59 PrintlastLog 60 PrintMotd 60 Protocol 60 PubkeyAuthentication 60 RhostsRSAAuthentication 61 RSAAuthentication 61 ServerKeyBits 61 StrictModes 61 Subsystem 61 SyslogFacility 62 TCPKeepAlive 62 UseDNS 62 UseLogin 62 UsePAM 63 UsePrivilegeSeparation 63 XHDisplayOffset 63 X11 Forwarding 63 X11 UseLocalhost 64 XAuthLocation 64 Building the sshd config File 64 Ensure Security of sshd_config 67 Summary 67 ICHAPTER 5 The OpenSSH Client 69 OpenSSH Client Order of Precedence 69 The Client Commands 70 ssh 70 scp 80 sftp 84

»CONTENTS ix ssh_config 92 Debugging OpenSSH ssh_config 92 ssh_config keywords 92 ssh_config documented 105 Summary 112 rchapter 6 Authentication 113 Public Key Authentication 113 What Is Public Key Authentication? 114 How Secure Is Public Key Authentication? 114 Public Key Authentication vs. Password Authentication 115 Ensuring Public Key Authentication IsAvailable on the Server... 116 Ensuring the Client Allows Public Key Authentication 116 Setting Up Public Key Authentication 116 A Look at the Keys 120 SSH Agents 132 What Is an ssh-agent? 132 Agent Forwarding 138 Summary of Public Key Authentication 140 Types of Authentication Inside of OpenSSH 142 A Quick Reference to Authentication 143 Reference: Setting Up User Public Key Authentication 143 Reference: Using SSH Agents 143 Reference: Host-based Authentication 143 Summary 144 PART 3 * Advanced Topics ÜCHAPTER 7 TCP Forwarding 147 Introduction to Forwarding 147 How Does Forwarding Work? 148 TCP Connection Forwarding 150 Setting Up the Tunnel 151 Tunnel Setup via ssh Client Escape Sequence 152 VNC 152 Tunneling Through Firewalls 153 Pass-through Forwarding 154 Remote Forwarding, 155

x ^CONTENTS Creating Forwarded Connection via $HOME/.ssh/config 156 Using SSH As atransport 157 Dynamic Forwarding 157 X11 Forwarding 159 A Primer in the X11 Windowing System 160 Making OpenSSH Work with X11 161 X Authentication 163 Notes on X11 163 Summary 164 CHAPTER 8 Managing Your OpenSSH Environment 165 Planning Your Environment 165 Establishing Security Guidelines 166 OpenSSH Secure Gateway 170 Introducing the Gateway Server 171 Setting Up the Gateway 172 Security Concerns 174 Managing the Gateway 176 Do You Need a Gateway? 179 Securing OpenSSH 180 Setting Up Authentication Methods That Make Sense 180 Securing the Root Account 181 Patching OpenSSH 184 SSH Management 185 Creating Master Configuration Files 185 Checking Host Keys 187 Monitoring SSH 187 Key Management 187 Introduction to Key Management 187 Key Distribution 192 SSHFP: Storing Public Host Keys in DNS 196 Summary 198

ICONTENTS xi PART 4 «Administration with OpenSSH!CHAPTER 9 Scripting with OpenSSH 201 Prerequisites 201 Automation 201 Input 201 Output 202 Shell Scripts 202 Why Shell Scripts 202 Redirection and Pipes 205 Migrating Legacy Scripts 210 Real-World Exampies 210 Administrative Example 211 Security Exampies 212 UsingPer! 215 When is Perl a Good Idea? 216 The Net::SSH Module 216 Exampies of Scripts in Perl 219 Web Scripting 221 Introduction to Web Front Ends for SSH 221 Setting Up an Account to Use a Web Front End 221 Using Web Front Ends 222 Summary 225 CHAPTER 10 SSH Tectia Server 227 The Pros and Cons of SSH Tectia Server 227 Advantages Over OpenSSH 227 SSH Tectia Server Disadvantages 229 Recommendations 230 installing SSH Tectia Server 230 Differences Between OpenSSH and SSH Tectia Server 231 Public Key Authentication with SSH Tectia Server 232 Configuration of SSH Tectia Server 233 Configuration Differences 234 Patching SSH Tectia Server 234 Working in a Mixed Environment 235 SCP/SFTP 235 SSH Keys 236 Summary 240

xii»contents tappendix A SSH Client Alternatives 241 PuTTY Family 241 PuTTY 241 plink 246 PuTTYgen 247 Pageant 248 PSCP 249 PSFTP 250 PuTTY Summary 250 WinSCP 250 FISH 253 FileZilla 254 SSH Tectia Client 257 Summary 261 iftppendlx B OpenSSH on Windows 263 OpenSSH via Cygwin 263 introduction to Cygwin 263 Downloading and Installing Cygwin 263 Configuring sshd as a Service 266 Testing the Connectton 268 Cygwin and Users 270 Upgrading OpenSSH Cygwin Packages 270 Configuration 270 Cygwin as an X Server on Windows 271 flndex 273

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information